Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2022-1057
Vulnerability from csaf_certbund
Published
2022-05-16 22:00
Modified
2023-06-21 22:00
Summary
Apple macOS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.
Angriff
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren.
Betroffene Betriebssysteme
- MacOS X
{ "document": { "aggregate_severity": { "text": "kritisch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren.", "title": "Angriff" }, { "category": "general", "text": "- MacOS X", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-1057 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1057.json" }, { "category": "self", "summary": "WID-SEC-2022-1057 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1057" }, { "category": "external", "summary": "Apple Security Advisory vom 2022-05-16", "url": "https://support.apple.com/en-us/HT213255" }, { "category": "external", "summary": "Apple Security Advisory vom 2022-05-16", "url": "https://support.apple.com/en-us/HT213256" }, { "category": "external", "summary": "Apple Security Advisory vom 2022-05-16", "url": "https://support.apple.com/en-us/HT213257" }, { "category": "external", "summary": "PoC CVE-2022-26726", "url": "https://github.com/acheong08/CVE-2022-26726-POC" }, { "category": "external", "summary": "CISA: Apple Releases Security Updates", "url": "https://www.cisa.gov/uscert/ncas/current-activity/2022/04/01/apple-releases-security-updates-0" }, { "category": "external", "summary": "Debian Security Advisory DLA-3118 vom 2022-09-22", "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html" }, { "category": "external", "summary": "Wojciech Regula blogpost vom 2022-11-21", "url": "https://wojciechregula.blog/post/macos-sandbox-escape-via-terminal/" } ], "source_lang": "en-US", "title": "Apple macOS: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-06-21T22:00:00.000+00:00", "generator": { "date": "2024-02-15T16:55:42.487+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-1057", "initial_release_date": "2022-05-16T22:00:00.000+00:00", "revision_history": [ { "date": "2022-05-16T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-08-16T22:00:00.000+00:00", "number": "2", "summary": "CVE erg\u00e4nzt" }, { "date": "2022-09-20T22:00:00.000+00:00", "number": "3", "summary": "CVE Nummern CVE-2022-32790 und CVE-2022-32882 erg\u00e4nzt" }, { "date": "2022-09-22T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2022-09-25T22:00:00.000+00:00", "number": "5", "summary": "Korrektur bzgl. fehlerhaft eingetragenem Debian Update" }, { "date": "2022-11-21T23:00:00.000+00:00", "number": "6", "summary": "Exploit aufgenommen" }, { "date": "2023-06-21T22:00:00.000+00:00", "number": "7", "summary": "CVE-2022-32794 erg\u00e4nzt" } ], "status": "final", "version": "7" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Apple macOS Catalina \u003c 2022-004", "product": { "name": "Apple macOS Catalina \u003c 2022-004", "product_id": "T023230", "product_identification_helper": { "cpe": "cpe:/o:apple:mac_os:catalina__2022-004" } } }, { "category": "product_name", "name": "Apple macOS Big Sur \u003c 11.6.6", "product": { "name": "Apple macOS Big Sur \u003c 11.6.6", "product_id": "T023231", "product_identification_helper": { "cpe": "cpe:/o:apple:mac_os:big_sur__11.6.6" } } }, { "category": "product_name", "name": "Apple macOS Monterey \u003c 12.4", "product": { "name": "Apple macOS Monterey \u003c 12.4", "product_id": "T023232", "product_identification_helper": { "cpe": "cpe:/o:apple:mac_os:monterey__12.4" } } } ], "category": "product_name", "name": "macOS" } ], "category": "vendor", "name": "Apple" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-32882", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-32882" }, { "cve": "CVE-2022-32794", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-32794" }, { "cve": "CVE-2022-32790", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-32790" }, { "cve": "CVE-2022-26776", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26776" }, { "cve": "CVE-2022-26775", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26775" }, { "cve": "CVE-2022-26772", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26772" }, { "cve": "CVE-2022-26770", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26770" }, { "cve": "CVE-2022-26769", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26769" }, { "cve": "CVE-2022-26768", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26768" }, { "cve": "CVE-2022-26767", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26767" }, { "cve": "CVE-2022-26766", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26766" }, { "cve": "CVE-2022-26765", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26765" }, { "cve": "CVE-2022-26764", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26764" }, { "cve": "CVE-2022-26763", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26763" }, { "cve": "CVE-2022-26762", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26762" }, { "cve": "CVE-2022-26761", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26761" }, { "cve": "CVE-2022-26757", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26757" }, { "cve": "CVE-2022-26756", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26756" }, { "cve": "CVE-2022-26755", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26755" }, { "cve": "CVE-2022-26754", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26754" }, { "cve": "CVE-2022-26753", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26753" }, { "cve": "CVE-2022-26752", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26752" }, { "cve": "CVE-2022-26751", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26751" }, { "cve": "CVE-2022-26750", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26750" }, { "cve": "CVE-2022-26749", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26749" }, { "cve": "CVE-2022-26748", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26748" }, { "cve": "CVE-2022-26746", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26746" }, { "cve": "CVE-2022-26745", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26745" }, { "cve": "CVE-2022-26743", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26743" }, { "cve": "CVE-2022-26742", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26742" }, { "cve": "CVE-2022-26741", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26741" }, { "cve": "CVE-2022-26740", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26740" }, { "cve": "CVE-2022-26739", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26739" }, { "cve": "CVE-2022-26738", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26738" }, { "cve": "CVE-2022-26737", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26737" }, { "cve": "CVE-2022-26736", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26736" }, { "cve": "CVE-2022-26731", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26731" }, { "cve": "CVE-2022-26728", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26728" }, { "cve": "CVE-2022-26727", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26727" }, { "cve": "CVE-2022-26726", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26726" }, { "cve": "CVE-2022-26725", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26725" }, { "cve": "CVE-2022-26723", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26723" }, { "cve": "CVE-2022-26722", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26722" }, { "cve": "CVE-2022-26721", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26721" }, { "cve": "CVE-2022-26720", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26720" }, { "cve": "CVE-2022-26719", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26719" }, { "cve": "CVE-2022-26718", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26718" }, { "cve": "CVE-2022-26717", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26717" }, { "cve": "CVE-2022-26716", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26716" }, { "cve": "CVE-2022-26715", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26715" }, { "cve": "CVE-2022-26714", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26714" }, { "cve": "CVE-2022-26712", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26712" }, { "cve": "CVE-2022-26711", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26711" }, { "cve": "CVE-2022-26710", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26710" }, { "cve": "CVE-2022-26709", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26709" }, { "cve": "CVE-2022-26708", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26708" }, { "cve": "CVE-2022-26706", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26706" }, { "cve": "CVE-2022-26704", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26704" }, { "cve": "CVE-2022-26701", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26701" }, { "cve": "CVE-2022-26700", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26700" }, { "cve": "CVE-2022-26698", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26698" }, { "cve": "CVE-2022-26697", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26697" }, { "cve": "CVE-2022-26696", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26696" }, { "cve": "CVE-2022-26694", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26694" }, { "cve": "CVE-2022-26693", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-26693" }, { "cve": "CVE-2022-23308", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-23308" }, { "cve": "CVE-2022-22721", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-22721" }, { "cve": "CVE-2022-22720", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-22720" }, { "cve": "CVE-2022-22719", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-22719" }, { "cve": "CVE-2022-22677", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-22677" }, { "cve": "CVE-2022-22675", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-22675" }, { "cve": "CVE-2022-22674", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-22674" }, { "cve": "CVE-2022-22665", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-22665" }, { "cve": "CVE-2022-22663", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-22663" }, { "cve": "CVE-2022-22589", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-22589" }, { "cve": "CVE-2022-0778", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-0778" }, { "cve": "CVE-2022-0530", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-0530" }, { "cve": "CVE-2022-0128", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2022-0128" }, { "cve": "CVE-2021-46059", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2021-46059" }, { "cve": "CVE-2021-45444", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2021-45444" }, { "cve": "CVE-2021-44790", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2021-44790" }, { "cve": "CVE-2021-44224", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2021-44224" }, { "cve": "CVE-2021-4193", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2021-4193" }, { "cve": "CVE-2021-4192", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2021-4192" }, { "cve": "CVE-2021-4187", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2021-4187" }, { "cve": "CVE-2021-4173", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2021-4173" }, { "cve": "CVE-2021-4166", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2021-4166" }, { "cve": "CVE-2021-4136", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2021-4136" }, { "cve": "CVE-2018-25032", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "release_date": "2022-05-16T22:00:00Z", "title": "CVE-2018-25032" } ] }
cve-2022-26728
Vulnerability from cvelistv5
Published
2022-05-26 18:58
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.494Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Update - Catalina", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may be able to access restricted files", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:58:23", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26728", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Update - Catalina", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious application may be able to access restricted files" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26728", "datePublished": "2022-05-26T18:58:23", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.494Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26716
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.316Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213260" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213258" }, { "url": "https://support.apple.com/en-us/HT213253" }, { "url": "https://support.apple.com/en-us/HT213254" }, { "url": "https://support.apple.com/en-us/HT213257" }, { "url": "https://support.apple.com/en-us/HT213260" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26716", "datePublished": "2022-11-01T00:00:00", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.316Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26720
Vulnerability from cvelistv5
Published
2022-05-26 18:51
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.258Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Update - Catalina", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:51:47", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26720", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Update - Catalina", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26720", "datePublished": "2022-05-26T18:51:47", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.258Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-4187
