cvelistv5 - cve-2022-26771

CVE-2022-26771 (GCVE-0-2022-26771)

Vulnerability from cvelistv5

Published

2022-05-26 19:26

Modified

2025-05-30 17:04

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

A malicious application may be able to execute arbitrary code with kernel privileges

Summary

References

URL

Tags

product-security@apple.com	https://support.apple.com/en-us/HT213253	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213254	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213258	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213253	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213254	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213258	Vendor Advisory

Impacted products

Vendor

Product

Version

Apple

watchOS

Version: unspecified < 8.6

	Apple	watchOS	Version: unspecified < 15.5
	Apple	watchOS	Version: unspecified < 15.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:11:44.487Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213258"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213253"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213254"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-26771",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-30T17:04:35.370189Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-30T17:04:41.642Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "8.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A malicious application may be able to execute arbitrary code with kernel privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-26T19:26:34.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT213258"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT213253"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT213254"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2022-26771",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "watchOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "watchOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "15.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "watchOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "15.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "A malicious application may be able to execute arbitrary code with kernel privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT213258",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT213258"
            },
            {
              "name": "https://support.apple.com/en-us/HT213253",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT213253"
            },
            {
              "name": "https://support.apple.com/en-us/HT213254",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT213254"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2022-26771",
    "datePublished": "2022-05-26T19:26:34.000Z",
    "dateReserved": "2022-03-08T00:00:00.000Z",
    "dateUpdated": "2025-05-30T17:04:41.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-26771\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2022-05-26T20:15:09.930\",\"lastModified\":\"2025-05-30T17:15:22.247\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de corrupci\u00f3n de memoria con una administraci\u00f3n de estados mejorada. Este problema es corregido en watchOS versi\u00f3n 8.6, tvOS versi\u00f3n 15.5, iOS versi\u00f3n 15.5 y iPadOS versi\u00f3n 15.5. Una aplicaci\u00f3n maliciosa puede ser capaz de ejecutar c\u00f3digo arbitrario con privilegios del kernel\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.5\",\"matchCriteriaId\":\"5B3F8579-F907-4E15-A4D6-1459A6687594\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.5\",\"matchCriteriaId\":\"29151647-DA19-4B1B-B1CD-2E05A712F941\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.5\",\"matchCriteriaId\":\"4C98BE9E-8463-4CB9-8E42-A68DC0B20BD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.6\",\"matchCriteriaId\":\"E8BAAD78-60FC-4EC3-B727-55F0C0969D6A\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT213253\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213254\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213258\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213253\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213254\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213258\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213258\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213253\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213254\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T05:11:44.487Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-26771\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-30T17:04:35.370189Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-30T17:04:07.233Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"15.5\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"15.5\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213258\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://support.apple.com/en-us/HT213253\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://support.apple.com/en-us/HT213254\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"A malicious application may be able to execute arbitrary code with kernel privileges\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2022-05-26T19:26:34.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"8.6\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"watchOS\"}, {\"version\": {\"version_data\": [{\"version_value\": \"15.5\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"watchOS\"}, {\"version\": {\"version_data\": [{\"version_value\": \"15.5\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"watchOS\"}]}, \"vendor_name\": \"Apple\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://support.apple.com/en-us/HT213258\", \"name\": \"https://support.apple.com/en-us/HT213258\", \"refsource\": \"MISC\"}, {\"url\": \"https://support.apple.com/en-us/HT213253\", \"name\": \"https://support.apple.com/en-us/HT213253\", \"refsource\": \"MISC\"}, {\"url\": \"https://support.apple.com/en-us/HT213254\", \"name\": \"https://support.apple.com/en-us/HT213254\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"A malicious application may be able to execute arbitrary code with kernel privileges\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-26771\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"product-security@apple.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-26771\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-30T17:04:41.642Z\", \"dateReserved\": \"2022-03-08T00:00:00.000Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2022-05-26T19:26:34.000Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2022-26771

