CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 1CVE-2022-40304 – libxml2: dict corruption caused by entity reference cycles
https://notcve.org/view.php?id=CVE-2022-40304
01 Nov 2022 — An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. Se descubrió un problema en libxml2 antes de la versión 2.10.3. Ciertas definiciones de entidades XML no válidas pueden dañar la clave de una tabla hash, lo que podría provocar errores lógicos posteriores. • https://packetstorm.news/files/id/169824 • CWE-415: Double Free •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32835 – Apple Security Advisory 2022-10-27-13
https://notcve.org/view.php?id=CVE-2022-32835
31 Oct 2022 — This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier. Este problema se abordó con derechos mejorados. Este problema se solucionó en iOS 16, watchOS 9. • https://support.apple.com/en-us/HT213446 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-42827 – Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-42827
31 Oct 2022 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. Se solucionó un problema de escritura fuera de los límites mejorando la verificación de los límites. • https://support.apple.com/en-us/HT213489 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-42798 – Apple macOS AudioToolbox CAF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-42798
31 Oct 2022 — The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. Parsing a maliciously crafted audio file may lead to disclosure of user information. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en tvOS 16.1, iOS 15.7.1 y iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 y iPadOS 16, macOS Monterey 12.6.1, mac... • https://support.apple.com/en-us/HT213488 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32858 – Apple Security Advisory 2022-10-24-2
https://notcve.org/view.php?id=CVE-2022-32858
31 Oct 2022 — The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. An app may be able to leak sensitive kernel state. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en iOS 16, macOS Ventura 13, watchOS 9. • https://support.apple.com/en-us/HT213446 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32866 – Apple Security Advisory 2022-10-27-9
https://notcve.org/view.php?id=CVE-2022-32866
31 Oct 2022 — The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Big Sur 11.7, macOS Ventura 13, watchOS 9, macOS Monterey 12.6, tvOS 16. • https://support.apple.com/en-us/HT213443 •
CVSS: 2.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32870 – Apple Security Advisory 2022-10-24-2
https://notcve.org/view.php?id=CVE-2022-32870
31 Oct 2022 — A logic issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user with physical access to a device may be able to use Siri to obtain some call history information. Se abordó una cuestión de lógica con una mejor gestión estatal. Este problema se solucionó en iOS 16, macOS Ventura 13, watchOS 9. • https://support.apple.com/en-us/HT213446 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32875 – Apple Security Advisory 2022-10-27-9
https://notcve.org/view.php?id=CVE-2022-32875
31 Oct 2022 — A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6. An app may be able to read sensitive location information. Se abordó una cuestión de lógica con una mejor gestión estatal. Este problema se solucionó en macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6. • https://support.apple.com/en-us/HT213443 •
CVSS: 2.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32879 – Apple Security Advisory 2022-10-24-2
https://notcve.org/view.php?id=CVE-2022-32879
31 Oct 2022 — A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, tvOS 16. A user with physical access to a device may be able to access contacts from the lock screen. Se abordó una cuestión de lógica con una mejor gestión estatal. Este problema se solucionó en macOS Ventura 13, iOS 16, iOS 15.7 y iPadOS 15.7, watchOS 9, tvOS 16. • https://support.apple.com/en-us/HT213445 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32881 – Apple Security Advisory 2022-10-27-9
https://notcve.org/view.php?id=CVE-2022-32881
31 Oct 2022 — A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to modify protected parts of the file system. Se abordó un problema lógico con restricciones mejoradas. Este problema se solucionó en macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. • https://support.apple.com/en-us/HT213443 •