CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42866 – Apple Security Advisory 2022-12-13-8
https://notcve.org/view.php?id=CVE-2022-42866
15 Dec 2022 — The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to read sensitive location information. El problema se solucionó mejorando el manejo de los cachés. Este problema se solucionó en iOS 16.2 y iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. • http://seclists.org/fulldisclosure/2022/Dec/20 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-42867 – webkitgtk: use-after-free issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-42867
15 Dec 2022 — A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. Se solucionó un problema de use after free con una gestión de memoria mejorada. Este problema se solucionó en Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 y iPadOS 16.2, watchOS 9.2. • http://seclists.org/fulldisclosure/2022/Dec/20 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-46698 – webkitgtk: logic issue leading to user information disclosure
https://notcve.org/view.php?id=CVE-2022-46698
15 Dec 2022 — A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information. Se solucionó un problema de lógica con controles mejorados. Este problema se solucionó en Safari 16.2, tvOS 16.2, iCloud para Windows 14.1, macOS Ventura 13.1, iOS 16.2 y iPadOS 16.2, watchOS 9.2. • http://seclists.org/fulldisclosure/2022/Dec/20 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-46690 – Apple Security Advisory 2022-12-13-8
https://notcve.org/view.php?id=CVE-2022-46690
15 Dec 2022 — An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges. Se solucionó un problema de escritura fuera de los límites con una validación de entrada mejorada. Este problema se solucionó en iOS 16.2 y iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. • http://seclists.org/fulldisclosure/2022/Dec/20 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 1CVE-2022-40303 – libxml2: integer overflows with XML_PARSE_HUGE
https://notcve.org/view.php?id=CVE-2022-40303
01 Nov 2022 — An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. Se descubrió un problema en libxml2 antes de la versión 2.10.3. Al analizar un documento XML de varios gigabytes con la opción de analizador XML_PARSE_HUGE habilitada, varios contadores de enteros pueden desbordarse. • https://packetstorm.news/files/id/169825 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 1CVE-2022-40304 – libxml2: dict corruption caused by entity reference cycles
https://notcve.org/view.php?id=CVE-2022-40304
01 Nov 2022 — An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. Se descubrió un problema en libxml2 antes de la versión 2.10.3. Ciertas definiciones de entidades XML no válidas pueden dañar la clave de una tabla hash, lo que podría provocar errores lógicos posteriores. • https://packetstorm.news/files/id/169824 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32881 – Apple Security Advisory 2022-10-27-9
https://notcve.org/view.php?id=CVE-2022-32881
31 Oct 2022 — A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to modify protected parts of the file system. Se abordó un problema lógico con restricciones mejoradas. Este problema se solucionó en macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. • https://support.apple.com/en-us/HT213443 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-42825 – Apple Security Advisory 2022-10-27-8
https://notcve.org/view.php?id=CVE-2022-42825
31 Oct 2022 — This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system. Este problema se solucionó eliminando derechos adicionales. Este problema se solucionó en tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 y iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. • https://support.apple.com/en-us/HT213488 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42811 – Apple Security Advisory 2022-10-24-1
https://notcve.org/view.php?id=CVE-2022-42811
31 Oct 2022 — An access issue was addressed with additional sandbox restrictions. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to access user-sensitive data. Se solucionó un problema de acceso con restricciones adicionales de la zona de pruebas. Este problema se solucionó en tvOS 16.1, iOS 16.1 y iPadOS 16, macOS Ventura 13, watchOS 9.1. • https://support.apple.com/en-us/HT213488 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-42827 – Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-42827
31 Oct 2022 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. Se solucionó un problema de escritura fuera de los límites mejorando la verificación de los límites. • https://support.apple.com/en-us/HT213489 • CWE-787: Out-of-bounds Write •