CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42865
https://notcve.org/view.php?id=CVE-2022-42865
15 Dec 2022 — This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to bypass Privacy preferences. Este problema se solucionó habilitando el tiempo de ejecución reforzado. Este problema se solucionó en iOS 16.2 y iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. • http://seclists.org/fulldisclosure/2022/Dec/20 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42866
https://notcve.org/view.php?id=CVE-2022-42866
15 Dec 2022 — The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to read sensitive location information. El problema se solucionó mejorando el manejo de los cachés. Este problema se solucionó en iOS 16.2 y iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. • http://seclists.org/fulldisclosure/2022/Dec/20 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42805
https://notcve.org/view.php?id=CVE-2022-42805
15 Dec 2022 — An integer overflow was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. Se solucionó un desbordamiento de enteros con una validación de entrada mejorada. Este problema se solucionó en iOS 15.6, iPadOS 15.6 y macOS Monterey 12.5. • https://support.apple.com/en-us/HT213345 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32833
https://notcve.org/view.php?id=CVE-2022-32833
15 Dec 2022 — An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history. Existía un problema con las rutas de archivo utilizadas para almacenar datos del sitio web. • https://support.apple.com/en-us/HT213446 •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32943
https://notcve.org/view.php?id=CVE-2022-32943
15 Dec 2022 — The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication. El problema se solucionó con comprobaciones de los límites mejoradas. Este problema se solucionó en iOS 16.2 y iPadOS 16.2, macOS Ventura 13.1. • http://seclists.org/fulldisclosure/2022/Dec/20 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32945
https://notcve.org/view.php?id=CVE-2022-32945
15 Dec 2022 — An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods. Se solucionó un problema de acceso con restricciones adicionales de sandbox en aplicaciones de terceros. Este problema se solucionó en macOS Ventura 13. • https://support.apple.com/en-us/HT213488 •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 1CVE-2022-3970 – LibTIFF tif_getimage.c TIFFReadRGBATileExt integer overflow
https://notcve.org/view.php?id=CVE-2022-3970
13 Nov 2022 — A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137 • CWE-189: Numeric Errors CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2022-40303 – libxml2: integer overflows with XML_PARSE_HUGE
https://notcve.org/view.php?id=CVE-2022-40303
01 Nov 2022 — An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. Se descubrió un problema en libxml2 antes de la versión 2.10.3. Al analizar un documento XML de varios gigabytes con la opción de analizador XML_PARSE_HUGE habilitada, varios contadores de enteros pueden desbordarse. • http://seclists.org/fulldisclosure/2022/Dec/21 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2022-40304 – libxml2: dict corruption caused by entity reference cycles
https://notcve.org/view.php?id=CVE-2022-40304
01 Nov 2022 — An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. Se descubrió un problema en libxml2 antes de la versión 2.10.3. Ciertas definiciones de entidades XML no válidas pueden dañar la clave de una tabla hash, lo que podría provocar errores lógicos posteriores. • http://seclists.org/fulldisclosure/2022/Dec/21 • CWE-415: Double Free •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-42795
https://notcve.org/view.php?id=CVE-2022-42795
01 Nov 2022 — A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 16, iOS 16, macOS Ventura 13, watchOS 9. Processing a maliciously crafted image may lead to arbitrary code execution. Se solucionó un problema de consumo de memoria mejorando el manejo de la memoria. Este problema se solucionó en tvOS 16, iOS 16, macOS Ventura 13, watchOS 9. • https://support.apple.com/en-us/HT213446 • CWE-787: Out-of-bounds Write •