Vulnerability from cvelistv5
Published
2021-12-29 17:10
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
vim is vulnerable to Use After Free
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:16:04.239Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441" }, { "name": "FEDORA-2022-a3d70b50f0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "name": "FEDORA-2022-48b86d586f", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-32" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "8.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "vim is vulnerable to Use After Free" } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-21T05:06:36", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441" }, { "name": "FEDORA-2022-a3d70b50f0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "name": "FEDORA-2022-48b86d586f", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-32" } ], "source": { "advisory": "a8bee03a-6e2e-43bf-bee3-4968c5386a2e", "discovery": "EXTERNAL" }, "title": "Use After Free in vim/vim", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@huntr.dev", "ID": "CVE-2021-4187", "STATE": "PUBLIC", "TITLE": "Use After Free in vim/vim" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "vim/vim", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.2" } ] } } ] }, "vendor_name": "vim" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "vim is vulnerable to Use After Free" } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-416 Use After Free" } ] } ] }, "references": { "reference_data": [ { "name": "https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e" }, { "name": "https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441", "refsource": "MISC", "url": "https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441" }, { "name": "FEDORA-2022-a3d70b50f0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "name": "FEDORA-2022-48b86d586f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/" }, { "name": "https://support.apple.com/kb/HT213183", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "name": "https://support.apple.com/kb/HT213256", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "https://support.apple.com/kb/HT213343", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-32" } ] }, "source": { "advisory": "a8bee03a-6e2e-43bf-bee3-4968c5386a2e", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2021-4187", "datePublished": "2021-12-29T17:10:09", "dateReserved": "2021-12-28T00:00:00", "dateUpdated": "2024-08-03T17:16:04.239Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26748
Vulnerability from cvelistv5
Published
2022-05-26 19:10
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.794Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Update - Catalina", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:10:15", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26748", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Update - Catalina", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Processing maliciously crafted web content may lead to arbitrary code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26748", "datePublished": "2022-05-26T19:10:15", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.794Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26708
Vulnerability from cvelistv5
Published
2022-05-26 18:46
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/kb/HT213253 | x_refsource_CONFIRM | |
https://support.apple.com/kb/HT213258 | x_refsource_CONFIRM | |
https://support.apple.com/kb/HT213254 | x_refsource_CONFIRM | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.271Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213253" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213258" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "An attacker may be able to cause unexpected application termination or arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-22T13:06:17", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213253" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213258" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26708", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An attacker may be able to cause unexpected application termination or arbitrary code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/kb/HT213253", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213253" }, { "name": "https://support.apple.com/kb/HT213258", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213258" }, { "name": "https://support.apple.com/kb/HT213254", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26708", "datePublished": "2022-05-26T18:46:04", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.271Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26761
Vulnerability from cvelistv5
Published
2022-05-26 19:18
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Apple | Security Update - Catalina |
Version: unspecified < 2022 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.492Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Update - Catalina", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:18:52", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26761", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Update - Catalina", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26761", "datePublished": "2022-05-26T19:18:52", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.492Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32794
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 07:54
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:54:02.214Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An app may be able to gain elevated privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213255" }, { "url": "https://support.apple.com/en-us/HT213256" }, { "url": "https://support.apple.com/en-us/HT213257" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-32794", "datePublished": "2022-11-01T00:00:00", "dateReserved": "2022-06-09T00:00:00", "dateUpdated": "2024-08-03T07:54:02.214Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26776
Vulnerability from cvelistv5
Published
2022-05-26 19:30
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/kb/HT213253 | x_refsource_CONFIRM | |
https://support.apple.com/kb/HT213258 | x_refsource_CONFIRM | |
https://support.apple.com/kb/HT213254 | x_refsource_CONFIRM | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.541Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213253" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213258" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "An attacker may be able to cause unexpected application termination or arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-22T13:06:19", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213253" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213258" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26776", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An attacker may be able to cause unexpected application termination or arbitrary code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/kb/HT213253", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213253" }, { "name": "https://support.apple.com/kb/HT213258", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213258" }, { "name": "https://support.apple.com/kb/HT213254", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213254" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26776", "datePublished": "2022-05-26T19:30:18", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.541Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26749
Vulnerability from cvelistv5
Published
2022-05-26 19:11
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.925Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:11:11", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26749", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26749", "datePublished": "2022-05-26T19:11:11", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.925Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26696
Vulnerability from cvelistv5
Published
2022-09-20 20:19
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.208Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions." } ], "problemTypes": [ { "descriptions": [ { "description": "A sandboxed process may be able to circumvent sandbox restrictions", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-20T20:19:08", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26696", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A sandboxed process may be able to circumvent sandbox restrictions" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26696", "datePublished": "2022-09-20T20:19:08", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.208Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26726
Vulnerability from cvelistv5
Published
2022-05-26 18:56
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213253 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.862Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user\u0027s screen." } ], "problemTypes": [ { "descriptions": [ { "description": "An app may be able to capture a user\u0027s screen", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:56:49", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26726", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user\u0027s screen." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An app may be able to capture a user\u0027s screen" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213253", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213253" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26726", "datePublished": "2022-05-26T18:56:49", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.862Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22720
Vulnerability from cvelistv5
Published
2022-03-14 10:15
Modified
2024-08-03 03:21
Severity ?
EPSS score ?
Summary
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache HTTP Server |
Version: Apache HTTP Server 2.4 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:21:48.980Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "[oss-security] 20220314 CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/14/3" }, { "name": "FEDORA-2022-b4103753e9", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html" }, { "name": "FEDORA-2022-21264ec6db", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "name": "FEDORA-2022-78e3211c55", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220321-0001/" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213257" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "GLSA-202208-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-20" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.4.52", "status": "affected", "version": "Apache HTTP Server 2.4", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "James Kettle \u003cjames.kettle portswigger.net\u003e" } ], "descriptions": [ { "lang": "en", "value": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling" } ], "metrics": [ { "other": { "content": { "other": "important" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-14T01:07:14", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "[oss-security] 20220314 CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/14/3" }, { "name": "FEDORA-2022-b4103753e9", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html" }, { "name": "FEDORA-2022-21264ec6db", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "name": "FEDORA-2022-78e3211c55", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220321-0001/" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213257" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "GLSA-202208-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-20" } ], "source": { "discovery": "UNKNOWN" }, "title": "HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2022-22720", "STATE": "PUBLIC", "TITLE": "HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache HTTP Server", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "Apache HTTP Server 2.4", "version_value": "2.4.52" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "James Kettle \u003cjames.kettle portswigger.net\u003e" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "important" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "MISC", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "[oss-security] 20220314 CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/03/14/3" }, { "name": "FEDORA-2022-b4103753e9", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html" }, { "name": "FEDORA-2022-21264ec6db", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "name": "FEDORA-2022-78e3211c55", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220321-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220321-0001/" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "https://support.apple.com/kb/HT213257", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213257" }, { "name": "https://support.apple.com/kb/HT213256", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213256" }, { "name": "https://support.apple.com/kb/HT213255", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213255" }, { "name": "GLSA-202208-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-20" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-22720", "datePublished": "2022-03-14T10:15:29", "dateReserved": "2022-01-06T00:00:00", "dateUpdated": "2024-08-03T03:21:48.980Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22719
Vulnerability from cvelistv5
Published
2022-03-14 10:15
Modified
2024-08-03 03:21
Severity ?
EPSS score ?
