CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-26697 – Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-26697
17 May 2022 — An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. Se abordó un problema de lectura fuera de límites con una comprobación de entrada mejorada. Este problema es corregido en Security Update 2022-004 Catalina, macOS Monterey versión 12.4, macOS Big Sur ver... • https://support.apple.com/en-us/HT213255 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-26698 – Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-26698
17 May 2022 — An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. Se abordó un problema de lectura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en Security Update 2022-004 Catalina, macOS Monterey versión 12.4 y macOS Big Sur ver... • https://support.apple.com/en-us/HT213255 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-26700 – webkitgtk: Memory corruption issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-26700
17 May 2022 — A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. Se abordó un problema de corrupción de memoria con una administración de estados mejorada. Este problema ha sido corregido en tvOS versión 15.5, watchOS versión 8.6, iOS versión 15.5 y iPadOS versión 15.5, macOS Monterey versión 12.4, Safari versión 15.5. • https://support.apple.com/en-us/HT213253 • CWE-787: Out-of-bounds Write CWE-1173: Improper Use of Validation Framework •
CVSS: 7.6EPSS: 0%CPEs: 5EXPL: 0CVE-2022-26701 – Apple Security Advisory 2022-05-16-1
https://notcve.org/view.php?id=CVE-2022-26701
17 May 2022 — A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. Se abordó una condición de carrera con un bloqueo mejorado. Este problema es corregido en tvOS versión 15.5, macOS Monterey versión 12.4, iOS versión 15.5 y iPadOS versión 15.5. • https://support.apple.com/en-us/HT213254 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-26704 – Apple Security Advisory 2022-05-16-2
https://notcve.org/view.php?id=CVE-2022-26704
17 May 2022 — A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges. Se presentaba un problema de comprobación en el manejo de los enlaces simbólicos y se abordó con una comprobación de los enlaces simbólicos mejorada. Este problema es corregido en macOS Monterey versión 12.4. • http://seclists.org/fulldisclosure/2022/Jul/13 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26708 – Apple Security Advisory 2022-05-16-2
https://notcve.org/view.php?id=CVE-2022-26708
17 May 2022 — This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. Este problema se abordó con comprobaciones mejoradas. Este problema es corregido en macOS Monterey versión 12.4. • https://support.apple.com/en-us/HT213257 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-26709 – webkitgtk: Use-after-free leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-26709
17 May 2022 — A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. Se solucionó un problema de uso después de la liberación con una gestión de memoria mejorada. Este problema se solucionó en tvOS 15.5, iOS 15.5 y iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. • https://support.apple.com/en-us/HT213253 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-26710 – webkitgtk: Use-after-free leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-26710
17 May 2022 — A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. Se solucionó un problema de uso después de la liberación con una gestión de memoria mejorada. Este problema se solucionó en iOS 15.5 y iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. • https://support.apple.com/en-us/HT213253 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2022-26711 – Apple macOS ImageIO WebP File Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26711
17 May 2022 — An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Se abordó un problema de desbordamiento de enteros con una comprobación de entradas mejorada. Este problema es corregido en tvOS versión 15.5, iTunes versión 12.12.4 para Windows, iOS versión 15.5 y iPadOS versión 1... • https://support.apple.com/en-us/HT213253 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26712 – Apple Security Advisory 2022-05-16-2
https://notcve.org/view.php?id=CVE-2022-26712
17 May 2022 — This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to modify protected parts of the file system. Este problema se abordó eliminando el código vulnerable. Este problema es corregido en macOS Monterey versión 12.4, macOS Big Sur versión 11.6.6. • https://support.apple.com/en-us/HT213256 •