CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42814 – Apple Security Advisory 2022-10-24-2
https://notcve.org/view.php?id=CVE-2022-42814
31 Oct 2022 — A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. Se solucionó un problema de lógica con controles mejorados. Este problema se solucionó en macOS Ventura 13. • https://support.apple.com/en-us/HT213488 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-42916 – curl: HSTS bypass via IDN
https://notcve.org/view.php?id=CVE-2022-42916
27 Oct 2022 — In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop ... • http://seclists.org/fulldisclosure/2023/Jan/19 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 1CVE-2022-32221 – curl: POST following PUT confusion
https://notcve.org/view.php?id=CVE-2022-32221
27 Oct 2022 — When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is chang... • http://seclists.org/fulldisclosure/2023/Jan/19 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-440: Expected Behavior Violation CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2022-35260 – Gentoo Linux Security Advisory 202212-01
https://notcve.org/view.php?id=CVE-2022-35260
27 Oct 2022 — curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denia... • http://seclists.org/fulldisclosure/2023/Jan/19 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-32790
https://notcve.org/view.php?id=CVE-2022-32790
23 Sep 2022 — This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service. Se abordó este problema con comprobaciones mejoradas. Este problema ha sido corregido en tvOS versión 15.5, watchOS versión 8.6, iOS versión 15.5 y iPadOS versión 15.5, macOS Monterey versión 12.4, macOS Big Sur versión 11.6.6, Security Update 2022-004 Catal... • https://support.apple.com/en-us/HT213253 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-36521
https://notcve.org/view.php?id=CVE-2020-36521
23 Sep 2022 — An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents. Se abordó una lectura fuera de límites con una comprobación de entrada mejorada. Este problema ha sido corregido en iCloud para Windows versión 11.4, iOS versión 14.0 y iPadOS v... • https://support.apple.com/en-us/HT211843 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2022-32785 – Apple Security Advisory 2022-07-20-1
https://notcve.org/view.php?id=CVE-2022-32785
22 Jul 2022 — A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service. Se abordó una desreferencia de puntero null con una comprobación mejorada. Este problema ha sido corregido en iOS versión 15.6 y iPadOS versión 15.6, Security Update 2022-005 Catalina, macOS Big Sur versión 11.6.8, macOS Monterey versión 12.5. • https://support.apple.com/en-us/HT213343 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-32786 – Apple Security Advisory 2022-07-20-4
https://notcve.org/view.php?id=CVE-2022-32786
22 Jul 2022 — An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system. Se abordó un problema en el manejo de variables de entorno con una comprobación mejorada. Este problema ha sido corregido en Security Update 2022-005 Catalina, macOS Big Sur versión 11.6.8 y macOS Monterey versión 12.5. • https://support.apple.com/en-us/HT213343 •
CVSS: 10.0EPSS: 0%CPEs: 21EXPL: 0CVE-2022-32787 – Apple Security Advisory 2022-07-20-6
https://notcve.org/view.php?id=CVE-2022-32787
22 Jul 2022 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de escritura fuera de límites con una comprobación mejorada de los límites. Este problema ha sido corregido en iOS versión 15.6 y iPadOS versión 15.6, macOS Big Sur versión 11.6.8, wat... • https://support.apple.com/en-us/HT213340 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 0CVE-2022-32797 – Apple macOS AppleScript TASUnparser_PrintObject Untrusted Pointer Dereference Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-32797
22 Jul 2022 — This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. Se abordó este problema con unas comprobaciones mejoradas. Este problema ha sido corregido en Security Update 2022-005 Catalina, macOS Big Sur versión 11.6.8 y macOS Monterey versión 12.5. • https://support.apple.com/en-us/HT213343 •