CVE-2022-42808
https://notcve.org/view.php?id=CVE-2022-42808
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. A remote user may be able to cause kernel code execution. Se solucionó un problema de escritura fuera de los límites mejorando la verificación de los límites. Este problema se solucionó en tvOS 16.1, iOS 16.1 y iPadOS 16, macOS Ventura 13, watchOS 9.1. • https://support.apple.com/en-us/HT213488 https://support.apple.com/en-us/HT213489 https://support.apple.com/en-us/HT213491 https://support.apple.com/en-us/HT213492 • CWE-787: Out-of-bounds Write •
CVE-2022-32938
https://notcve.org/view.php?id=CVE-2022-32938
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system. Se solucionó un problema de análisis en el manejo de rutas de directorio con una validación de ruta mejorada. Este problema se solucionó en iOS 16.1 y iPadOS 16, macOS Ventura 13. • https://support.apple.com/en-us/HT213488 https://support.apple.com/en-us/HT213489 •
CVE-2022-42806
https://notcve.org/view.php?id=CVE-2022-42806
A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. Se solucionó una condición de ejecución con un bloqueo mejorado. Este problema se solucionó en iOS 16.1 y iPadOS 16, macOS Ventura 13. • https://support.apple.com/en-us/HT213488 https://support.apple.com/en-us/HT213489 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2022-32940
https://notcve.org/view.php?id=CVE-2022-32940
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. El problema se solucionó con comprobaciones de los límites mejoradas. Este problema se solucionó en tvOS 16.1, iOS 16.1 y iPadOS 16, macOS Ventura 13, watchOS 9.1. • https://support.apple.com/en-us/HT213488 https://support.apple.com/en-us/HT213489 https://support.apple.com/en-us/HT213491 https://support.apple.com/en-us/HT213492 •
CVE-2022-42824 – webkitgtk: sensitive information disclosure issue
https://notcve.org/view.php?id=CVE-2022-42824
A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information. Se abordó un problema lógico con una mejor gestión del estado. Este problema se solucionó en tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 y iPadOS 16. • http://www.openwall.com/lists/oss-security/2022/11/04/4 https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ https://security.gentoo.org/glsa/202 •