CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 0CVE-2022-22627 – Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-22627
15 Mar 2022 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. Se abordó una lectura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en macOS Big Sur versión 11.6.5, macOS Monterey versión 12.3 y Security Update 2022-003 Catalina. • https://support.apple.com/en-us/HT213183 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-22631 – Apple Security Advisory 2022-03-14-4
https://notcve.org/view.php?id=CVE-2022-22631
15 Mar 2022 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en macOS Big Sur versión 11.6.5, macOS Monterey versión 12.3 y Security Update 2022-003 Catalina. • https://support.apple.com/en-us/HT213183 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-22638 – Apple Security Advisory 2022-03-14-4
https://notcve.org/view.php?id=CVE-2022-22638
15 Mar 2022 — A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack. Se abordó una desreferencia de puntero null con una comprobación mejorada. Este problema es corregido en tvOS versión 15.4, iOS versión 15.4 y iPadOS versión 15.4, macOS Big Sur versión 11.6.5, Security Upd... • https://support.apple.com/en-us/HT213182 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22648 – Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-22648
15 Mar 2022 — This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory. Este problema se abordó con comprobaciones mejoradas. Este problema es corregido en macOS Big Sur versión 11.6.5, macOS Monterey versión 12.3 y Security Update 2022-003 Catalina. • https://support.apple.com/en-us/HT213183 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22650 – Apple Security Advisory 2022-03-14-4
https://notcve.org/view.php?id=CVE-2022-22650
15 Mar 2022 — This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data. Este problema se abordó con comprobaciones mejoradas. Este problema es corregido en macOS Big Sur versión 11.6.5, macOS Monterey versión 12.3 y Security Update 2022-003 Catalina. • https://support.apple.com/en-us/HT213183 • CWE-281: Improper Preservation of Permissions •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22656 – Apple Security Advisory 2022-03-14-4
https://notcve.org/view.php?id=CVE-2022-22656
15 Mar 2022 — An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen. Se abordó un problema de autenticación con una administración de estados mejorada. Este problema es corregido en macOS Big Sur versión 11.6.5, macOS Monterey versión 12.3 y Security Update 2022-003 Catalina. • https://support.apple.com/en-us/HT213183 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22661 – Apple Security Advisory 2022-03-14-4
https://notcve.org/view.php?id=CVE-2022-22661
15 Mar 2022 — A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de confusión de tipo con una administración de estados mejorada. Este problema es corregido en macOS Big Sur versión 11.6.5, macOS Monterey versión 12.3, Security Update 2022-003 Catalina. • https://support.apple.com/en-us/HT213183 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 0%CPEs: 17EXPL: 0CVE-2022-22665 – Apple Security Advisory 2022-05-16-4
https://notcve.org/view.php?id=CVE-2022-22665
15 Mar 2022 — A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges. Se abordó un problema de lógica con una comprobación mejorada. Este problema es corregido en macOS Monterey versión 12.3. • http://seclists.org/fulldisclosure/2022/May/33 •
CVSS: 9.1EPSS: 31%CPEs: 24EXPL: 0CVE-2022-22721 – core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
https://notcve.org/view.php?id=CVE-2022-22721
14 Mar 2022 — If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Si LimitXMLRequestBody está configurado para permitir cuerpos de petición de más de 350 MB (por defecto 1M) en sistemas de 32 bits, es producido un desbordamiento de enteros que causa posteriormente escrituras fuera de límites. Este problema afecta a Apache HTTP Server 2.4.52 y... • http://seclists.org/fulldisclosure/2022/May/33 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 58EXPL: 0CVE-2022-23308 – libxml2: Use-after-free of ID and IDREF attributes
https://notcve.org/view.php?id=CVE-2022-23308
26 Feb 2022 — valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. El archivo valid.c en libxml2 versiones anteriores a 2.9.13, presenta un uso de memoria previamente liberada de los atributos ID e IDREF. A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, resulting in a use-after-free issue. Red Hat JBoss Core Services is a set of supplementary s... • http://seclists.org/fulldisclosure/2022/May/33 • CWE-416: Use After Free •