CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32946 – Apple Security Advisory 2022-10-24-1
https://notcve.org/view.php?id=CVE-2022-32946
31 Oct 2022 — This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods. Este problema se abordó con derechos mejorados. Este problema se solucionó en iOS 16.1 y iPadOS 16. • https://support.apple.com/en-us/HT213489 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32827 – AppleAVD deallocateKernelMemoryInternal Missing Surface Lock
https://notcve.org/view.php?id=CVE-2022-32827
31 Oct 2022 — A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to cause a denial-of-service. Se abordó un problema de corrupción de la memoria con una gestión estatal mejorada. Este problema se solucionó en iOS 16, macOS Ventura 13. • https://packetstorm.news/files/id/169929 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32926 – Apple Security Advisory 2022-10-27-1
https://notcve.org/view.php?id=CVE-2022-32926
31 Oct 2022 — The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16. An app with root privileges may be able to execute arbitrary code with kernel privileges. El problema se solucionó con comprobaciones de los límites mejoradas. Este problema se solucionó en tvOS 16.1, iOS 15.7.1 y iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 y iPadOS 16. • https://support.apple.com/en-us/HT213488 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-42827 – Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-42827
31 Oct 2022 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. Se solucionó un problema de escritura fuera de los límites mejorando la verificación de los límites. • https://support.apple.com/en-us/HT213489 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32941 – Apple Security Advisory 2022-10-27-8
https://notcve.org/view.php?id=CVE-2022-32941
31 Oct 2022 — The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A buffer overflow may result in arbitrary code execution. El problema se solucionó con comprobaciones de los límites mejoradas. Este problema se solucionó en iOS 15.7.1 y iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 y iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. • https://support.apple.com/en-us/HT213488 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22658 – Apple Security Advisory 2022-10-10-1
https://notcve.org/view.php?id=CVE-2022-22658
14 Oct 2022 — An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service. Se solucionó un problema de validación de entradas mejorando la validación de entradas. Este problema se solucionó en iOS 16.0.3. • https://support.apple.com/en-us/HT213480 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2022-32883 – Apple Security Advisory 2022-10-27-9
https://notcve.org/view.php?id=CVE-2022-32883
13 Sep 2022 — A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information. Se abordó un problema de lógica con restricciones mejoradas. Este problema es corregido en macOS Monterey versión 12.6, iOS versión 15.7 y iPadOS versión 15.7, iOS versión 16, macOS Big Sur versión 11.7. • https://github.com/breakpointHQ/CVE-2022-32883 •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32891 – webkitgtk: UI spoofing while Visiting a website that frames malicious content
https://notcve.org/view.php?id=CVE-2022-32891
13 Sep 2022 — The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. A vulnerability was found in webkitgtk, where an issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing. • https://security.gentoo.org/glsa/202305-32 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 5CVE-2022-37434 – zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
https://notcve.org/view.php?id=CVE-2022-37434
05 Aug 2022 — zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). zlib versiones hasta 1.2.12, presenta una lectura excesiva de búfer en la región heap de la memoria o desbordamiento de búfer en el archivo inflate.c por medio de un cam... • https://github.com/xen0bit/CVE-2022-37434_poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-1622 – Debian Security Advisory 5333-1
https://notcve.org/view.php?id=CVE-2022-1622
11 May 2022 — LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. La rama maestra de LibTIFF presenta una lectura fuera de límites en LZWDecode en libtiff/tif_lzw.c:619, permitiendo a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la ... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-125: Out-of-bounds Read •