Page 45 of 1421 results (0.009 seconds)

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2022-46695

https://notcve.org/view.php?id=CVE-2022-46695

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing. Existía un problema de suplantación de identidad en el manejo de las URL. • http://seclists.org/fulldisclosure/2022/Dec/20 http://seclists.org/fulldisclosure/2022/Dec/21 http://seclists.org/fulldisclosure/2022/Dec/23 http://seclists.org/fulldisclosure/2022/Dec/26 http://seclists.org/fulldisclosure/2022/Dec/27 https://support.apple.com/en-us/HT213530 https://support.apple.com/en-us/HT213531 https://support.apple.com/en-us/HT213532 https://support.apple.com/en-us/HT213535 https://support.apple.com/en-us/HT213536 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0

CVE-2022-40304 – libxml2: dict corruption caused by entity reference cycles

https://notcve.org/view.php?id=CVE-2022-40304

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. Se descubrió un problema en libxml2 antes de la versión 2.10.3. Ciertas definiciones de entidades XML no válidas pueden dañar la clave de una tabla hash, lo que podría provocar errores lógicos posteriores. • http://seclists.org/fulldisclosure/2022/Dec/21 http://seclists.org/fulldisclosure/2022/Dec/24 http://seclists.org/fulldisclosure/2022/Dec/25 http://seclists.org/fulldisclosure/2022/Dec/26 http://seclists.org/fulldisclosure/2022/Dec/27 https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b https://gitlab.gnome.org/GNOME/libxml2/-/tags https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3 https://security.netapp.com/advisory/ntap-20221209-0003 • CWE-415: Double Free •

CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0

CVE-2022-40303 – libxml2: integer overflows with XML_PARSE_HUGE

https://notcve.org/view.php?id=CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. Se descubrió un problema en libxml2 antes de la versión 2.10.3. Al analizar un documento XML de varios gigabytes con la opción de analizador XML_PARSE_HUGE habilitada, varios contadores de enteros pueden desbordarse. • http://seclists.org/fulldisclosure/2022/Dec/21 http://seclists.org/fulldisclosure/2022/Dec/24 http://seclists.org/fulldisclosure/2022/Dec/25 http://seclists.org/fulldisclosure/2022/Dec/26 http://seclists.org/fulldisclosure/2022/Dec/27 https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3 https://security.netapp.com/advisory/ntap-20221209-0003 https://support.apple.com/kb/HT213531 https:/ • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-32925

https://notcve.org/view.php?id=CVE-2022-32925

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to cause unexpected system termination or write kernel memory. Se solucionó un problema de escritura fuera de los límites mejorando la verificación de los límites. Este problema se solucionó en tvOS 16, iOS 16, watchOS 9. • https://support.apple.com/en-us/HT213446 https://support.apple.com/en-us/HT213486 https://support.apple.com/en-us/HT213487 • CWE-787: Out-of-bounds Write •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-32928

https://notcve.org/view.php?id=CVE-2022-32928

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user in a privileged network position may be able to intercept mail credentials. Se abordó un problema de lógica con restricciones mejoradas. Este problema se solucionó en iOS 16, macOS Ventura 13, watchOS 9. • https://support.apple.com/en-us/HT213446 https://support.apple.com/en-us/HT213486 https://support.apple.com/en-us/HT213488 •