CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32860
https://notcve.org/view.php?id=CVE-2022-32860
15 Dec 2022 — An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, macOS Big Sur 11.6.8. An app may be able to execute arbitrary code with kernel privileges. Se solucionó una escritura fuera de los límites con una validación de entrada mejorada. Este problema se solucionó en iOS 15.6 y iPadOS 15.6, macOS Monterey 12.5, macOS Big Sur 11.6.8. • https://support.apple.com/en-us/HT213344 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32943 – Apple Security Advisory 2022-12-13-1
https://notcve.org/view.php?id=CVE-2022-32943
15 Dec 2022 — The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication. El problema se solucionó con comprobaciones de los límites mejoradas. Este problema se solucionó en iOS 16.2 y iPadOS 16.2, macOS Ventura 13.1. • http://seclists.org/fulldisclosure/2022/Dec/20 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32945
https://notcve.org/view.php?id=CVE-2022-32945
15 Dec 2022 — An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods. Se solucionó un problema de acceso con restricciones adicionales de sandbox en aplicaciones de terceros. Este problema se solucionó en macOS Ventura 13. • https://support.apple.com/en-us/HT213488 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32948
https://notcve.org/view.php?id=CVE-2022-32948
15 Dec 2022 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. Se solucionó una lectura fuera de los límites con una verificación de los límites mejorada. Este problema se solucionó en iOS 15.6 y iPadOS 15.6, macOS Monterey 12.5. • https://support.apple.com/en-us/HT213345 • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 81%CPEs: 9EXPL: 13CVE-2022-46689 – XNU vm_map_copy_overwrite_unaligned Race Condition
https://notcve.org/view.php?id=CVE-2022-46689
15 Dec 2022 — A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges. Se abordó una condición de ejecución con validación adicional. Este problema se solucionó en tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 y iPadOS 15.7.2, iOS 16.2 y iPadOS 1... • https://packetstorm.news/files/id/170542 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 1CVE-2022-3970 – LibTIFF tif_getimage.c TIFFReadRGBATileExt integer overflow
https://notcve.org/view.php?id=CVE-2022-3970
13 Nov 2022 — A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137 • CWE-189: Numeric Errors CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 1CVE-2022-40303 – libxml2: integer overflows with XML_PARSE_HUGE
https://notcve.org/view.php?id=CVE-2022-40303
01 Nov 2022 — An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. Se descubrió un problema en libxml2 antes de la versión 2.10.3. Al analizar un documento XML de varios gigabytes con la opción de analizador XML_PARSE_HUGE habilitada, varios contadores de enteros pueden desbordarse. • https://packetstorm.news/files/id/169825 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 1CVE-2022-40304 – libxml2: dict corruption caused by entity reference cycles
https://notcve.org/view.php?id=CVE-2022-40304
01 Nov 2022 — An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. Se descubrió un problema en libxml2 antes de la versión 2.10.3. Ciertas definiciones de entidades XML no válidas pueden dañar la clave de una tabla hash, lo que podría provocar errores lógicos posteriores. • https://packetstorm.news/files/id/169824 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-42817 – Apple Security Advisory 2022-10-27-1
https://notcve.org/view.php?id=CVE-2022-42817
31 Oct 2022 — A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. Visiting a maliciously crafted website may leak sensitive data. Se abordó un problema lógico con una mejor gestión del estado. Este problema se solucionó en iOS 15.7.1 y iPadOS 15.7.1, iOS 16.1 y iPadOS 16, watchOS 9.1. • https://support.apple.com/en-us/HT213489 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42820 – Apple Security Advisory 2022-10-24-1
https://notcve.org/view.php?id=CVE-2022-42820
31 Oct 2022 — A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may cause unexpected app termination or arbitrary code execution. Se abordó un problema de corrupción de la memoria con una mejor gestión del estado. Este problema se solucionó en iOS 16.1 y iPadOS 16, macOS Ventura 13. • https://support.apple.com/en-us/HT213488 • CWE-787: Out-of-bounds Write •