CVE-2022-32938
https://notcve.org/view.php?id=CVE-2022-32938
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system. Se solucionó un problema de análisis en el manejo de rutas de directorio con una validación de ruta mejorada. Este problema se solucionó en iOS 16.1 y iPadOS 16, macOS Ventura 13. • https://support.apple.com/en-us/HT213488 https://support.apple.com/en-us/HT213489 •
CVE-2022-42806
https://notcve.org/view.php?id=CVE-2022-42806
A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. Se solucionó una condición de ejecución con un bloqueo mejorado. Este problema se solucionó en iOS 16.1 y iPadOS 16, macOS Ventura 13. • https://support.apple.com/en-us/HT213488 https://support.apple.com/en-us/HT213489 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2022-32940
https://notcve.org/view.php?id=CVE-2022-32940
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. El problema se solucionó con comprobaciones de los límites mejoradas. Este problema se solucionó en tvOS 16.1, iOS 16.1 y iPadOS 16, macOS Ventura 13, watchOS 9.1. • https://support.apple.com/en-us/HT213488 https://support.apple.com/en-us/HT213489 https://support.apple.com/en-us/HT213491 https://support.apple.com/en-us/HT213492 •
CVE-2022-42824 – webkitgtk: sensitive information disclosure issue
https://notcve.org/view.php?id=CVE-2022-42824
A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information. Se abordó un problema lógico con una mejor gestión del estado. Este problema se solucionó en tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 y iPadOS 16. • http://www.openwall.com/lists/oss-security/2022/11/04/4 https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ https://security.gentoo.org/glsa/202 •
CVE-2022-42799 – webkitgtk: issue was addressed with improved UI handling
https://notcve.org/view.php?id=CVE-2022-42799
The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing. El problema se solucionó mejorando el manejo de la interfaz de usuario. Este problema se solucionó en tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 y iPadOS 16. • http://www.openwall.com/lists/oss-security/2022/11/04/4 https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ https://security.gentoo.org/glsa/202 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •