CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32896 – Apple Security Advisory 2022-10-27-9
https://notcve.org/view.php?id=CVE-2022-32896
13 Sep 2022 — This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. A user may be able to view sensitive user information. macOS Monterey 12.6 addresses buffer overflow, bypass, code execution, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213443 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32864 – Apple Security Advisory 2022-10-27-9
https://notcve.org/view.php?id=CVE-2022-32864
13 Sep 2022 — The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to disclose kernel memory. Se abordó este problema con la administración de memoria mejorada. Este problema es corregido en macOS Monterey versión 12.6, iOS versión 15.7 y iPadOS versión 15.7, iOS versión 16, macOS Big Sur versión 11.7. • http://seclists.org/fulldisclosure/2022/Oct/28 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32854 – Apple Security Advisory 2022-10-27-9
https://notcve.org/view.php?id=CVE-2022-32854
13 Sep 2022 — This issue was addressed with improved checks. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences. Este problema se abordó con comprobaciones mejoradas. Este problema es corregido en iOS versión 15.7 y iPadOS versión 15.7, iOS versión 16, macOS Big Sur versión 11.7. • http://seclists.org/fulldisclosure/2022/Oct/39 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32917 – Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-32917
13 Sep 2022 — The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. Se abordó un problema con comprobaciones de límites mejoradas. • http://seclists.org/fulldisclosure/2022/Oct/39 • CWE-787: Out-of-bounds Write •
CVSS: 3.7EPSS: 0%CPEs: 21EXPL: 1CVE-2022-35252 – curl: Incorrect handling of control code characters in cookies
https://notcve.org/view.php?id=CVE-2022-35252
02 Sep 2022 — When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. Cuando curl es usado para recuperar y analizar las cookies de un servidor HTTP(S), acepta las cookies usando códigos de control que cuando son enviados de vuelta a un servidor HTTP podrían hacer que el servidor devolviera respuestas 400. En efe... • http://seclists.org/fulldisclosure/2023/Jan/20 • CWE-20: Improper Input Validation CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32894 – Apple iOS and macOS Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-32894
19 Aug 2022 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. • http://seclists.org/fulldisclosure/2022/Aug/16 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 2%CPEs: 10EXPL: 0CVE-2022-32893 – Apple iOS and macOS Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-32893
19 Aug 2022 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. • http://seclists.org/fulldisclosure/2022/Aug/16 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26696 – Apple macOS LaunchServices Sandbox Escape Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-26696
15 Aug 2022 — This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. Se abordó este problema con un saneo del entorno mejorado. Este problema es corregido en macOS Monterey versión 12.4. • https://support.apple.com/en-us/HT213257 •
CVSS: 10.0EPSS: 1%CPEs: 16EXPL: 1CVE-2022-22630 – Apple macOS Remote Events Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22630
15 Aug 2022 — A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within Apple Remote Events. The issue results from the lack o... • https://packetstorm.news/files/id/168247 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 5CVE-2022-37434 – zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
https://notcve.org/view.php?id=CVE-2022-37434
05 Aug 2022 — zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). zlib versiones hasta 1.2.12, presenta una lectura excesiva de búfer en la región heap de la memoria o desbordamiento de búfer en el archivo inflate.c por medio de un cam... • https://github.com/xen0bit/CVE-2022-37434_poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •