Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-26744 (GCVE-0-2022-26744)
Vulnerability from cvelistv5
Published
2022-05-26 00:00
Modified
2024-08-03 05:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- An application may be able to execute arbitrary code with kernel privileges
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
References
| URL | Tags | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apple | iOS and iPadOS |
Version: unspecified < 15.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:44.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213258"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213446"
},
{
"name": "20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/39"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An application may be able to execute arbitrary code with kernel privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-30T00:00:00",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213258"
},
{
"url": "https://support.apple.com/kb/HT213446"
},
{
"name": "20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/39"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2022-26744",
"datePublished": "2022-05-26T00:00:00",
"dateReserved": "2022-03-08T00:00:00",
"dateUpdated": "2024-08-03T05:11:44.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-26744\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2022-05-26T20:15:08.807\",\"lastModified\":\"2024-11-21T06:54:25.190\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de corrupci\u00f3n de memoria con una administraci\u00f3n de estados mejorada. Este problema es corregido en iOS versi\u00f3n 15.5 y iPadOS versi\u00f3n 15.5. Una aplicaci\u00f3n puede ser capaz de ejecutar c\u00f3digo arbitrario con privilegios del kernel\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.5\",\"matchCriteriaId\":\"5B3F8579-F907-4E15-A4D6-1459A6687594\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.5\",\"matchCriteriaId\":\"29151647-DA19-4B1B-B1CD-2E05A712F941\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2022/Oct/39\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213258\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213446\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Oct/39\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213258\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213446\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2022-AVI-467
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP5 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP3 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.2 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Realtime 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Realtime Extension 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP5 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Availability 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Realtime 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12-SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Realtime Extension 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-26701",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26701"
},
{
"name": "CVE-2022-26722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26722"
},
{
"name": "CVE-2022-26769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26769"
},
{
"name": "CVE-2022-26761",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26761"
},
{
"name": "CVE-2021-4192",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4192"
},
{
"name": "CVE-2022-26751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26751"
},
{
"name": "CVE-2022-26702",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26702"
},
{
"name": "CVE-2022-26693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26693"
},
{
"name": "CVE-2022-26700",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26700"
},
{
"name": "CVE-2022-26753",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26753"
},
{
"name": "CVE-2022-26763",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26763"
},
{
"name": "CVE-2022-26776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26776"
},
{
"name": "CVE-2022-26772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26772"
},
{
"name": "CVE-2021-4173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
},
{
"name": "CVE-2022-26756",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26756"
},
{
"name": "CVE-2022-22721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
},
{
"name": "CVE-2022-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26766"
},
{
"name": "CVE-2022-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26744"
},
{
"name": "CVE-2022-26770",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26770"
},
{
"name": "CVE-2022-26739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26739"
},
{
"name": "CVE-2022-22589",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22589"
},
{
"name": "CVE-2022-26723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26723"
},
{
"name": "CVE-2022-22674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22674"
},
{
"name": "CVE-2022-26760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26760"
},
{
"name": "CVE-2022-26754",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26754"
},
{
"name": "CVE-2021-4136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
},
{
"name": "CVE-2022-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26740"
},
{
"name": "CVE-2022-26762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26762"
},
{
"name": "CVE-2022-26717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26717"
},
{
"name": "CVE-2022-26708",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26708"
},
{
"name": "CVE-2022-24765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24765"
},
{
"name": "CVE-2022-26711",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26711"
},
{
"name": "CVE-2022-26764",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26764"
},
{
"name": "CVE-2022-26765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26765"
},
{
"name": "CVE-2022-26775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26775"
},
{
"name": "CVE-2021-4166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
},
{
"name": "CVE-2022-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0128"
},
{
"name": "CVE-2022-26742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26742"
},
{
"name": "CVE-2022-22665",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22665"
},
{
"name": "CVE-2022-0530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0530"
},
{
"name": "CVE-2022-22677",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22677"
},
{
"name": "CVE-2022-22673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22673"
},
{
"name": "CVE-2022-26768",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26768"
},
{
"name": "CVE-2021-4193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
},
{
"name": "CVE-2022-26738",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26738"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-26719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26719"
},
{
"name": "CVE-2022-22675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22675"
},
{
"name": "CVE-2022-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26720"
},
{
"name": "CVE-2022-26698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26698"
},
{
"name": "CVE-2022-26748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26748"
},
{
"name": "CVE-2022-26749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26749"
