CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 2CVE-2022-26766 – Apple Security Advisory 2022-05-16-4
https://notcve.org/view.php?id=CVE-2022-26766
17 May 2022 — A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation. Se abordó un problema de análisis de certificados con comprobaciones mejoradas. Este problema es corregido en tvOS versión 15.5, iOS versión 15.5 y iPadOS versión 15.5, Security Update 2022-004 Catalina, watchOS versión 8.6, macOS Big Su... • https://packetstorm.news/files/id/168664 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2022-22597 – Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-22597
15 Mar 2022 — A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution. Se abordó un problema de corrupción de memoria con una comprobación mejorada. Este problema es corregido en macOS Big Sur versión 11.6.5, macOS Monterey versión 12.3 y Security Update 2022-003 Catalina. • https://support.apple.com/en-us/HT213183 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2022-22579 – Apple macOS ModelIO STL File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-22579
31 Jan 2022 — An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution. Se abordó un problema de divulgación de información con una administración de estados mejorada. Este problema es corregido en iOS versión 15.3 y iPadOS versión 15.3, tvOS versión... • https://support.apple.com/en-us/HT213053 •
CVSS: 9.3EPSS: 0%CPEs: 21EXPL: 0CVE-2022-22593 – Apple Security Advisory 2022-01-26-3
https://notcve.org/view.php?id=CVE-2022-22593
31 Jan 2022 — A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de desbordamiento del búfer con un manejo de memoria mejorado. Este problema es corregido en iOS versión 15.3 y iPadOS versión 15.3, watchOS versión 8.4, tvOS versión 15.3, Security Up... • https://support.apple.com/en-us/HT213053 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0261 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0261
18 Jan 2022 — Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Un Desbordamiento de Búfer en la región Heap de la memoria en el repositorio GitHub vim/vim versiones anteriores a 8.2 A heap based out-of-bounds write flaw was found in vim's ops.c. This flaw allows an attacker to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution. Red Hat Advanced Cluster Management for Kubernetes 2.4.3 ima... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2020-3886
https://notcve.org/view.php?id=CVE-2020-3886
23 Dec 2021 — A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de uso de memoria previamente liberada con una administración de memoria mejorada. Este problema se ha corregido en macOS Catalina versión 10.15.4, Actualización de seguridad 2020-002 Mojave, Actualización de segurid... • https://support.apple.com/en-us/HT211100 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2020-3896
https://notcve.org/view.php?id=CVE-2020-3896
23 Dec 2021 — This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to overwrite arbitrary files. Este problema se abordó al eliminar el código vulnerable. Este problema se ha corregido en macOS Catalina versión 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. • https://support.apple.com/en-us/HT211100 •
CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0CVE-2019-8702
https://notcve.org/view.php?id=CVE-2019-8702
23 Dec 2021 — This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier. Este problema se abordó con una nueva asignación de derechos. Este problema es corregido en macOS Mojave versión 10.14.6, actualización de seguridad 2019-004 High Sierra, actualización de seguridad 2019-004 Sierra, iOS versión 12.4, tvOS versión 12.4. • https://support.apple.com/en-us/HT210346 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-8703
https://notcve.org/view.php?id=CVE-2019-8703
23 Dec 2021 — This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges. Este problema se abordó con los derechos mejorados. Este problema es corregido en watchOS versión 6, tvOS versión 13, macOS Catalina versión 10.15, iOS versión 13. • https://support.apple.com/en-us/HT210604 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-4302
https://notcve.org/view.php?id=CVE-2018-4302
23 Dec 2021 — A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution. Se abordó una desreferencia de puntero null con una comprobación mejorada. Este problema es corregido en macOS High Sierra versión 10.13, iCloud para Windows versión 7.0, watchOS versión 4, iOS versión 11, iTunes ve... • https://support.apple.com/en-us/HT208112 • CWE-476: NULL Pointer Dereference •