CVSS: 8.2EPSS: 0%CPEs: 71EXPL: 2CVE-2018-25032 – zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
https://notcve.org/view.php?id=CVE-2018-25032
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. zlib versiones anteriores a 1.2.12 permite la corrupción de memoria al desinflar (es decir, al comprimir) si la entrada tiene muchas coincidencias distantes An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many distant matches. For some rare inputs with a large number of distant matches (crafted payloads), the buffer into which the compressed or deflated data is written can overwrite the distance symbol table which it overlays. This issue results in corrupted output due to invalid distances, which leads to out-of-bound access, corrupting the memory and potentially crashing the application. • http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/38 http://www.openwall.com/lists/oss-security/2022/03/25/2 http://www.openwall.com/lists/oss-security/2022/03/26/1 https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 https://github.com/madler/zlib/compare/v1.2.11...v1.2.12 https://github.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 17EXPL: 0CVE-2022-22665
https://notcve.org/view.php?id=CVE-2022-22665
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges. Se abordó un problema de lógica con una comprobación mejorada. Este problema es corregido en macOS Monterey versión 12.3. • http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/35 https://support.apple.com/en-us/HT213183 https://support.apple.com/kb/HT213184 https://support.apple.com/kb/HT213185 https://support.apple.com/kb/HT213255 https://support.apple.com/kb/HT213256 •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22656
https://notcve.org/view.php?id=CVE-2022-22656
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen. Se abordó un problema de autenticación con una administración de estados mejorada. Este problema es corregido en macOS Big Sur versión 11.6.5, macOS Monterey versión 12.3 y Security Update 2022-003 Catalina. • https://support.apple.com/en-us/HT213183 https://support.apple.com/en-us/HT213184 https://support.apple.com/en-us/HT213185 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-22638
https://notcve.org/view.php?id=CVE-2022-22638
A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack. Se abordó una desreferencia de puntero null con una comprobación mejorada. Este problema es corregido en tvOS versión 15.4, iOS versión 15.4 y iPadOS versión 15.4, macOS Big Sur versión 11.6.5, Security Update 2022-003 Catalina, watchOS versión 8.5, macOS Monterey versión 12.3. • https://support.apple.com/en-us/HT213182 https://support.apple.com/en-us/HT213183 https://support.apple.com/en-us/HT213184 https://support.apple.com/en-us/HT213185 https://support.apple.com/en-us/HT213186 https://support.apple.com/en-us/HT213193 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 0CVE-2022-22625 – Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-22625
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. Se abordó una lectura fuera de límites con una comprobación de entrada mejorada. Este problema es corregido en macOS Big Sur versión 11.6.5, macOS Monterey versión 12.3 y Security Update 2022-003 Catalina. • https://support.apple.com/en-us/HT213183 https://support.apple.com/en-us/HT213184 https://support.apple.com/en-us/HT213185 • CWE-125: Out-of-bounds Read •