},
{
"name": "CVE-2022-26714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26714"
},
{
"name": "CVE-2022-26747",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26747"
},
{
"name": "CVE-2022-26726",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26726"
},
{
"name": "CVE-2022-22719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
},
{
"name": "CVE-2022-26704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26704"
},
{
"name": "CVE-2022-26755",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26755"
},
{
"name": "CVE-2022-26725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26725"
},
{
"name": "CVE-2021-45444",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45444"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2022-22663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22663"
},
{
"name": "CVE-2022-26721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26721"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-26741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26741"
},
{
"name": "CVE-2022-26728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26728"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"name": "CVE-2022-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26743"
},
{
"name": "CVE-2022-26727",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26727"
},
{
"name": "CVE-2022-26737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26737"
},
{
"name": "CVE-2022-26736",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26736"
},
{
"name": "CVE-2022-26715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26715"
},
{
"name": "CVE-2022-26731",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26731"
},
{
"name": "CVE-2022-26767",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26767"
},
{
"name": "CVE-2022-26771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26771"
},
{
"name": "CVE-2015-4142",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4142"
},
{
"name": "CVE-2022-26724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26724"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2022-26752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26752"
},
{
"name": "CVE-2022-26706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26706"
},
{
"name": "CVE-2021-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
},
{
"name": "CVE-2022-26750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26750"
},
{
"name": "CVE-2021-46059",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46059"
},
{
"name": "CVE-2022-26745",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26745"
},
{
"name": "CVE-2022-26746",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26746"
},
{
"name": "CVE-2022-26716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26716"
},
{
"name": "CVE-2022-26712",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26712"
},
{
"name": "CVE-2022-26710",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26710"
},
{
"name": "CVE-2022-26718",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26718"
},
{
"name": "CVE-2022-26694",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26694"
},
{
"name": "CVE-2022-26703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26703"
},
{
"name": "CVE-2022-26697",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26697"
},
{
"name": "CVE-2022-26709",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26709"
},
{
"name": "CVE-2022-26757",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26757"
}
],
"initial_release_date": "2022-05-17T00:00:00",
"last_revision_date": "2022-05-17T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-467",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221686-1 du 16 mai 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221686-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221669-1 du 16 mai 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221669-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221668-1 du 16 mai 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221668-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221687-1 du 16 mai 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221687-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221676-1 du 16 mai 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221676-1/"
}
]
}
CERTFR-2022-AVI-466
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | Apple iOS versions antérieures à 15.5 | ||
| Apple | macOS | Apple macOS Monterey versions antérieures à 12.4 | ||
| Apple | N/A | Apple tvOS versions antérieures à 15.5 | ||
| Apple | Safari | Apple Safari versions antérieures à 15.5 | ||
| Apple | N/A | Apple watchOS versions antérieures à 8.6 | ||
| Apple | N/A | Apple Xcode versions antérieures à 13.4 | ||
| Apple | macOS | Apple macOS Catalina versions antérieures à 2022-004 | ||
| Apple | N/A | Apple iPadOS versions antérieures à 15.5 | ||
| Apple | macOS | Apple macOS Big Sur versions antérieures à 11.6.6 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple iOS versions ant\u00e9rieures \u00e0 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS Monterey versions ant\u00e9rieures \u00e0 12.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple tvOS versions ant\u00e9rieures \u00e0 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 15.5",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple watchOS versions ant\u00e9rieures \u00e0 8.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Xcode versions ant\u00e9rieures \u00e0 13.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS Catalina versions ant\u00e9rieures \u00e0 2022-004",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iPadOS versions ant\u00e9rieures \u00e0 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS Big Sur versions ant\u00e9rieures \u00e0 11.6.6",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-26701",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26701"
},
{
"name": "CVE-2022-26722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26722"
},
{
"name": "CVE-2022-26769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26769"
},
{
"name": "CVE-2022-26761",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26761"
},
{
"name": "CVE-2021-4192",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4192"
},
{
"name": "CVE-2022-26751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26751"
},
{
"name": "CVE-2022-26702",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26702"
},
{
"name": "CVE-2022-26693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26693"
},
{
"name": "CVE-2022-26700",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26700"
},
{
"name": "CVE-2022-26753",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26753"
},
{
"name": "CVE-2022-26763",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26763"
},
{
"name": "CVE-2022-26776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26776"
},
{
"name": "CVE-2022-26772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26772"
},
{
"name": "CVE-2021-4173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
},
{
"name": "CVE-2022-26756",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26756"
},
{
"name": "CVE-2022-22721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
},
{
"name": "CVE-2022-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26766"
},
{
"name": "CVE-2022-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26744"
},
{
"name": "CVE-2022-26770",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26770"
},
{
