CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 1CVE-2022-40303 – libxml2: integer overflows with XML_PARSE_HUGE
https://notcve.org/view.php?id=CVE-2022-40303
01 Nov 2022 — An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. Se descubrió un problema en libxml2 antes de la versión 2.10.3. Al analizar un documento XML de varios gigabytes con la opción de analizador XML_PARSE_HUGE habilitada, varios contadores de enteros pueden desbordarse. • https://packetstorm.news/files/id/169825 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 1CVE-2022-40304 – libxml2: dict corruption caused by entity reference cycles
https://notcve.org/view.php?id=CVE-2022-40304
01 Nov 2022 — An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. Se descubrió un problema en libxml2 antes de la versión 2.10.3. Ciertas definiciones de entidades XML no válidas pueden dañar la clave de una tabla hash, lo que podría provocar errores lógicos posteriores. • https://packetstorm.news/files/id/169824 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32918 – Apple Security Advisory 2022-10-24-2
https://notcve.org/view.php?id=CVE-2022-32918
31 Oct 2022 — This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to bypass Privacy preferences. Este problema se solucionó mejorando la protección de datos. Este problema se solucionó en iOS 16 y macOS Ventura 13. • https://support.apple.com/en-us/HT213446 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26730 – Apple Security Advisory 2022-10-24-2
https://notcve.org/view.php?id=CVE-2022-26730
31 Oct 2022 — A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution. Existía un problema de corrupción de memoria en el procesamiento de perfiles ICC. • https://support.apple.com/en-us/HT213488 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-42827 – Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-42827
31 Oct 2022 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. Se solucionó un problema de escritura fuera de los límites mejorando la verificación de los límites. • https://support.apple.com/en-us/HT213489 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42788 – Apple Security Advisory 2022-10-24-2
https://notcve.org/view.php?id=CVE-2022-42788
31 Oct 2022 — A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location information. Existía un problema de permisos. • https://support.apple.com/en-us/HT213488 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42789 – Apple Security Advisory 2022-10-27-9
https://notcve.org/view.php?id=CVE-2022-42789
31 Oct 2022 — An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data. Se solucionó un problema en la validación de la firma del código con comprobaciones mejoradas. Este problema se solucionó en macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. • https://support.apple.com/en-us/HT213443 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-42790 – Apple Security Advisory 2022-10-27-9
https://notcve.org/view.php?id=CVE-2022-42790
31 Oct 2022 — A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. A user may be able to view restricted content from the lock screen. Se abordó un problema lógico con una mejor gestión del estado. Este problema se solucionó en macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 y iPadOS 15.7, macOS Monterey 12.6. • https://support.apple.com/en-us/HT213443 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42791 – Apple Security Advisory 2022-10-24-2
https://notcve.org/view.php?id=CVE-2022-42791
31 Oct 2022 — A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. Se solucionó una condición de ejecución con un mejor manejo del estado. Este problema se solucionó en macOS Ventura 13. • https://support.apple.com/en-us/HT213488 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-42798 – Apple macOS AudioToolbox CAF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-42798
31 Oct 2022 — The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. Parsing a maliciously crafted audio file may lead to disclosure of user information. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en tvOS 16.1, iOS 15.7.1 y iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 y iPadOS 16, macOS Monterey 12.6.1, mac... • https://support.apple.com/en-us/HT213488 •