CVSS: 8.2EPSS: 0%CPEs: 71EXPL: 2CVE-2018-25032 – zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
https://notcve.org/view.php?id=CVE-2018-25032
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. zlib versiones anteriores a 1.2.12 permite la corrupción de memoria al desinflar (es decir, al comprimir) si la entrada tiene muchas coincidencias distantes An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many distant matches. For some rare inputs with a large number of distant matches (crafted payloads), the buffer into which the compressed or deflated data is written can overwrite the distance symbol table which it overlays. This issue results in corrupted output due to invalid distances, which leads to out-of-bound access, corrupting the memory and potentially crashing the application. • http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/38 http://www.openwall.com/lists/oss-security/2022/03/25/2 http://www.openwall.com/lists/oss-security/2022/03/26/1 https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 https://github.com/madler/zlib/compare/v1.2.11...v1.2.12 https://github.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22669
https://notcve.org/view.php?id=CVE-2022-22669
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de uso de memoria previamente liberada con una administración de memoria mejorada. Este problema es corregido en macOS Monterey versión 12.3. • https://support.apple.com/en-us/HT213183 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 17EXPL: 0CVE-2022-22665
https://notcve.org/view.php?id=CVE-2022-22665
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges. Se abordó un problema de lógica con una comprobación mejorada. Este problema es corregido en macOS Monterey versión 12.3. • http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/35 https://support.apple.com/en-us/HT213183 https://support.apple.com/kb/HT213184 https://support.apple.com/kb/HT213185 https://support.apple.com/kb/HT213255 https://support.apple.com/kb/HT213256 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22651
https://notcve.org/view.php?id=CVE-2022-22651
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en macOS Monterey versión 12.3. • https://support.apple.com/en-us/HT213183 https://support.apple.com/kb/HT213184 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22660
https://notcve.org/view.php?id=CVE-2022-22660
This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI. Este problema se abordó con una nueva habilitación. Este problema es corregido en macOS Monterey versión 12.3. • https://support.apple.com/en-us/HT213183 •