"name": "CVE-2022-26739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26739"
},
{
"name": "CVE-2022-22589",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22589"
},
{
"name": "CVE-2022-26723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26723"
},
{
"name": "CVE-2022-22674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22674"
},
{
"name": "CVE-2022-26760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26760"
},
{
"name": "CVE-2022-26754",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26754"
},
{
"name": "CVE-2021-4136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
},
{
"name": "CVE-2022-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26740"
},
{
"name": "CVE-2022-26762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26762"
},
{
"name": "CVE-2022-26717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26717"
},
{
"name": "CVE-2022-26708",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26708"
},
{
"name": "CVE-2022-24765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24765"
},
{
"name": "CVE-2022-26711",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26711"
},
{
"name": "CVE-2022-26764",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26764"
},
{
"name": "CVE-2022-26765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26765"
},
{
"name": "CVE-2022-26775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26775"
},
{
"name": "CVE-2021-4166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
},
{
"name": "CVE-2022-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0128"
},
{
"name": "CVE-2022-26742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26742"
},
{
"name": "CVE-2022-22665",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22665"
},
{
"name": "CVE-2022-0530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0530"
},
{
"name": "CVE-2022-22677",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22677"
},
{
"name": "CVE-2022-22673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22673"
},
{
"name": "CVE-2022-26768",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26768"
},
{
"name": "CVE-2021-4193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
},
{
"name": "CVE-2022-26738",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26738"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-26719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26719"
},
{
"name": "CVE-2022-22675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22675"
},
{
"name": "CVE-2022-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26720"
},
{
"name": "CVE-2022-26698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26698"
},
{
"name": "CVE-2022-26748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26748"
},
{
"name": "CVE-2022-26749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26749"
},
{
"name": "CVE-2022-26714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26714"
},
{
"name": "CVE-2022-26747",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26747"
},
{
"name": "CVE-2022-26726",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26726"
},
{
"name": "CVE-2022-22719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
},
{
"name": "CVE-2022-26704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26704"
},
{
"name": "CVE-2022-26755",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26755"
},
{
"name": "CVE-2022-26725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26725"
},
{
"name": "CVE-2021-45444",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45444"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2022-22663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22663"
},
{
"name": "CVE-2022-26721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26721"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-26741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26741"
},
{
"name": "CVE-2022-26728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26728"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"name": "CVE-2022-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26743"
},
{
"name": "CVE-2022-26727",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26727"
},
{
"name": "CVE-2022-26737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26737"
},
{
"name": "CVE-2022-26736",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26736"
},
{
"name": "CVE-2022-26715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26715"
},
{
"name": "CVE-2022-26731",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26731"
},
{
"name": "CVE-2022-26767",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26767"
},
{
"name": "CVE-2022-26771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26771"
},
{
"name": "CVE-2015-4142",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4142"
},
{
"name": "CVE-2022-26724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26724"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2022-26752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26752"
},
{
"name": "CVE-2022-26706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26706"
},
{
"name": "CVE-2021-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
},
{
"name": "CVE-2022-26750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26750"
},
{
"name": "CVE-2021-46059",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46059"
},
{
"name": "CVE-2022-26745",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26745"
},
{
"name": "CVE-2022-26746",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26746"
},
{
"name": "CVE-2022-26716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26716"
},
{
"name": "CVE-2022-26712",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26712"
},
{
"name": "CVE-2022-26710",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26710"
},
{
"name": "CVE-2022-26718",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26718"
},
{
"name": "CVE-2022-26694",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26694"
},
{
"name": "CVE-2022-26703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26703"
},
{
"name": "CVE-2022-26697",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26697"
},
{
"name": "CVE-2022-26709",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26709"
},
{
"name": "CVE-2022-26757",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26757"
}
],
"initial_release_date": "2022-05-17T00:00:00",
"last_revision_date": "2022-05-17T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-466",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213257 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213257"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213255 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213255"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213261 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213261"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213256 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213256"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213253 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213253"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213254 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213254"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213258 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213258"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213260 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213260"
}
]
}
fkie_cve-2022-26744
Vulnerability from fkie_nvd
Published
2022-05-26 20:15
Modified
2024-11-21 06:54
Severity ?
