CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-46698 – webkitgtk: logic issue leading to user information disclosure
https://notcve.org/view.php?id=CVE-2022-46698
15 Dec 2022 — A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information. Se solucionó un problema de lógica con controles mejorados. Este problema se solucionó en Safari 16.2, tvOS 16.2, iCloud para Windows 14.1, macOS Ventura 13.1, iOS 16.2 y iPadOS 16.2, watchOS 9.2. • http://seclists.org/fulldisclosure/2022/Dec/20 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2022-40303 – libxml2: integer overflows with XML_PARSE_HUGE
https://notcve.org/view.php?id=CVE-2022-40303
01 Nov 2022 — An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. Se descubrió un problema en libxml2 antes de la versión 2.10.3. Al analizar un documento XML de varios gigabytes con la opción de analizador XML_PARSE_HUGE habilitada, varios contadores de enteros pueden desbordarse. • http://seclists.org/fulldisclosure/2022/Dec/21 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2022-40304 – libxml2: dict corruption caused by entity reference cycles
https://notcve.org/view.php?id=CVE-2022-40304
01 Nov 2022 — An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. Se descubrió un problema en libxml2 antes de la versión 2.10.3. Ciertas definiciones de entidades XML no válidas pueden dañar la clave de una tabla hash, lo que podría provocar errores lógicos posteriores. • http://seclists.org/fulldisclosure/2022/Dec/21 • CWE-415: Double Free •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-42795
https://notcve.org/view.php?id=CVE-2022-42795
01 Nov 2022 — A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 16, iOS 16, macOS Ventura 13, watchOS 9. Processing a maliciously crafted image may lead to arbitrary code execution. Se solucionó un problema de consumo de memoria mejorando el manejo de la memoria. Este problema se solucionó en tvOS 16, iOS 16, macOS Ventura 13, watchOS 9. • https://support.apple.com/en-us/HT213446 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32889
https://notcve.org/view.php?id=CVE-2022-32889
01 Nov 2022 — The issue was addressed with improved memory handling. This issue is fixed in iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en iOS 16, watchOS 9. • https://support.apple.com/en-us/HT213446 •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32913
https://notcve.org/view.php?id=CVE-2022-32913
01 Nov 2022 — The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. A sandboxed app may be able to determine which app is currently using the camera. El problema se solucionó con restricciones adicionales sobre la observabilidad de los estados de las aplicaciones. Este problema se solucionó en macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16.... • https://support.apple.com/en-us/HT213443 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32914
https://notcve.org/view.php?id=CVE-2022-32914
01 Nov 2022 — A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. Se solucionó un problema de use-after-free con una gestión de memoria mejorada. Este problema se solucionó en macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. • https://support.apple.com/en-us/HT213443 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32925
https://notcve.org/view.php?id=CVE-2022-32925
01 Nov 2022 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to cause unexpected system termination or write kernel memory. Se solucionó un problema de escritura fuera de los límites mejorando la verificación de los límites. Este problema se solucionó en tvOS 16, iOS 16, watchOS 9. • https://support.apple.com/en-us/HT213446 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32928
https://notcve.org/view.php?id=CVE-2022-32928
01 Nov 2022 — A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user in a privileged network position may be able to intercept mail credentials. Se abordó un problema de lógica con restricciones mejoradas. Este problema se solucionó en iOS 16, macOS Ventura 13, watchOS 9. • https://support.apple.com/en-us/HT213446 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-42827 – Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-42827
01 Nov 2022 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. Se solucionó un problema de escritura fuera de los límites mejorando la verificación de los límites. • https://support.apple.com/en-us/HT213489 • CWE-787: Out-of-bounds Write •