Summary
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache HTTP Server |
Version: Apache HTTP Server 2.4 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:21:49.091Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "[oss-security] 20220314 CVE-2022-22719: Apache HTTP Server: mod_lua Use of uninitialized value of in r:parsebody", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/14/4" }, { "name": "FEDORA-2022-b4103753e9", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html" }, { "name": "FEDORA-2022-21264ec6db", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "name": "FEDORA-2022-78e3211c55", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220321-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213257" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "GLSA-202208-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-20" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.4.52", "status": "affected", "version": "Apache HTTP Server 2.4", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Chamal De Silva" } ], "descriptions": [ { "lang": "en", "value": "A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier." } ], "metrics": [ { "other": { "content": { "other": "moderate" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-665", "description": "CWE-665 Improper Initialization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-14T01:07:27", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "[oss-security] 20220314 CVE-2022-22719: Apache HTTP Server: mod_lua Use of uninitialized value of in r:parsebody", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/14/4" }, { "name": "FEDORA-2022-b4103753e9", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html" }, { "name": "FEDORA-2022-21264ec6db", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "name": "FEDORA-2022-78e3211c55", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220321-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213257" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "GLSA-202208-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-20" } ], "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2021-12-18T00:00:00", "value": "Reported to security team" } ], "title": "mod_lua Use of uninitialized value of in r:parsebody", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2022-22719", "STATE": "PUBLIC", "TITLE": "mod_lua Use of uninitialized value of in r:parsebody" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache HTTP Server", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "Apache HTTP Server 2.4", "version_value": "2.4.52" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "Chamal De Silva" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "moderate" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-665 Improper Initialization" } ] } ] }, "references": { "reference_data": [ { "name": "https://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "MISC", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "[oss-security] 20220314 CVE-2022-22719: Apache HTTP Server: mod_lua Use of uninitialized value of in r:parsebody", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/03/14/4" }, { "name": "FEDORA-2022-b4103753e9", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html" }, { "name": "FEDORA-2022-21264ec6db", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "name": "FEDORA-2022-78e3211c55", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220321-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220321-0001/" }, { "name": "https://support.apple.com/kb/HT213257", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213257" }, { "name": "https://support.apple.com/kb/HT213256", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213256" }, { "name": "https://support.apple.com/kb/HT213255", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "GLSA-202208-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-20" } ] }, "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2021-12-18T00:00:00", "value": "Reported to security team" } ] } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-22719", "datePublished": "2022-03-14T10:15:16", "dateReserved": "2022-01-06T00:00:00", "dateUpdated": "2024-08-03T03:21:49.091Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26701
Vulnerability from cvelistv5
Published
2022-05-26 18:40
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.846Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:40:52", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26701", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26701", "datePublished": "2022-05-26T18:40:52", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.846Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26694
Vulnerability from cvelistv5
Published
2022-05-26 18:37
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.874Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application\u0027s permissions and access user data." } ], "problemTypes": [ { "descriptions": [ { "description": "A plug-in may be able to inherit the application\u0027s permissions and access user data", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:37:54", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26694", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application\u0027s permissions and access user data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A plug-in may be able to inherit the application\u0027s permissions and access user data" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26694", "datePublished": "2022-05-26T18:37:54", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.874Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26698
Vulnerability from cvelistv5
Published
2022-05-26 18:40
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.099Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Update - Catalina", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:40:02", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26698", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Update - Catalina", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26698", "datePublished": "2022-05-26T18:40:02", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.099Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26769
Vulnerability from cvelistv5
Published
2022-05-26 19:24
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:45.342Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Update - Catalina", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:24:37", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26769", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Update - Catalina", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26769", "datePublished": "2022-05-26T19:24:37", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:45.342Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26712
Vulnerability from cvelistv5
Published
2022-05-26 18:48
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to modify protected parts of the file system.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.500Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to modify protected parts of the file system." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may be able to modify protected parts of the file system", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:48:02", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26712", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to modify protected parts of the file system." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious application may be able to modify protected parts of the file system" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26712", "datePublished": "2022-05-26T18:48:02", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.500Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26737
Vulnerability from cvelistv5
Published
2022-05-26 19:01
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.845Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:01:05", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26737", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26737", "datePublished": "2022-05-26T19:01:05", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.845Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-45444
Vulnerability from cvelistv5
Published
2022-02-13 05:32
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:39:20.752Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://zsh.sourceforge.io/releases.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://vuln.ryotak.me/advisories/63" }, { "name": "FEDORA-2022-adf0c6d196", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2P3LPMGENEHKDWFO4MWMZSZL6G7Y4CV7/" }, { "name": "DSA-5078", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5078" }, { "name": "[debian-lts-announce] 20220218 [SECURITY] [DLA 2926-1] zsh security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html" }, { "name": "FEDORA-2022-0a06987c3c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWF3EXNBX5SVFDBL4ZFOD4GJBWFUKWN4/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213257" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-17T06:08:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://zsh.sourceforge.io/releases.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://vuln.ryotak.me/advisories/63" }, { "name": "FEDORA-2022-adf0c6d196", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2P3LPMGENEHKDWFO4MWMZSZL6G7Y4CV7/" }, { "name": "DSA-5078", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5078" }, { "name": "[debian-lts-announce] 20220218 [SECURITY] [DLA 2926-1] zsh security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html" }, { "name": "FEDORA-2022-0a06987c3c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWF3EXNBX5SVFDBL4ZFOD4GJBWFUKWN4/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213257" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-45444", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://zsh.sourceforge.io/releases.html", "refsource": "MISC", "url": "https://zsh.sourceforge.io/releases.html" }, { "name": "https://vuln.ryotak.me/advisories/63", "refsource": "MISC", "url": "https://vuln.ryotak.me/advisories/63" }, { "name": "FEDORA-2022-adf0c6d196", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P3LPMGENEHKDWFO4MWMZSZL6G7Y4CV7/" }, { "name": "DSA-5078", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5078" }, { "name": "[debian-lts-announce] 20220218 [SECURITY] [DLA 2926-1] zsh security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html" }, { "name": "FEDORA-2022-0a06987c3c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWF3EXNBX5SVFDBL4ZFOD4GJBWFUKWN4/" }, { "name": "https://support.apple.com/kb/HT213257", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213257" }, { "name": "https://support.apple.com/kb/HT213256", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213256" }, { "name": "https://support.apple.com/kb/HT213255", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/38" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-45444", "datePublished": "2022-02-13T05:32:21", "dateReserved": "2021-12-21T00:00:00", "dateUpdated": "2024-08-04T04:39:20.752Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26743
Vulnerability from cvelistv5
Published
2022-05-26 19:05
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.4. An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.982Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.4. An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:05:51", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26743", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.4. An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26743", "datePublished": "2022-05-26T19:05:51", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.982Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-25032
Vulnerability from cvelistv5
Published
2022-03-25 00:00
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T12:26:39.599Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/03/24/1" }, { "tags": [ "x_transferred" ], "url": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" }, { "name": "[oss-security] 20220325 Re: zlib memory corruption on deflate (i.e. compress)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/25/2" }, { "name": "[oss-security] 20220326 Re: zlib memory corruption on deflate (i.e. compress)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/26/1" }, { "name": "DSA-5111", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5111" }, { "name": "[debian-lts-announce] 20220402 [SECURITY] [DLA 2968-1] zlib security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" }, { "name": "FEDORA-2022-413a80a102", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" }, { "name": "FEDORA-2022-dbd2935e44", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/" }, { "name": "FEDORA-2022-12b89e2aad", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/" }, { "name": "[debian-lts-announce] 20220507 [SECURITY] [DLA 2993-1] libz-mingw-w64 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "FEDORA-2022-61cf1c64f6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/03/28/3" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/03/28/1" }, { "tags": [ "x_transferred" ], "url": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" }, { "tags": [ "x_transferred" ], "url": "https://github.com/madler/zlib/issues/605" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213257" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213255" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220526-0009/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" }, { "name": "FEDORA-2022-3a92250fd5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/" }, { "name": "FEDORA-2022-b58a85e167", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/" }, { "name": "[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html" }, { "name": "GLSA-202210-42", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-42" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.openwall.com/lists/oss-security/2022/03/24/1" }, { "url": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" }, { "name": "[oss-security] 20220325 Re: zlib memory corruption on deflate (i.e. compress)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/25/2" }, { "name": "[oss-security] 20220326 Re: zlib memory corruption on deflate (i.e. compress)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/26/1" }, { "name": "DSA-5111", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5111" }, { "name": "[debian-lts-announce] 20220402 [SECURITY] [DLA 2968-1] zlib security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" }, { "name": "FEDORA-2022-413a80a102", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" }, { "name": "FEDORA-2022-dbd2935e44", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/" }, { "name": "FEDORA-2022-12b89e2aad", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/" }, { "name": "[debian-lts-announce] 20220507 [SECURITY] [DLA 2993-1] libz-mingw-w64 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "FEDORA-2022-61cf1c64f6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/" }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "url": "https://www.openwall.com/lists/oss-security/2022/03/28/3" }, { "url": "https://www.openwall.com/lists/oss-security/2022/03/28/1" }, { "url": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" }, { "url": "https://github.com/madler/zlib/issues/605" }, { "url": "https://support.apple.com/kb/HT213257" }, { "url": "https://support.apple.com/kb/HT213256" }, { "url": "https://support.apple.com/kb/HT213255" }, { "url": "https://security.netapp.com/advisory/ntap-20220526-0009/" }, { "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" }, { "name": "FEDORA-2022-3a92250fd5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/" }, { "name": "FEDORA-2022-b58a85e167", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/" }, { "name": "[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html" }, { "name": "GLSA-202210-42", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-42" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-25032", "datePublished": "2022-03-25T00:00:00", "dateReserved": "2022-03-25T00:00:00", "dateUpdated": "2024-08-05T12:26:39.599Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26768
Vulnerability from cvelistv5
Published
2022-05-26 19:23
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213253 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC | |
https://support.apple.com/kb/HT213346 | x_refsource_CONFIRM | |
http://seclists.org/fulldisclosure/2022/Jul/12 | mailing-list, x_refsource_FULLDISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.500Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213346" }, { "name": "20220721 APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/12" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-22T05:06:58", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213346" }, { "name": "20220721 APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/12" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26768", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213253", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213253" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" }, { "name": "https://support.apple.com/kb/HT213346", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213346" }, { "name": "20220721 APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Jul/12" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26768", "datePublished": "2022-05-26T19:23:54", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.500Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26764
Vulnerability from cvelistv5
Published
2022-05-26 19:20
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213253 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.538Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations." } ], "problemTypes": [ { "descriptions": [ { "description": "An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:20:23", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26764", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213253", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213253" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26764", "datePublished": "2022-05-26T19:20:23", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.538Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26754
Vulnerability from cvelistv5
Published
2022-05-26 19:15
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.098Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:15:43", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26754", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26754", "datePublished": "2022-05-26T19:15:43", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.098Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26719
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.097Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213260" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213258" }, { "url": "https://support.apple.com/en-us/HT213253" }, { "url": "https://support.apple.com/en-us/HT213254" }, { "url": "https://support.apple.com/en-us/HT213257" }, { "url": "https://support.apple.com/en-us/HT213260" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26719", "datePublished": "2022-11-01T00:00:00", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.097Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26765
Vulnerability from cvelistv5
Published
2022-05-26 19:21
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213253 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.486Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:21:18", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26765", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213253", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213253" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26765", "datePublished": "2022-05-26T19:21:18", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.486Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-4193
Vulnerability from cvelistv5
Published
2021-12-31 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
vim is vulnerable to Out-of-bounds Read
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:16:04.259Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "name": "FEDORA-2022-48b86d586f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/" }, { "name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-32" }, { "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "8.2.3901", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "vim is vulnerable to Out-of-bounds Read" } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-08T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0" }, { "url": "https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "name": "FEDORA-2022-48b86d586f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/" }, { "name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html" }, { "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202208-32" }, { "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html" } ], "source": { "advisory": "92c1940d-8154-473f-84ce-0de43b0c2eb0", "discovery": "EXTERNAL" }, "title": "Out-of-bounds Read in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2021-4193", "datePublished": "2021-12-31T00:00:00", "dateReserved": "2021-12-30T00:00:00", "dateUpdated": "2024-08-03T17:16:04.259Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26741
Vulnerability from cvelistv5
Published
2022-05-26 19:04
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.447Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:04:22", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26741", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26741", "datePublished": "2022-05-26T19:04:22", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.447Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26762
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with system privileges.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.492Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with system privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may be able to execute arbitrary code with system privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213258" }, { "url": "https://support.apple.com/en-us/HT213257" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26762", "datePublished": "2022-11-01T00:00:00", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.492Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26722
Vulnerability from cvelistv5
Published
2022-05-26 18:53
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.455Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Update - Catalina", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may be able to gain root privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:53:34", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26722", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Update - Catalina", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious application may be able to gain root privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26722", "datePublished": "2022-05-26T18:53:35", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.455Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26767
Vulnerability from cvelistv5
Published
2022-05-26 19:22
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.543Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may be able to bypass Privacy preferences", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:22:54", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26767", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious application may be able to bypass Privacy preferences" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26767", "datePublished": "2022-05-26T19:22:54", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.543Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26742
Vulnerability from cvelistv5
Published
2022-05-26 19:05
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.061Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:05:05", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26742", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26742", "datePublished": "2022-05-26T19:05:05", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.061Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32790
Vulnerability from cvelistv5
Published
2022-09-23 18:59
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213253 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:46:44.975Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service." } ], "problemTypes": [ { "descriptions": [ { "description": "A remote user may be able to cause a denial-of-service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-23T18:59:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-32790", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A remote user may be able to cause a denial-of-service" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213253", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213253" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-32790", "datePublished": "2022-09-23T18:59:00", "dateReserved": "2022-06-09T00:00:00", "dateUpdated": "2024-08-03T07:46:44.975Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26709
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.715Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213260" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213258" }, { "url": "https://support.apple.com/en-us/HT213253" }, { "url": "https://support.apple.com/en-us/HT213254" }, { "url": "https://support.apple.com/en-us/HT213257" }, { "url": "https://support.apple.com/en-us/HT213260" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26709", "datePublished": "2022-11-01T00:00:00", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.715Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26750
Vulnerability from cvelistv5
Published
2022-05-26 19:12
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.542Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:12:04", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26750", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26750", "datePublished": "2022-05-26T19:12:04", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.542Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22674
Vulnerability from cvelistv5
Published
2022-05-26 17:43
Modified
2024-08-03 03:21
Severity ?
EPSS score ?
Summary
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213220 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:21:48.841Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213220" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory." } ], "problemTypes": [ { "descriptions": [ { "description": "A local user may be able to read kernel memory", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T17:43:37", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213220" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-22674", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.3" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A local user may be able to read kernel memory" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213220", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213220" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-22674", "datePublished": "2022-05-26T17:43:37", "dateReserved": "2022-01-05T00:00:00", "dateUpdated": "2024-08-03T03:21:48.841Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-0128
Vulnerability from cvelistv5
Published
2022-01-06 16:45
Modified
2024-08-02 23:18
Severity ?
EPSS score ?
Summary
vim is vulnerable to Out-of-bounds Read
References
▼ | URL | Tags |
---|---|---|
https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba | x_refsource_CONFIRM | |
https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2022/01/15/1 | mailing-list, x_refsource_MLIST | |
https://support.apple.com/kb/HT213183 | x_refsource_CONFIRM | |
http://seclists.org/fulldisclosure/2022/Mar/29 | mailing-list, x_refsource_FULLDISC | |
https://support.apple.com/kb/HT213256 | x_refsource_CONFIRM | |
http://seclists.org/fulldisclosure/2022/May/35 | mailing-list, x_refsource_FULLDISC | |
https://support.apple.com/kb/HT213343 | x_refsource_CONFIRM | |
http://seclists.org/fulldisclosure/2022/Jul/14 | mailing-list, x_refsource_FULLDISC | |
https://security.gentoo.org/glsa/202208-32 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:18:41.963Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-32" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "8.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "vim is vulnerable to Out-of-bounds Read" } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-21T05:07:43", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-32" } ], "source": { "advisory": "63f51299-008a-4112-b85b-1e904aadd4ba", "discovery": "EXTERNAL" }, "title": "Out-of-bounds Read in vim/vim", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-0128", "STATE": "PUBLIC", "TITLE": "Out-of-bounds Read in vim/vim" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "vim/vim", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.2" } ] } } ] }, "vendor_name": "vim" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "vim is vulnerable to Out-of-bounds Read" } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125 Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba" }, { "name": "https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a", "refsource": "MISC", "url": "https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "name": "https://support.apple.com/kb/HT213183", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "name": "https://support.apple.com/kb/HT213256", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "https://support.apple.com/kb/HT213343", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-32" } ] }, "source": { "advisory": "63f51299-008a-4112-b85b-1e904aadd4ba", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-0128", "datePublished": "2022-01-06T16:45:14", "dateReserved": "2022-01-05T00:00:00", "dateUpdated": "2024-08-02T23:18:41.963Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26740
Vulnerability from cvelistv5
Published
2022-05-26 19:03
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.532Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:03:32", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26740", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26740", "datePublished": "2022-05-26T19:03:32", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.532Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22675
Vulnerability from cvelistv5
Published
2022-05-26 17:44
Modified
2024-08-03 03:21
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213220 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213219 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213253 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:21:48.937Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213220" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213219" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "15.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T17:44:27", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213220" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213219" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-22675", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "iOS and iPadOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.4" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.3" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited." } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213220", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213220" }, { "name": "https://support.apple.com/en-us/HT213219", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213219" }, { "name": "https://support.apple.com/en-us/HT213253", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213253" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-22675", "datePublished": "2022-05-26T17:44:27", "dateReserved": "2022-01-05T00:00:00", "dateUpdated": "2024-08-03T03:21:48.937Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26755
Vulnerability from cvelistv5
Published
2022-05-26 19:16
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.513Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Update - Catalina", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may be able to break out of its sandbox", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:16:26", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26755", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Update - Catalina", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious application may be able to break out of its sandbox" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26755", "datePublished": "2022-05-26T19:16:26", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.513Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-0778
Vulnerability from cvelistv5
Published
2022-03-15 17:05
Modified
2024-09-17 00:01
Severity ?
EPSS score ?