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | http://seclists.org/fulldisclosure/2022/Oct/39 | Mailing List, Third Party Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT213258 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/kb/HT213446 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2022/Oct/39 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT213258 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT213446 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3F8579-F907-4E15-A4D6-1459A6687594",
"versionEndExcluding": "15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29151647-DA19-4B1B-B1CD-2E05A712F941",
"versionEndExcluding": "15.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges."
},
{
"lang": "es",
"value": "Se abord\u00f3 un problema de corrupci\u00f3n de memoria con una administraci\u00f3n de estados mejorada. Este problema es corregido en iOS versi\u00f3n 15.5 y iPadOS versi\u00f3n 15.5. Una aplicaci\u00f3n puede ser capaz de ejecutar c\u00f3digo arbitrario con privilegios del kernel"
}
],
"id": "CVE-2022-26744",
"lastModified": "2024-11-21T06:54:25.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-26T20:15:08.807",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/39"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213258"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT213446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT213446"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-202205-1311
Vulnerability from variot
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. iOS and iPadOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15.5 and iPadOS 15.5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16
iOS 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213446.
Accelerate Framework Available for: iPhone 8 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, and an anonymous researcher Entry added October 27, 2022
AppleAVD Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__) Entry added October 27, 2022
Apple Neural Engine Available for: iPhone 8 and later Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36) Entry added October 27, 2022
Apple Neural Engine Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36) CVE-2022-32889: Mohamed Ghannam (@_simo36) Entry added October 27, 2022
Apple TV Available for: iPhone 8 and later Impact: An app may be able to access user-sensitive data Description: The issue was addressed with improved handling of caches. CVE-2022-32909: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022
Contacts Available for: iPhone 8 and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
Crash Reporter Available for: iPhone 8 and later Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike Entry added October 27, 2022
DriverKit Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022
Exchange Available for: iPhone 8 and later Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher Entry added October 27, 2022
GPU Drivers Available for: iPhone 8 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26744: an anonymous researcher Entry added October 27, 2022
GPU Drivers Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32903: an anonymous researcher Entry added October 27, 2022
ImageIO Available for: iPhone 8 and later Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Entry added October 27, 2022
Image Processing Available for: iPhone 8 and later Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022
IOGPUFamily Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32887: an anonymous researcher Entry added October 27, 2022
Kernel Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab Entry added October 27, 2022
Kernel Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab Entry updated October 27, 2022
Kernel Available for: iPhone 8 and later Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32917: an anonymous researcher
Maps Available for: iPhone 8 and later Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas, breakpointhq.com
MediaLibrary Available for: iPhone 8 and later Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Notifications Available for: iPhone 8 and later Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer Entry added October 27, 2022
Photos Available for: iPhone 8 and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd Entry added October 27, 2022
Safari Available for: iPhone 8 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: This issue was addressed with improved checks. CVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati
Safari Extensions Available for: iPhone 8 and later Impact: A website may be able to track users through Safari web extensions Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 242278 CVE-2022-32868: Michael
Sandbox Available for: iPhone 8 and later Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022
Security Available for: iPhone 8 and later Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022
Shortcuts Available for: iPhone 8 and later Impact: A person with physical access to an iOS device may be able to access photos from the lock screen Description: A logic issue was addressed with improved restrictions. CVE-2022-32872: Elite Tech Guru
Sidecar Available for: iPhone 8 and later Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital Entry added October 27, 2022
