CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32894 – Apple iOS and macOS Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-32894
19 Aug 2022 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. • http://seclists.org/fulldisclosure/2022/Aug/16 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26696 – Apple macOS LaunchServices Sandbox Escape Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-26696
15 Aug 2022 — This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. Se abordó este problema con un saneo del entorno mejorado. Este problema es corregido en macOS Monterey versión 12.4. • https://support.apple.com/en-us/HT213257 •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2022-22630 – Apple macOS Remote Events Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22630
15 Aug 2022 — A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within Apple Remote Events. The issue results from the lack o... • https://support.apple.com/en-us/HT213183 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 5CVE-2022-37434 – zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
https://notcve.org/view.php?id=CVE-2022-37434
05 Aug 2022 — zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). zlib versiones hasta 1.2.12, presenta una lectura excesiva de búfer en la región heap de la memoria o desbordamiento de búfer en el archivo inflate.c por medio de un cam... • https://github.com/xen0bit/CVE-2022-37434_poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32816 – webkitgtk: malicious content may lead to UI spoofing
https://notcve.org/view.php?id=CVE-2022-32816
22 Jul 2022 — The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing. Se abordó este problema con un manejo de la Interfaz de Usuario mejorado. Este problema ha sido corregido en watchOS versión 8.7, tvOS versión 15.6, iOS versión 15.6 y iPadOS versión 15.6, macOS Monterey versión 12.5. • https://support.apple.com/en-us/HT213340 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32817
https://notcve.org/view.php?id=CVE-2022-32817
22 Jul 2022 — An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory. Se abordó un problema de lectura fuera de límites con una comprobación de límites mejorada. Este problema ha sido corregido en watchOS versión 8.7, tvOS versión 15.6, iOS versión 15.6 y iPadOS versión 15.6, macOS Monterey versión 12.5. • https://support.apple.com/en-us/HT213340 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2022-32819
https://notcve.org/view.php?id=CVE-2022-32819
22 Jul 2022 — A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges. Se abordó un problema de lógica con una administración de estados mejorada. Este problema ha sido corregido en iOS versión 15.6 y iPadOS versión 15.6, macOS Big Sur versión 11.6.8, watchOS versión 8.7, tvOS versión 15.6, macOS Monterey versión 12.5, Securit... • https://support.apple.com/en-us/HT213340 •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2022-32820
https://notcve.org/view.php?id=CVE-2022-32820
22 Jul 2022 — An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges. Se abordó un problema de escritura fuera de límites con una comprobación de entrada mejorada. Este problema ha sido corregido en iOS versión 15.6 y iPadOS versión 15.6, macOS Big Sur versión 11.6.8, watchOS versión 8.... • https://support.apple.com/en-us/HT213340 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32821
https://notcve.org/view.php?id=CVE-2022-32821
22 Jul 2022 — A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. Se abordó un problema de corrupción de memoria con una comprobación mejorada. Este problema ha sido corregido en watchOS versión 8.7, tvOS versión 15.6, iOS versión 15.6 y iPadOS versión 15.6, macOS Monterey versión 12.5. • https://support.apple.com/en-us/HT213340 • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 19EXPL: 0CVE-2022-32781
https://notcve.org/view.php?id=CVE-2022-32781
22 Jul 2022 — This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information. Se abordó este problema al habilitar el tiempo de ejecución reforzado. Este problema ha sido corregido en macOS Monterey versión 12.4, iOS versión 15.5 y iPadOS versión 15.5, Security Update 2022-005 Catalina, macOS Big Sur versión 11.6.8. • https://support.apple.com/en-us/HT213257 •