Summary
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:40:03.765Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20220315.txt" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83" }, { "name": "DSA-5103", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5103" }, { "name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html" }, { "name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html" }, { "name": "FEDORA-2022-a5f51502f0", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/" }, { "name": "FEDORA-2022-9e88b5d8d7", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/" }, { "name": "FEDORA-2022-8bb51f6901", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220321-0002/" }, { "tags": [ "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002" }, { "tags": [ "x_transferred" ], "url": "https://www.tenable.com/security/tns-2022-06" }, { "tags": [ "x_transferred" ], "url": "https://www.tenable.com/security/tns-2022-07" }, { "tags": [ "x_transferred" ], "url": "https://www.tenable.com/security/tns-2022-08" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213257" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213255" }, { "tags": [ "x_transferred" ], "url": "https://www.tenable.com/security/tns-2022-09" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220429-0005/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf" }, { "name": "GLSA-202210-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "status": "affected", "version": "Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1)" }, { "status": "affected", "version": "Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m)" }, { "status": "affected", "version": "Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc)" } ] } ], "credits": [ { "lang": "en", "value": "Tavis Ormandy (Google)" } ], "datePublic": "2022-03-15T00:00:00", "descriptions": [ { "lang": "en", "value": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc)." } ], "metrics": [ { "other": { "content": { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#High", "value": "High" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "Infinite loop", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-21T19:07:01.186352", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "url": "https://www.openssl.org/news/secadv/20220315.txt" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83" }, { "name": "DSA-5103", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5103" }, { "name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html" }, { "name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html" }, { "name": "FEDORA-2022-a5f51502f0", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/" }, { "name": "FEDORA-2022-9e88b5d8d7", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/" }, { "name": "FEDORA-2022-8bb51f6901", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/" }, { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "url": "https://security.netapp.com/advisory/ntap-20220321-0002/" }, { "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002" }, { "url": "https://www.tenable.com/security/tns-2022-06" }, { "url": "https://www.tenable.com/security/tns-2022-07" }, { "url": "https://www.tenable.com/security/tns-2022-08" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "url": "https://support.apple.com/kb/HT213257" }, { "url": "https://support.apple.com/kb/HT213256" }, { "url": "https://support.apple.com/kb/HT213255" }, { "url": "https://www.tenable.com/security/tns-2022-09" }, { "url": "https://security.netapp.com/advisory/ntap-20220429-0005/" }, { "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf" }, { "name": "GLSA-202210-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "Infinite loop in BN_mod_sqrt() reachable when parsing certificates" } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2022-0778", "datePublished": "2022-03-15T17:05:20.382533Z", "dateReserved": "2022-02-28T00:00:00", "dateUpdated": "2024-09-17T00:01:02.190Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26757
Vulnerability from cvelistv5
Published
2022-05-26 19:18
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213253 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC | |
http://packetstormsecurity.com/files/167517/XNU-Flow-Divert-Race-Condition-Use-After-Free.html | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.272Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/167517/XNU-Flow-Divert-Race-Condition-Use-After-Free.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-20T05:06:18", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/167517/XNU-Flow-Divert-Race-Condition-Use-After-Free.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26757", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213253", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213253" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" }, { "name": "http://packetstormsecurity.com/files/167517/XNU-Flow-Divert-Race-Condition-Use-After-Free.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/167517/XNU-Flow-Divert-Race-Condition-Use-After-Free.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26757", "datePublished": "2022-05-26T19:18:07", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.272Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44790
Vulnerability from cvelistv5
Published
2021-12-20 00:00
Modified
2024-08-04 04:32
Severity ?
EPSS score ?
Summary
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache HTTP Server |
Version: Apache HTTP Server 2.4 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:32:13.543Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "[oss-security] 20211220 CVE-2021-44790: Apache HTTP Server: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/20/4" }, { "name": "FEDORA-2021-29a536c2ae", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/" }, { "name": "DSA-5035", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5035" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211224-0001/" }, { "tags": [ "x_transferred" ], "url": "https://www.tenable.com/security/tns-2022-01" }, { "tags": [ "x_transferred" ], "url": "https://www.tenable.com/security/tns-2022-03" }, { "name": "FEDORA-2022-b4103753e9", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "name": "FEDORA-2022-21264ec6db", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "name": "FEDORA-2022-78e3211c55", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213257" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "GLSA-202208-20", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.4.51", "status": "affected", "version": "Apache HTTP Server 2.4", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Chamal" }, { "lang": "en", "value": "Anonymous working with Trend Micro Zero Day Initiative" } ], "descriptions": [ { "lang": "en", "value": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier." } ], "metrics": [ { "other": { "content": { "other": "high" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-03T00:00:00", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "[oss-security] 20211220 CVE-2021-44790: Apache HTTP Server: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/20/4" }, { "name": "FEDORA-2021-29a536c2ae", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/" }, { "name": "DSA-5035", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5035" }, { "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "url": "https://security.netapp.com/advisory/ntap-20211224-0001/" }, { "url": "https://www.tenable.com/security/tns-2022-01" }, { "url": "https://www.tenable.com/security/tns-2022-03" }, { "name": "FEDORA-2022-b4103753e9", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "name": "FEDORA-2022-21264ec6db", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "name": "FEDORA-2022-78e3211c55", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "url": "https://support.apple.com/kb/HT213257" }, { "url": "https://support.apple.com/kb/HT213256" }, { "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "GLSA-202208-20", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "url": "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html" } ], "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2021-12-07T00:00:00", "value": "Reported to security team" }, { "lang": "en", "time": "2021-12-16T00:00:00", "value": "Fixed by r1896039 in 2.4.x" } ], "title": "Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-44790", "datePublished": "2021-12-20T00:00:00", "dateReserved": "2021-12-10T00:00:00", "dateUpdated": "2024-08-04T04:32:13.543Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26711
Vulnerability from cvelistv5
Published
2022-05-26 18:46
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213253 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213259 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.271Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213259" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "12.12", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:46:55", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213259" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26711", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.12" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213253", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213253" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" }, { "name": "https://support.apple.com/en-us/HT213259", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213259" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26711", "datePublished": "2022-05-26T18:46:55", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.271Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26710
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.296Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213258" }, { "url": "https://support.apple.com/en-us/HT213253" }, { "url": "https://support.apple.com/en-us/HT213254" }, { "url": "https://support.apple.com/en-us/HT213257" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26710", "datePublished": "2022-11-01T00:00:00", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.296Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26717
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.198Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213259" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213260" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "12.12", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213258" }, { "url": "https://support.apple.com/en-us/HT213253" }, { "url": "https://support.apple.com/en-us/HT213254" }, { "url": "https://support.apple.com/en-us/HT213257" }, { "url": "https://support.apple.com/en-us/HT213259" }, { "url": "https://support.apple.com/en-us/HT213260" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26717", "datePublished": "2022-11-01T00:00:00", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.198Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-4173
Vulnerability from cvelistv5
Published
2021-12-27 12:25
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
vim is vulnerable to Use After Free
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:16:04.261Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04" }, { "name": "FEDORA-2022-a3d70b50f0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "name": "FEDORA-2022-48b86d586f", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-32" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "8.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "vim is vulnerable to Use After Free" } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-21T05:09:07", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04" }, { "name": "FEDORA-2022-a3d70b50f0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "name": "FEDORA-2022-48b86d586f", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-32" } ], "source": { "advisory": "a1b236b9-89fb-4ccf-9689-ba11b471e766", "discovery": "EXTERNAL" }, "title": "Use After Free in vim/vim", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@huntr.dev", "ID": "CVE-2021-4173", "STATE": "PUBLIC", "TITLE": "Use After Free in vim/vim" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "vim/vim", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.2" } ] } } ] }, "vendor_name": "vim" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "vim is vulnerable to Use After Free" } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-416 Use After Free" } ] } ] }, "references": { "reference_data": [ { "name": "https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766" }, { "name": "https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04", "refsource": "MISC", "url": "https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04" }, { "name": "FEDORA-2022-a3d70b50f0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "name": "FEDORA-2022-48b86d586f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/" }, { "name": "https://support.apple.com/kb/HT213183", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "name": "https://support.apple.com/kb/HT213256", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "https://support.apple.com/kb/HT213343", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-32" } ] }, "source": { "advisory": "a1b236b9-89fb-4ccf-9689-ba11b471e766", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2021-4173", "datePublished": "2021-12-27T12:25:12", "dateReserved": "2021-12-26T00:00:00", "dateUpdated": "2024-08-03T17:16:04.261Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26723
Vulnerability from cvelistv5
Published
2022-05-26 18:54
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.745Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Mounting a maliciously crafted Samba network share may lead to arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:54:20", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26723", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Mounting a maliciously crafted Samba network share may lead to arbitrary code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26723", "datePublished": "2022-05-26T18:54:20", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.745Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26738
Vulnerability from cvelistv5
Published
2022-05-26 19:01
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.239Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:01:56", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26738", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26738", "datePublished": "2022-05-26T19:01:56", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.239Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26753
Vulnerability from cvelistv5
Published
2022-05-26 19:14
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.410Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:14:57", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26753", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26753", "datePublished": "2022-05-26T19:14:57", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.410Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26746
Vulnerability from cvelistv5
Published
2022-05-26 19:08
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.488Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Update - Catalina", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may be able to bypass Privacy preferences", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:08:05", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26746", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Update - Catalina", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious application may be able to bypass Privacy preferences" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26746", "datePublished": "2022-05-26T19:08:05", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.488Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-46059
Vulnerability from cvelistv5
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Show details on NVD website{ "containers": { "cna": { "providerMetadata": { "dateUpdated": "2022-01-15T15:04:32", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "rejectedReasons": [ { "lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-46059", "datePublished": "2022-01-07T22:39:33", "dateRejected": "2022-01-15T15:04:32", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2022-01-15T15:04:32", "state": "REJECTED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }
cve-2022-22663
Vulnerability from cvelistv5
Published
2022-05-26 17:41
Modified
2024-08-03 03:21
Severity ?
EPSS score ?
Summary
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213182 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213183 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:21:48.848Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213182" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213183" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "15.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may bypass Gatekeeper checks", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T17:41:12", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213182" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213183" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-22663", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "iOS and iPadOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.4" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.3" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious application may bypass Gatekeeper checks" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213182", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213182" }, { "name": "https://support.apple.com/en-us/HT213183", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213183" }, { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-22663", "datePublished": "2022-05-26T17:41:12", "dateReserved": "2022-01-05T00:00:00", "dateUpdated": "2024-08-03T03:21:48.848Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32882
Vulnerability from cvelistv5
Published
2022-09-20 20:19
Modified
2024-08-03 07:54
Severity ?
EPSS score ?
Summary
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:54:03.413Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences." } ], "problemTypes": [ { "descriptions": [ { "description": "An app may be able to bypass Privacy preferences", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-20T20:19:09", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-32882", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An app may be able to bypass Privacy preferences" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-32882", "datePublished": "2022-09-20T20:19:09", "dateReserved": "2022-06-09T00:00:00", "dateUpdated": "2024-08-03T07:54:03.413Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26772
Vulnerability from cvelistv5
Published
2022-05-26 19:27
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.557Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:27:18", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26772", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26772", "datePublished": "2022-05-26T19:27:18", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.557Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26770
Vulnerability from cvelistv5
Published
2022-05-26 19:25
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.690Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Update - Catalina", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:25:26", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26770", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Update - Catalina", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26770", "datePublished": "2022-05-26T19:25:26", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.690Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26775
Vulnerability from cvelistv5
Published
2022-05-26 19:29
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/kb/HT213253 | x_refsource_CONFIRM | |
https://support.apple.com/kb/HT213258 | x_refsource_CONFIRM | |
https://support.apple.com/kb/HT213254 | x_refsource_CONFIRM | |
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Apple | Security Update - Catalina |
Version: unspecified < 2022 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.564Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213253" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213258" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Update - Catalina", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "An attacker may be able to cause unexpected application termination or arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-22T13:06:21", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213253" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213258" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26775", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Update - Catalina", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An attacker may be able to cause unexpected application termination or arbitrary code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/kb/HT213253", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213253" }, { "name": "https://support.apple.com/kb/HT213258", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213258" }, { "name": "https://support.apple.com/kb/HT213254", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213254" }, { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26775", "datePublished": "2022-05-26T19:29:34", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.564Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26725
Vulnerability from cvelistv5
Published
2022-05-26 18:56
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.808Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector." } ], "problemTypes": [ { "descriptions": [ { "description": "Photo location information may persist after it is removed with Preview Inspector", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:56:04", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26725", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Photo location information may persist after it is removed with Preview Inspector" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26725", "datePublished": "2022-05-26T18:56:04", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.808Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26721
Vulnerability from cvelistv5
Published
2022-05-26 18:52
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.786Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Update - Catalina", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may be able to gain root privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:52:36", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26721", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Update - Catalina", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious application may be able to gain root privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26721", "datePublished": "2022-05-26T18:52:36", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.786Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26731
Vulnerability from cvelistv5
Published
2022-05-26 18:59
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private browsing mode.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/kb/HT213256 | x_refsource_CONFIRM | |
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.295Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private browsing mode." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious website may be able to track users in Safari private browsing mode", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-06T22:06:14", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26731", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private browsing mode." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious website may be able to track users in Safari private browsing mode" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/kb/HT213256", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213256" }, { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26731", "datePublished": "2022-05-26T18:59:10", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.295Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26751
Vulnerability from cvelistv5
Published
2022-05-26 19:12
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213259 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.381Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213259" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Update - Catalina", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.12", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing a maliciously crafted image may lead to arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:12:51", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213259" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26751", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Update - Catalina", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.12" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Processing a maliciously crafted image may lead to arbitrary code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" }, { "name": "https://support.apple.com/en-us/HT213259", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213259" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26751", "datePublished": "2022-05-26T19:12:51", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.381Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-4136
Vulnerability from cvelistv5
Published
2021-12-19 17:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
vim is vulnerable to Heap-based Buffer Overflow
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:16:04.242Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264" }, { "name": "FEDORA-2022-a3d70b50f0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "name": "FEDORA-2022-48b86d586f", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-32" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "8.2.3846", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "vim is vulnerable to Heap-based Buffer Overflow" } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-21T07:07:32", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264" }, { "name": "FEDORA-2022-a3d70b50f0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "name": "FEDORA-2022-48b86d586f", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-32" } ], "source": { "advisory": "5c6b93c1-2d27-4e98-a931-147877b8c938", "discovery": "EXTERNAL" }, "title": "Heap-based Buffer Overflow in vim/vim", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@huntr.dev", "ID": "CVE-2021-4136", "STATE": "PUBLIC", "TITLE": "Heap-based Buffer Overflow in vim/vim" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "vim/vim", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.2.3846" } ] } } ] }, "vendor_name": "vim" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "vim is vulnerable to Heap-based Buffer Overflow" } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122 Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938" }, { "name": "https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264", "refsource": "MISC", "url": "https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264" }, { "name": "FEDORA-2022-a3d70b50f0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "name": "FEDORA-2022-48b86d586f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/" }, { "name": "https://support.apple.com/kb/HT213183", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "name": "https://support.apple.com/kb/HT213256", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "https://support.apple.com/kb/HT213343", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-32" } ] }, "source": { "advisory": "5c6b93c1-2d27-4e98-a931-147877b8c938", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2021-4136", "datePublished": "2021-12-19T17:00:10", "dateReserved": "2021-12-18T00:00:00", "dateUpdated": "2024-08-03T17:16:04.242Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-4166
Vulnerability from cvelistv5
Published
2021-12-25 18:15
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
vim is vulnerable to Out-of-bounds Read
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:16:04.277Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682" }, { "name": "FEDORA-2022-a3d70b50f0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "name": "FEDORA-2022-48b86d586f", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-32" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "8.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "vim is vulnerable to Out-of-bounds Read" } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-21T06:14:34", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682" }, { "name": "FEDORA-2022-a3d70b50f0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "name": "FEDORA-2022-48b86d586f", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-32" } ], "source": { "advisory": "229df5dd-5507-44e9-832c-c70364bdf035", "discovery": "EXTERNAL" }, "title": "Out-of-bounds Read in vim/vim", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@huntr.dev", "ID": "CVE-2021-4166", "STATE": "PUBLIC", "TITLE": "Out-of-bounds Read in vim/vim" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "vim/vim", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.2" } ] } } ] }, "vendor_name": "vim" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "vim is vulnerable to Out-of-bounds Read" } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125 Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035" }, { "name": "https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682", "refsource": "MISC", "url": "https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682" }, { "name": "FEDORA-2022-a3d70b50f0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "name": "FEDORA-2022-48b86d586f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/" }, { "name": "https://support.apple.com/kb/HT213183", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "name": "https://support.apple.com/kb/HT213256", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "https://support.apple.com/kb/HT213343", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-32" } ] }, "source": { "advisory": "229df5dd-5507-44e9-832c-c70364bdf035", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2021-4166", "datePublished": "2021-12-25T18:15:09", "dateReserved": "2021-12-24T00:00:00", "dateUpdated": "2024-08-03T17:16:04.277Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26697
Vulnerability from cvelistv5
Published
2022-05-26 18:39
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.739Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Update - Catalina", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:39:10", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26697", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Update - Catalina", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26697", "datePublished": "2022-05-26T18:39:10", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.739Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26706
Vulnerability from cvelistv5
Published
2022-05-26 18:44
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213253 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.450Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions." } ], "problemTypes": [ { "descriptions": [ { "description": "A sandboxed process may be able to circumvent sandbox restrictions", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:44:31", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26706", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A sandboxed process may be able to circumvent sandbox restrictions" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213253", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213253" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26706", "datePublished": "2022-05-26T18:44:31", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.450Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26752
Vulnerability from cvelistv5
Published
2022-05-26 19:14
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.829Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:14:03", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26752", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26752", "datePublished": "2022-05-26T19:14:03", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.829Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22721
Vulnerability from cvelistv5
Published
2022-03-14 10:15
Modified
2024-08-03 03:21
Severity ?
EPSS score ?
Summary
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache HTTP Server |
Version: Apache HTTP Server 2.4 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:21:48.950Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "[oss-security] 20220314 CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/14/2" }, { "name": "FEDORA-2022-b4103753e9", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html" }, { "name": "FEDORA-2022-21264ec6db", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "name": "FEDORA-2022-78e3211c55", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220321-0001/" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213257" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "GLSA-202208-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-20" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.4.52", "status": "affected", "version": "Apache HTTP Server 2.4", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Anonymous working with Trend Micro Zero Day Initiative" } ], "descriptions": [ { "lang": "en", "value": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier." } ], "metrics": [ { "other": { "content": { "other": "low" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-14T01:07:45", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "[oss-security] 20220314 CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/14/2" }, { "name": "FEDORA-2022-b4103753e9", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html" }, { "name": "FEDORA-2022-21264ec6db", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "name": "FEDORA-2022-78e3211c55", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220321-0001/" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213257" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "GLSA-202208-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-20" } ], "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2021-12-16T00:00:00", "value": "Reported to security team" } ], "title": "core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2022-22721", "STATE": "PUBLIC", "TITLE": "core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache HTTP Server", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "Apache HTTP Server 2.4", "version_value": "2.4.52" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "Anonymous working with Trend Micro Zero Day Initiative" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "low" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-190 Integer Overflow or Wraparound" } ] } ] }, "references": { "reference_data": [ { "name": "https://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "MISC", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "[oss-security] 20220314 CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/03/14/2" }, { "name": "FEDORA-2022-b4103753e9", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html" }, { "name": "FEDORA-2022-21264ec6db", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "name": "FEDORA-2022-78e3211c55", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220321-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220321-0001/" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "https://support.apple.com/kb/HT213257", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213257" }, { "name": "https://support.apple.com/kb/HT213256", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213256" }, { "name": "https://support.apple.com/kb/HT213255", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213255" }, { "name": "GLSA-202208-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-20" } ] }, "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2021-12-16T00:00:00", "value": "Reported to security team" } ] } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-22721", "datePublished": "2022-03-14T10:15:40", "dateReserved": "2022-01-06T00:00:00", "dateUpdated": "2024-08-03T03:21:48.950Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26704
Vulnerability from cvelistv5
Published
2022-05-26 18:43
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213257 | x_refsource_MISC | |
https://support.apple.com/kb/HT213343 | x_refsource_CONFIRM | |
https://support.apple.com/kb/HT213344 | x_refsource_CONFIRM | |
http://seclists.org/fulldisclosure/2022/Jul/14 | mailing-list, x_refsource_FULLDISC | |
http://seclists.org/fulldisclosure/2022/Jul/13 | mailing-list, x_refsource_FULLDISC | |
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0032/MNDT-2022-0032.md | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.045Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213343" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213344" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "20220721 APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/13" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0032/MNDT-2022-0032.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An app may be able to gain elevated privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-29T23:09:43", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213343" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213344" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "20220721 APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/13" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0032/MNDT-2022-0032.md" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26704", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An app may be able to gain elevated privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" }, { "name": "https://support.apple.com/kb/HT213343", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213343" }, { "name": "https://support.apple.com/kb/HT213344", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213344" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "20220721 APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Jul/13" }, { "name": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0032/MNDT-2022-0032.md", "refsource": "MISC", "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0032/MNDT-2022-0032.md" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26704", "datePublished": "2022-05-26T18:43:32", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.045Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22589
Vulnerability from cvelistv5
Published
2022-03-18 17:59
Modified
2024-08-03 03:14
Severity ?
EPSS score ?
Summary
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/kb/HT213185 | x_refsource_CONFIRM | |
https://support.apple.com/en-us/HT213053 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213054 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213057 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213059 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213058 | x_refsource_MISC | |
https://support.apple.com/kb/HT213256 | x_refsource_CONFIRM | |
https://support.apple.com/kb/HT213255 | x_refsource_CONFIRM | |
http://seclists.org/fulldisclosure/2022/May/33 | mailing-list, x_refsource_FULLDISC | |
http://seclists.org/fulldisclosure/2022/May/35 | mailing-list, x_refsource_FULLDISC | |
https://security.gentoo.org/glsa/202208-39 | vendor-advisory, x_refsource_GENTOO |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.748Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213185" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213053" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213054" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213057" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213059" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213058" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "GLSA-202208-39", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-39" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "15.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing a maliciously crafted mail message may lead to running arbitrary javascript", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-01T02:07:03", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213185" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213053" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213054" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213057" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213059" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213058" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "GLSA-202208-39", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-39" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-22589", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "iOS and iPadOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.3" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.2" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.3" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.3" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Processing a maliciously crafted mail message may lead to running arbitrary javascript" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/kb/HT213185", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213185" }, { "name": "https://support.apple.com/en-us/HT213053", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213053" }, { "name": "https://support.apple.com/en-us/HT213054", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213054" }, { "name": "https://support.apple.com/en-us/HT213057", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213057" }, { "name": "https://support.apple.com/en-us/HT213059", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213059" }, { "name": "https://support.apple.com/en-us/HT213058", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213058" }, { "name": "https://support.apple.com/kb/HT213256", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213256" }, { "name": "https://support.apple.com/kb/HT213255", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "GLSA-202208-39", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-39" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-22589", "datePublished": "2022-03-18T17:59:18", "dateReserved": "2022-01-05T00:00:00", "dateUpdated": "2024-08-03T03:14:55.748Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22677
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 03:21
Severity ?
EPSS score ?
Summary
A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:21:48.904Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call." } ], "problemTypes": [ { "descriptions": [ { "description": "Video self-preview in a webRTC call may be interrupted if the user answers a phone call", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213258" }, { "url": "https://support.apple.com/en-us/HT213257" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-22677", "datePublished": "2022-11-01T00:00:00", "dateReserved": "2022-01-05T00:00:00", "dateUpdated": "2024-08-03T03:21:48.904Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26693
Vulnerability from cvelistv5
Published
2022-05-26 18:36
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.628Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application\u0027s permissions and access user data." } ], "problemTypes": [ { "descriptions": [ { "description": "A plug-in may be able to inherit the application\u0027s permissions and access user data", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:36:42", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26693", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application\u0027s permissions and access user data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A plug-in may be able to inherit the application\u0027s permissions and access user data" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26693", "datePublished": "2022-05-26T18:36:42", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.628Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26727
Vulnerability from cvelistv5
Published
2022-05-26 18:57
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Apple | Security Update - Catalina |
Version: unspecified < 2022 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.861Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Update - Catalina", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may be able to modify protected parts of the file system", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:57:39", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26727", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Update - Catalina", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious application may be able to modify protected parts of the file system" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26727", "datePublished": "2022-05-26T18:57:39", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.861Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26715
Vulnerability from cvelistv5
Published
2022-05-26 18:50
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.300Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Update - Catalina", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to gain elevated privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:50:16", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26715", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Update - Catalina", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to gain elevated privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26715", "datePublished": "2022-05-26T18:50:16", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.300Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44224
Vulnerability from cvelistv5
Published
2021-12-20 11:20
Modified
2024-08-04 04:17
Severity ?
EPSS score ?
Summary
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache HTTP Server |
Version: 2.4.7 < Apache HTTP Server 2.4* |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:17:24.919Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "[oss-security] 20211220 CVE-2021-44224: Apache HTTP Server: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/20/3" }, { "name": "FEDORA-2021-29a536c2ae", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/" }, { "name": "DSA-5035", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5035" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211224-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2022-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2022-03" }, { "name": "FEDORA-2022-b4103753e9", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "name": "FEDORA-2022-21264ec6db", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "name": "FEDORA-2022-78e3211c55", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213257" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "GLSA-202208-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-20" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "Apache HTTP Server 2.4*", "status": "affected", "version": "2.4.7", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "\u6f02\u4eae\u9f20" }, { "lang": "en", "value": "TengMA(@Te3t123)" } ], "descriptions": [ { "lang": "en", "value": "A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included)." } ], "metrics": [ { "other": { "content": { "other": "moderate" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-14T01:08:09", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "[oss-security] 20211220 CVE-2021-44224: Apache HTTP Server: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/20/3" }, { "name": "FEDORA-2021-29a536c2ae", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/" }, { "name": "DSA-5035", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5035" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211224-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2022-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2022-03" }, { "name": "FEDORA-2022-b4103753e9", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "name": "FEDORA-2022-21264ec6db", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "name": "FEDORA-2022-78e3211c55", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213257" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "GLSA-202208-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-20" } ], "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2021-11-18T00:00:00", "value": "Reported to security team" }, { "lang": "en", "time": "2021-12-14T00:00:00", "value": "fixed by r1895955+r1896044 in 2.4.x" } ], "title": "Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-44224", "STATE": "PUBLIC", "TITLE": "Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache HTTP Server", "version": { "version_data": [ { "version_affected": "\u003e=", "version_name": "Apache HTTP Server 2.4", "version_value": "2.4.7" }, { "version_affected": "\u003c=", "version_name": "Apache HTTP Server 2.4", "version_value": "2.4.51 +1" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "\u6f02\u4eae\u9f20" }, { "lang": "eng", "value": "TengMA(@Te3t123)" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included)." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "moderate" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-476 NULL Pointer Dereference" } ] } ] }, "references": { "reference_data": [ { "name": "http://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "MISC", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "[oss-security] 20211220 CVE-2021-44224: Apache HTTP Server: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/12/20/3" }, { "name": "FEDORA-2021-29a536c2ae", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/" }, { "name": "DSA-5035", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5035" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20211224-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211224-0001/" }, { "name": "https://www.tenable.com/security/tns-2022-01", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2022-01" }, { "name": "https://www.tenable.com/security/tns-2022-03", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2022-03" }, { "name": "FEDORA-2022-b4103753e9", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "name": "FEDORA-2022-21264ec6db", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "name": "FEDORA-2022-78e3211c55", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://support.apple.com/kb/HT213257", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213257" }, { "name": "https://support.apple.com/kb/HT213256", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213256" }, { "name": "https://support.apple.com/kb/HT213255", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "GLSA-202208-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-20" } ] }, "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2021-11-18T00:00:00", "value": "Reported to security team" }, { "lang": "en", "time": "2021-12-14T00:00:00", "value": "fixed by r1895955+r1896044 in 2.4.x" } ] } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-44224", "datePublished": "2021-12-20T11:20:13", "dateReserved": "2021-11-25T00:00:00", "dateUpdated": "2024-08-04T04:17:24.919Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26756
Vulnerability from cvelistv5
Published
2022-05-26 19:17
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:45.093Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Update - Catalina", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:17:16", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26756", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Update - Catalina", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26756", "datePublished": "2022-05-26T19:17:16", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:45.093Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26714
Vulnerability from cvelistv5
Published
2022-05-26 18:49
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213253 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:45.073Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:49:17", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26714", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213253", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213253" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26714", "datePublished": "2022-05-26T18:49:17", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:45.073Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-4192
Vulnerability from cvelistv5
Published
2021-12-31 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
vim is vulnerable to Use After Free
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:16:04.251Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "name": "FEDORA-2022-48b86d586f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/" }, { "name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-32" }, { "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "8.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "vim is vulnerable to Use After Free" } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-08T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22" }, { "url": "https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952" }, { "name": "[oss-security] 20220114 Re: 3 new CVE\u0027s in vim", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1" }, { "name": "FEDORA-2022-48b86d586f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/" }, { "name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html" }, { "url": "https://support.apple.com/kb/HT213183" }, { "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "url": "https://support.apple.com/kb/HT213256" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "url": "https://support.apple.com/kb/HT213343" }, { "name": "20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/14" }, { "name": "GLSA-202208-32", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202208-32" }, { "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html" } ], "source": { "advisory": "6dd9cb2e-a940-4093-856e-59b502429f22", "discovery": "EXTERNAL" }, "title": "Use After Free in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2021-4192", "datePublished": "2021-12-31T00:00:00", "dateReserved": "2021-12-30T00:00:00", "dateUpdated": "2024-08-03T17:16:04.251Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26718
Vulnerability from cvelistv5
Published
2022-05-26 18:51
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.426Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to gain elevated privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T18:51:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26718", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to gain elevated privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26718", "datePublished": "2022-05-26T18:51:00", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.426Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-0530
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-02 23:32
Severity ?