Siri Available for: iPhone 8 and later Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/andrew-goldberg-/) Entry added October 27, 2022
SQLite Available for: iPhone 8 and later Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690 Entry added October 27, 2022
Time Zone Available for: iPhone 8 and later Impact: Deleted contacts may still appear in spotlight search results Description: A logic issue was addressed with improved state management. CVE-2022-32859 Entry added October 27, 2022
Watch app Available for: iPhone 8 and later Impact: An app may be able to read a persistent device identifier Description: This issue was addressed with improved entitlements. CVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes) Entry added October 27, 2022
Weather Available for: iPhone 8 and later Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher Entry added October 27, 2022
WebKit Available for: iPhone 8 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) Entry added October 27, 2022
WebKit Available for: iPhone 8 and later Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243236 CVE-2022-32891: @real_as3617, and an anonymous researcher Entry added October 27, 2022
WebKit Available for: iPhone 8 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer, afang5472, xmzyshypnc
WebKit Available for: iPhone 8 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: iPhone 8 and later Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab Entry added October 27, 2022
Wi-Fi Available for: iPhone 8 and later Impact: An app may be able to cause unexpected system termination or write kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32925: Wang Yu of Cyberserval Entry added October 27, 2022
Additional recognition
AirDrop We would like to acknowledge Alexander Heinrich, Milan Stute, and Christian Weinert of Technical University of Darmstadt for their assistance. Entry added October 27, 2022
AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance. Entry added October 27, 2022
Calendar UI We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal for their assistance. Entry added October 27, 2022
FaceTime We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022
Find My We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022
Game Center We would like to acknowledge Joshua Jones for their assistance.
iCloud We would like to acknowledge Bülent Aytulun, and an anonymous researcher for their assistance. Entry added October 27, 2022
Identity Services We would like to acknowledge Joshua Jones for their assistance.
Kernel We would like to acknowledge Pan ZhenPeng(@Peterpan0927), Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, and an anonymous researcher for their assistance. Entry added October 27, 2022
Mail We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022
Notes We would like to acknowledge Edward Riley of Iron Cloud Limited (ironclouduk.com) for their assistance. Entry added October 27, 2022
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance. Entry added October 27, 2022
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Entry added October 27, 2022
Shortcuts We would like to acknowledge Shay Dror for their assistance. Entry added October 27, 2022
SOS We would like to acknowledge Xianfeng Lu and Lei Ai of OPPO Amber Security Lab for their assistance. Entry added October 27, 2022
UIKit We would like to acknowledge Aleczander Ewing, Simon de Vegt, and an anonymous researcher for their assistance. Entry added October 27, 2022
WebKit We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022
WebRTC We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 16". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpoACgkQ4RjMIDke NxkQ8w/9FMTP02t/AKe0nXZ44UhfMLy7Sx88gpWRHaWKZtdjPADC2kxx1RbVSvrC C5nB6bw2zGppE1V284QitcNG9WrGGTINK6Knshv0PCkWLZnh1sYqX2bYbKmY6Ol7 K+lRk6zicF3k7KcCZRly6UuJ8RvfPpa2wKuVVv5FBPM8bPRuovVRiRxGUWuO7emM ZXyp4n5u+GldW8n8hRK/jxwGGwrKqFmXL9Ecd79I2/4uYmEx6tmoAYuEZs26BfjK Etd1F54PlewmyUKvVlWiwLhpVgygRqkmvW+jKwX46gBzwHFK88B9IV6wf8ZD5JaU Ur+nqEjiqmbYdcfV8pu64eRNnlTiCmD/ehJg8sNG38m9SeqOw3ZNVaQ8+sgoXwsp rpsPDPsXmPqqadxERe7LwLXSm4KtTARdGbEffHAA5eqc+U0ja2u3piqk8ZKTrC6K tORrDjSkKx9AILbds99Wzbnb1rfF/09N1+LPQT7Ac8PCA/kE+XQ+nmSDoInh8PTU rFt3ZW9Ud0q6Y2Ix11WYrb6wOqs/vafaW5zXTnNfgKNvw2zO/9yKYhaqIjlGtLSJ Og/O1sdcPMPisBGQynF7Dj42riQD5RQGbB/GmfgRqUHFXwcWJxFRblkwUxbjuEaR nYRj90cDbUE2wmsE4y4uFfCVpKTQCQCKXuSuBkOQje0KjTDHWac= =I+iq -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1311",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.5"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.5"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011263"
},
{
"db": "NVD",
"id": "CVE-2022-26744"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "167185"
},
{
"db": "PACKETSTORM",
"id": "169559"
}
],
"trust": 0.2
},
"cve": "CVE-2022-26744",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-26744",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-417413",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-26744",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-26744",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-26744",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-26744",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-3452",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-417413",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417413"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011263"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3452"
},
{
"db": "NVD",
"id": "CVE-2022-26744"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. iOS and iPadOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15.5 and iPadOS 15.5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16\n\niOS 16 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213446. \n\nAccelerate Framework\nAvailable for: iPhone 8 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, and an anonymous researcher\nEntry added October 27, 2022\n\nAppleAVD\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio\nZekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research\ns.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__)\nEntry added October 27, 2022\n\nApple Neural Engine\nAvailable for: iPhone 8 and later\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\nEntry added October 27, 2022\n\nApple Neural Engine\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\nCVE-2022-32889: Mohamed Ghannam (@_simo36)\nEntry added October 27, 2022\n\nApple TV\nAvailable for: iPhone 8 and later\nImpact: An app may be able to access user-sensitive data\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-32909: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nContacts\nAvailable for: iPhone 8 and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\nCrash Reporter\nAvailable for: iPhone 8 and later\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\nEntry added October 27, 2022\n\nDriverKit\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nExchange\nAvailable for: iPhone 8 and later\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\nEntry added October 27, 2022\n\nGPU Drivers\nAvailable for: iPhone 8 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26744: an anonymous researcher\nEntry added October 27, 2022\n\nGPU Drivers\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32903: an anonymous researcher\nEntry added October 27, 2022\n\nImageIO\nAvailable for: iPhone 8 and later\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\nEntry added October 27, 2022\n\nImage Processing\nAvailable for: iPhone 8 and later\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\nIOGPUFamily\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32887: an anonymous researcher\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nEntry updated October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32917: an anonymous researcher \n\nMaps\nAvailable for: iPhone 8 and later\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas, breakpointhq.com\n\nMediaLibrary\nAvailable for: iPhone 8 and later\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nNotifications\nAvailable for: iPhone 8 and later\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\nEntry added October 27, 2022\n\nPhotos\nAvailable for: iPhone 8 and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\nEntry added October 27, 2022\n\nSafari\nAvailable for: iPhone 8 and later\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: This issue was addressed with improved checks. \nCVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India)\n@imnarendrabhati\n\nSafari Extensions\nAvailable for: iPhone 8 and later\nImpact: A website may be able to track users through Safari web\nextensions\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 242278\nCVE-2022-32868: Michael\n\nSandbox\nAvailable for: iPhone 8 and later\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nSecurity\nAvailable for: iPhone 8 and later\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nShortcuts\nAvailable for: iPhone 8 and later\nImpact: A person with physical access to an iOS device may be able to\naccess photos from the lock screen\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32872: Elite Tech Guru\n\nSidecar\nAvailable for: iPhone 8 and later\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\nEntry added October 27, 2022\n\nSiri\nAvailable for: iPhone 8 and later\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/andrew-goldberg-/)\nEntry added October 27, 2022\n\nSQLite\nAvailable for: iPhone 8 and later\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\nEntry added October 27, 2022\n\nTime Zone\nAvailable for: iPhone 8 and later\nImpact: Deleted contacts may still appear in spotlight search results\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32859\nEntry added October 27, 2022\n\nWatch app\nAvailable for: iPhone 8 and later\nImpact: An app may be able to read a persistent device identifier\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes)\nEntry added October 27, 2022\n\nWeather\nAvailable for: iPhone 8 and later\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\nEntry added October 27, 2022\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243236\nCVE-2022-32891: @real_as3617, and an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer, afang5472, xmzyshypnc\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: iPhone 8 and later\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\nEntry added October 27, 2022\n\nWi-Fi\nAvailable for: iPhone 8 and later\nImpact: An app may be