Vulnerability from fkie_nvd

Published

2022-05-26 20:15

Modified

2025-05-30 17:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/HT213253	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213254	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213258	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213253	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213254	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213258	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	ipados	*
apple	iphone_os	*
apple	tvos	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B3F8579-F907-4E15-A4D6-1459A6687594",
              "versionEndExcluding": "15.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29151647-DA19-4B1B-B1CD-2E05A712F941",
              "versionEndExcluding": "15.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C98BE9E-8463-4CB9-8E42-A68DC0B20BD8",
              "versionEndExcluding": "15.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8BAAD78-60FC-4EC3-B727-55F0C0969D6A",
              "versionEndExcluding": "8.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un problema de corrupci\u00f3n de memoria con una administraci\u00f3n de estados mejorada. Este problema es corregido en watchOS versi\u00f3n 8.6, tvOS versi\u00f3n 15.5, iOS versi\u00f3n 15.5 y iPadOS versi\u00f3n 15.5. Una aplicaci\u00f3n maliciosa puede ser capaz de ejecutar c\u00f3digo arbitrario con privilegios del kernel"
    }
  ],
  "id": "CVE-2022-26771",
  "lastModified": "2025-05-30T17:15:22.247",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-05-26T20:15:09.930",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213253"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213254"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213258"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213254"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213258"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple iOS versions antérieures à 15.5
Apple	macOS	Apple macOS Monterey versions antérieures à 12.4
Apple	N/A	Apple tvOS versions antérieures à 15.5
Apple	Safari	Apple Safari versions antérieures à 15.5
Apple	N/A	Apple watchOS versions antérieures à 8.6
Apple	N/A	Apple Xcode versions antérieures à 13.4
Apple	macOS	Apple macOS Catalina versions antérieures à 2022-004
Apple	N/A	Apple iPadOS versions antérieures à 15.5
Apple	macOS	Apple macOS Big Sur versions antérieures à 11.6.6