EPSS score ?
Summary
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2051395 | x_refsource_MISC | |
https://github.com/ByteHackr/unzip_poc | x_refsource_MISC | |
https://support.apple.com/kb/HT213257 | x_refsource_CONFIRM | |
https://support.apple.com/kb/HT213256 | x_refsource_CONFIRM | |
https://support.apple.com/kb/HT213255 | x_refsource_CONFIRM | |
http://seclists.org/fulldisclosure/2022/May/33 | mailing-list, x_refsource_FULLDISC | |
http://seclists.org/fulldisclosure/2022/May/35 | mailing-list, x_refsource_FULLDISC | |
http://seclists.org/fulldisclosure/2022/May/38 | mailing-list, x_refsource_FULLDISC | |
https://www.debian.org/security/2022/dsa-5202 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/202310-17 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:32:46.404Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ByteHackr/unzip_poc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213257" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "DSA-5202", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5202" }, { "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "unzip", "vendor": "n/a", "versions": [ { "status": "affected", "version": "6.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "SEGV", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-22T18:06:03", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ByteHackr/unzip_poc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213257" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "DSA-5202", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5202" }, { "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html" }, { "url": "https://security.gentoo.org/glsa/202310-17" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-0530", "datePublished": "2022-02-09T22:05:50", "dateReserved": "2022-02-08T00:00:00", "dateUpdated": "2024-08-02T23:32:46.404Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22665
Vulnerability from cvelistv5
Published
2022-03-18 18:00
Modified
2024-08-03 03:21
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/kb/HT213185 | x_refsource_CONFIRM | |
https://support.apple.com/kb/HT213184 | x_refsource_CONFIRM | |
https://support.apple.com/en-us/HT213183 | x_refsource_MISC | |
https://support.apple.com/kb/HT213256 | x_refsource_CONFIRM | |
https://support.apple.com/kb/HT213255 | x_refsource_CONFIRM | |
http://seclists.org/fulldisclosure/2022/May/33 | mailing-list, x_refsource_FULLDISC | |
http://seclists.org/fulldisclosure/2022/May/35 | mailing-list, x_refsource_FULLDISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:21:48.895Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213185" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213184" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213183" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may be able to gain root privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T05:06:55", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213185" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213184" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213183" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-22665", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.3" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious application may be able to gain root privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/kb/HT213185", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213185" }, { "name": "https://support.apple.com/kb/HT213184", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213184" }, { "name": "https://support.apple.com/en-us/HT213183", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213183" }, { "name": "https://support.apple.com/kb/HT213256", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213256" }, { "name": "https://support.apple.com/kb/HT213255", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213255" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/35" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-22665", "datePublished": "2022-03-18T18:00:13", "dateReserved": "2022-01-05T00:00:00", "dateUpdated": "2024-08-03T03:21:48.895Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26700
Vulnerability from cvelistv5
Published
2022-09-23 18:58
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213253 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213260 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.177Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213260" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-23T18:58:31", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213260" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26700", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Processing maliciously crafted web content may lead to code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213253", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213253" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" }, { "name": "https://support.apple.com/en-us/HT213260", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213260" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26700", "datePublished": "2022-09-23T18:58:31", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.177Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26736
Vulnerability from cvelistv5
Published
2022-05-26 19:00
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.444Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:00:08", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26736", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26736", "datePublished": "2022-05-26T19:00:08", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.444Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26745
Vulnerability from cvelistv5
Published
2022-05-26 19:07
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.6. A malicious application may disclose restricted memory.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213256 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.599Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.6. A malicious application may disclose restricted memory." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may disclose restricted memory", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:07:19", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26745", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.6. A malicious application may disclose restricted memory." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious application may disclose restricted memory" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26745", "datePublished": "2022-05-26T19:07:19", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.599Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-23308
Vulnerability from cvelistv5
Published
2022-02-26 00:00
Modified
2024-08-03 03:36
Severity ?
EPSS score ?
Summary
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:36:20.420Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "FEDORA-2022-050c712ed7", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/" }, { "name": "[debian-lts-announce] 20220408 [SECURITY] [DLA 2972-1] libxml2 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-6 tvOS 15.5", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/37" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "20220516 APPLE-SA-2022-05-16-5 watchOS 8.6", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/36" }, { "name": "20220516 APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/34" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213257" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213255" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS" }, { "tags": [ "x_transferred" ], "url": "https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220331-0008/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213253" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213258" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213254" }, { "name": "GLSA-202210-03", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-03" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-16T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "FEDORA-2022-050c712ed7", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/" }, { "name": "[debian-lts-announce] 20220408 [SECURITY] [DLA 2972-1] libxml2 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-6 tvOS 15.5", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/37" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "20220516 APPLE-SA-2022-05-16-5 watchOS 8.6", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/36" }, { "name": "20220516 APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/34" }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "url": "https://support.apple.com/kb/HT213257" }, { "url": "https://support.apple.com/kb/HT213256" }, { "url": "https://support.apple.com/kb/HT213255" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS" }, { "url": "https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e" }, { "url": "https://security.netapp.com/advisory/ntap-20220331-0008/" }, { "url": "https://support.apple.com/kb/HT213253" }, { "url": "https://support.apple.com/kb/HT213258" }, { "url": "https://support.apple.com/kb/HT213254" }, { "name": "GLSA-202210-03", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-03" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-23308", "datePublished": "2022-02-26T00:00:00", "dateReserved": "2022-01-17T00:00:00", "dateUpdated": "2024-08-03T03:36:20.420Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26739
Vulnerability from cvelistv5
Published
2022-05-26 19:02
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.319Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with kernel privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:02:50", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26739", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with kernel privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26739", "datePublished": "2022-05-26T19:02:50", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.319Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26766
Vulnerability from cvelistv5
Published
2022-05-26 19:22
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213253 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.410Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious app may be able to bypass signature validation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:22:04", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26766", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious app may be able to bypass signature validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213253", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213253" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26766", "datePublished": "2022-05-26T19:22:04", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.410Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26763
Vulnerability from cvelistv5
Published
2022-05-26 19:19
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213255 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213256 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213258 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213253 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213254 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213257 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.915Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "15.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may be able to execute arbitrary code with system privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-26T19:19:37", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213255" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213256" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213258" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213253" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213254" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26763", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.4" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious application may be able to execute arbitrary code with system privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213255", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213255" }, { "name": "https://support.apple.com/en-us/HT213256", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213256" }, { "name": "https://support.apple.com/en-us/HT213258", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213258" }, { "name": "https://support.apple.com/en-us/HT213253", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213253" }, { "name": "https://support.apple.com/en-us/HT213254", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213254" }, { "name": "https://support.apple.com/en-us/HT213257", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213257" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26763", "datePublished": "2022-05-26T19:19:37", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.915Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.