able to cause unexpected system termination or\nwrite kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32925: Wang Yu of Cyberserval\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Alexander Heinrich, Milan Stute, and\nChristian Weinert of Technical University of Darmstadt for their\nassistance. \nEntry added October 27, 2022\n\nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \nEntry added October 27, 2022\n\nCalendar UI\nWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of\nLakshmi Narain College Of Technology Bhopal for their assistance. \nEntry added October 27, 2022\n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nGame Center\nWe would like to acknowledge Joshua Jones for their assistance. \n\niCloud\nWe would like to acknowledge B\u00fclent Aytulun, and an anonymous\nresearcher for their assistance. \nEntry added October 27, 2022\n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nKernel\nWe would like to acknowledge Pan ZhenPeng(@Peterpan0927), Tingting\nYin of Tsinghua University, and Min Zheng of Ant Group, and an\nanonymous researcher for their assistance. \nEntry added October 27, 2022\n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nNotes\nWe would like to acknowledge Edward Riley of Iron Cloud Limited\n(ironclouduk.com) for their assistance. \nEntry added October 27, 2022\n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \nEntry added October 27, 2022\n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \nEntry added October 27, 2022\n\nShortcuts\nWe would like to acknowledge Shay Dror for their assistance. \nEntry added October 27, 2022\n\nSOS\nWe would like to acknowledge Xianfeng Lu and Lei Ai of OPPO Amber\nSecurity Lab for their assistance. \nEntry added October 27, 2022\n\nUIKit\nWe would like to acknowledge Aleczander Ewing, Simon de Vegt, and an\nanonymous researcher for their assistance. \nEntry added October 27, 2022\n\nWebKit\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/ iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device. The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device. To\ncheck that the iPhone, iPod touch, or iPad has been updated: *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 16\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpoACgkQ4RjMIDke\nNxkQ8w/9FMTP02t/AKe0nXZ44UhfMLy7Sx88gpWRHaWKZtdjPADC2kxx1RbVSvrC\nC5nB6bw2zGppE1V284QitcNG9WrGGTINK6Knshv0PCkWLZnh1sYqX2bYbKmY6Ol7\nK+lRk6zicF3k7KcCZRly6UuJ8RvfPpa2wKuVVv5FBPM8bPRuovVRiRxGUWuO7emM\nZXyp4n5u+GldW8n8hRK/jxwGGwrKqFmXL9Ecd79I2/4uYmEx6tmoAYuEZs26BfjK\nEtd1F54PlewmyUKvVlWiwLhpVgygRqkmvW+jKwX46gBzwHFK88B9IV6wf8ZD5JaU\nUr+nqEjiqmbYdcfV8pu64eRNnlTiCmD/ehJg8sNG38m9SeqOw3ZNVaQ8+sgoXwsp\nrpsPDPsXmPqqadxERe7LwLXSm4KtTARdGbEffHAA5eqc+U0ja2u3piqk8ZKTrC6K\ntORrDjSkKx9AILbds99Wzbnb1rfF/09N1+LPQT7Ac8PCA/kE+XQ+nmSDoInh8PTU\nrFt3ZW9Ud0q6Y2Ix11WYrb6wOqs/vafaW5zXTnNfgKNvw2zO/9yKYhaqIjlGtLSJ\nOg/O1sdcPMPisBGQynF7Dj42riQD5RQGbB/GmfgRqUHFXwcWJxFRblkwUxbjuEaR\nnYRj90cDbUE2wmsE4y4uFfCVpKTQCQCKXuSuBkOQje0KjTDHWac=\n=I+iq\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26744"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011263"
},
{
"db": "VULHUB",
"id": "VHN-417413"
},
{
"db": "VULMON",
"id": "CVE-2022-26744"
},
{
"db": "PACKETSTORM",
"id": "167185"
},
{
"db": "PACKETSTORM",
"id": "169559"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26744",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "169559",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167185",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011263",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022051705",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2407",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3452",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-417413",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-26744",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417413"
},
{
"db": "VULMON",
"id": "CVE-2022-26744"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011263"
},
{
"db": "PACKETSTORM",
"id": "167185"
},
{
"db": "PACKETSTORM",
"id": "169559"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3452"
},
{
"db": "NVD",
"id": "CVE-2022-26744"
}
]
},
"id": "VAR-202205-1311",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-417413"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:31:52.758000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213258 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT213258"
},
{
"title": "Apple iOS and Apple iPadOS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=192987"
},
{
"title": "Apple: iOS 15.5 and iPadOS 15.5",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f66f27c9aed3f1df2b9271d627617604"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-26744"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011263"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3452"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417413"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011263"
},
{
"db": "NVD",
