CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-42825 – Apple Security Advisory 2022-10-27-8
https://notcve.org/view.php?id=CVE-2022-42825
31 Oct 2022 — This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system. Este problema se solucionó eliminando derechos adicionales. Este problema se solucionó en tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 y iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. • https://support.apple.com/en-us/HT213488 • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42830 – Apple Security Advisory 2022-10-24-1
https://notcve.org/view.php?id=CVE-2022-42830
31 Oct 2022 — The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en iOS 16.1 y iPadOS 16, macOS Ventura 13. • https://support.apple.com/en-us/HT213488 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42831 – Apple Security Advisory 2022-10-24-1
https://notcve.org/view.php?id=CVE-2022-42831
31 Oct 2022 — A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. Se solucionó una condición de ejecución con un bloqueo mejorado. Este problema se solucionó en iOS 16.1 y iPadOS 16, macOS Ventura 13. • https://support.apple.com/en-us/HT213488 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42832 – Apple Security Advisory 2022-10-24-1
https://notcve.org/view.php?id=CVE-2022-42832
31 Oct 2022 — A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. Se solucionó una condición de ejecución con un bloqueo mejorado. Este problema se solucionó en iOS 16.1 y iPadOS 16, macOS Ventura 13. • https://support.apple.com/en-us/HT213488 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42815 – Apple Security Advisory 2022-10-24-2
https://notcve.org/view.php?id=CVE-2022-42815
31 Oct 2022 — This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. Este problema se solucionó mejorando la protección de datos. Este problema se solucionó en macOS Ventura 13. • https://support.apple.com/en-us/HT213488 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42818 – Apple Security Advisory 2022-10-24-2
https://notcve.org/view.php?id=CVE-2022-42818
31 Oct 2022 — This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity. Este problema se solucionó mejorando la protección de datos. Este problema se solucionó en macOS Ventura 13. • https://support.apple.com/en-us/HT213488 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42819 – Apple Security Advisory 2022-10-27-9
https://notcve.org/view.php?id=CVE-2022-42819
31 Oct 2022 — An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to read sensitive location information. Se solucionó un problema de acceso mejorando las restricciones de acceso. Este problema se solucionó en macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. • https://support.apple.com/en-us/HT213443 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42820 – Apple Security Advisory 2022-10-24-1
https://notcve.org/view.php?id=CVE-2022-42820
31 Oct 2022 — A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may cause unexpected app termination or arbitrary code execution. Se abordó un problema de corrupción de la memoria con una mejor gestión del estado. Este problema se solucionó en iOS 16.1 y iPadOS 16, macOS Ventura 13. • https://support.apple.com/en-us/HT213488 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42829 – Apple Security Advisory 2022-10-24-1
https://notcve.org/view.php?id=CVE-2022-42829
31 Oct 2022 — A use after free issue was addressed with improved memory management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. Se solucionó un problema de use-after-free con una gestión de memoria mejorada. Este problema se solucionó en iOS 16.1 y iPadOS 16, macOS Ventura 13. • https://support.apple.com/en-us/HT213488 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-42916 – curl: HSTS bypass via IDN
https://notcve.org/view.php?id=CVE-2022-42916
27 Oct 2022 — In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop ... • http://seclists.org/fulldisclosure/2023/Jan/19 • CWE-319: Cleartext Transmission of Sensitive Information •