"id": "CVE-2022-26744"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://support.apple.com/en-us/ht213258"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213446"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/39"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26744"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051705"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-38380"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2407"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26744/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167185/apple-security-advisory-2022-05-16-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169559/apple-security-advisory-2022-10-27-3.html"
},
{
"trust": 0.2,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht213258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26701"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26703"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26738"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22673"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26702"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213258."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26737"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4142"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26711"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32867"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32859"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213446."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32835"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32868"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32795"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417413"
},
{
"db": "VULMON",
"id": "CVE-2022-26744"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011263"
},
{
"db": "PACKETSTORM",
"id": "167185"
},
{
"db": "PACKETSTORM",
"id": "169559"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3452"
},
{
"db": "NVD",
"id": "CVE-2022-26744"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-417413"
},
{
"db": "VULMON",
"id": "CVE-2022-26744"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011263"
},
{
"db": "PACKETSTORM",
"id": "167185"
},
{
"db": "PACKETSTORM",
"id": "169559"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3452"
},
{
"db": "NVD",
"id": "CVE-2022-26744"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-26T00:00:00",
"db": "VULHUB",
"id": "VHN-417413"
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011263"
},
{
"date": "2022-05-17T16:57:57",
"db": "PACKETSTORM",
"id": "167185"
},
{
"date": "2022-10-31T14:22:02",
"db": "PACKETSTORM",
"id": "169559"
},
{
"date": "2022-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3452"
},
{
"date": "2022-05-26T20:15:08.807000",
"db": "NVD",
"id": "CVE-2022-26744"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-16T00:00:00",
"db": "VULHUB",
"id": "VHN-417413"
},
{
"date": "2023-08-21T07:30:00",
"db": "JVNDB",
"id": "JVNDB-2022-011263"
},
{
"date": "2022-11-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3452"
},
{
"date": "2024-11-21T06:54:25.190000",
"db": "NVD",
"id": "CVE-2022-26744"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3452"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iOS\u00a0 and \u00a0iPadOS\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011263"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3452"
}
],
"trust": 0.6
}
}
gsd-2022-26744
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-26744",
"description": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.",
"id": "GSD-2022-26744"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-26744"
],
"details": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.",
"id": "GSD-2022-26744",
"modified": "2023-12-13T01:19:39.431980Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2022-26744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "15.5"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to execute arbitrary code with kernel privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT213258",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213258"
},
{
"name": "https://support.apple.com/kb/HT213446",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213446"
},
{
"name": "20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Oct/39"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2022-26744"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT213258",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213258"
},
{
"name": "https://support.apple.com/kb/HT213446",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT213446"
},
{
"name": "20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/39"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-11-16T17:14Z",
"publishedDate": "2022-05-26T20:15Z"
}
}
}
ghsa-mp56-h348-x622
Vulnerability from github
Published
2022-05-27 00:00
Modified
2022-06-08 00:00
Severity ?
VLAI Severity ?
Details
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
{
"affected": [],
"aliases": [
"CVE-2022-26744"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-26T20:15:00Z",
"severity": "HIGH"
},
"details": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.",
"id": "GHSA-mp56-h348-x622",
"modified": "2022-06-08T00:00:34Z",
"published": "2022-05-27T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26744"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213258"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213446"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/39"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…