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT213257 du 16 mai 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213255 du 16 mai 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213261 du 16 mai 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213256 du 16 mai 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213253 du 16 mai 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213254 du 16 mai 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213258 du 16 mai 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213260 du 16 mai 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple iOS versions ant\u00e9rieures \u00e0 15.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS Monterey versions ant\u00e9rieures \u00e0 12.4",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple tvOS versions ant\u00e9rieures \u00e0 15.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 15.5",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions ant\u00e9rieures \u00e0 8.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Xcode versions ant\u00e9rieures \u00e0 13.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS Catalina versions ant\u00e9rieures \u00e0 2022-004",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iPadOS versions ant\u00e9rieures \u00e0 15.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS Big Sur versions ant\u00e9rieures \u00e0 11.6.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-26701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26701"
    },
    {
      "name": "CVE-2022-26722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26722"
    },
    {
      "name": "CVE-2022-26769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26769"
    },
    {
      "name": "CVE-2022-26761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26761"
    },
    {
      "name": "CVE-2021-4192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4192"
    },
    {
      "name": "CVE-2022-26751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26751"
    },
    {
      "name": "CVE-2022-26702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26702"
    },
    {
      "name": "CVE-2022-26693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26693"
    },
    {
      "name": "CVE-2022-26700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26700"
    },
    {
      "name": "CVE-2022-26753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26753"
    },
    {
      "name": "CVE-2022-26763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26763"
    },
    {
      "name": "CVE-2022-26776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26776"
    },
    {
      "name": "CVE-2022-26772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26772"
    },
    {
      "name": "CVE-2021-4173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
    },
    {
      "name": "CVE-2022-26756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26756"
    },
    {
      "name": "CVE-2022-22721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
    },
    {
      "name": "CVE-2022-26766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26766"
    },
    {
      "name": "CVE-2022-26744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26744"
    },
    {
      "name": "CVE-2022-26770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26770"
    },
    {
      "name": "CVE-2022-26739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26739"
    },
    {
      "name": "CVE-2022-22589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22589"
    },
    {
      "name": "CVE-2022-26723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26723"
    },
    {
      "name": "CVE-2022-22674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22674"
    },
    {
      "name": "CVE-2022-26760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26760"
    },
    {
      "name": "CVE-2022-26754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26754"
    },
    {
      "name": "CVE-2021-4136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
    },
    {
      "name": "CVE-2022-26740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26740"
    },
    {
      "name": "CVE-2022-26762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26762"
    },
    {
      "name": "CVE-2022-26717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26717"
    },
    {
      "name": "CVE-2022-26708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26708"
    },
    {
      "name": "CVE-2022-24765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24765"
    },
    {
      "name": "CVE-2022-26711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26711"
    },
    {
      "name": "CVE-2022-26764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26764"
    },
    {
      "name": "CVE-2022-26765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26765"
    },
    {
      "name": "CVE-2022-26775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26775"
    },
    {
      "name": "CVE-2021-4166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
    },
    {
      "name": "CVE-2022-0128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0128"
    },
    {
      "name": "CVE-2022-26742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26742"
    },
    {
      "name": "CVE-2022-22665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22665"
    },
    {
      "name": "CVE-2022-0530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0530"
    },
    {
      "name": "CVE-2022-22677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22677"
    },
    {
      "name": "CVE-2022-22673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22673"
    },
    {
      "name": "CVE-2022-26768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26768"
    },
    {
      "name": "CVE-2021-4193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
    },
    {
      "name": "CVE-2022-26738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26738"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2022-26719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26719"
    },
    {
      "name": "CVE-2022-22675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22675"
    },
    {
      "name": "CVE-2022-26720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26720"
    },
    {
      "name": "CVE-2022-26698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26698"
    },
    {
      "name": "CVE-2022-26748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26748"
    },
    {
      "name": "CVE-2022-26749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26749"
    },
    {
      "name": "CVE-2022-26714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26714"
    },
    {
      "name": "CVE-2022-26747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26747"
    },
    {
      "name": "CVE-2022-26726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26726"
    },
    {
      "name": "CVE-2022-22719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
    },
    {
      "name": "CVE-2022-26704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26704"
    },
    {
      "name": "CVE-2022-26755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26755"
    },
    {
      "name": "CVE-2022-26725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26725"
    },
    {
      "name": "CVE-2021-45444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45444"
    },
    {
      "name": "CVE-2022-23308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
    },
    {
      "name": "CVE-2022-22663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22663"
    },
    {
      "name": "CVE-2022-26721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26721"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2022-26741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26741"
    },
    {
      "name": "CVE-2022-26728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26728"
    },
    {
      "name": "CVE-2022-22720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
    },
    {
      "name": "CVE-2021-44224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
    },
    {
      "name": "CVE-2022-26743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26743"
    },
    {
      "name": "CVE-2022-26727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26727"
    },
    {
      "name": "CVE-2022-26737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26737"
    },
    {
      "name": "CVE-2022-26736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26736"
    },
    {
      "name": "CVE-2022-26715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26715"
    },
    {
      "name": "CVE-2022-26731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26731"
    },
    {
      "name": "CVE-2022-26767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26767"
    },
    {
      "name": "CVE-2022-26771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26771"
    },
    {
      "name": "CVE-2015-4142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4142"
    },
    {
      "name": "CVE-2022-26724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26724"
    },
    {
      "name": "CVE-2021-44790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
    },
    {
      "name": "CVE-2022-26752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26752"
    },
    {
      "name": "CVE-2022-26706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26706"
    },
    {
      "name": "CVE-2021-4187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
    },
    {
      "name": "CVE-2022-26750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26750"
    },
    {
      "name": "CVE-2021-46059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46059"
    },
    {
      "name": "CVE-2022-26745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26745"
    },
    {
      "name": "CVE-2022-26746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26746"
    },
    {
      "name": "CVE-2022-26716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26716"
    },
    {
      "name": "CVE-2022-26712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26712"
    },
    {
      "name": "CVE-2022-26710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26710"
    },
    {
      "name": "CVE-2022-26718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26718"
    },
    {
      "name": "CVE-2022-26694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26694"
    },
    {
      "name": "CVE-2022-26703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26703"
    },
    {
      "name": "CVE-2022-26697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26697"
    },
    {
      "name": "CVE-2022-26709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26709"
    },
    {
      "name": "CVE-2022-26757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26757"
    }
  ],
  "initial_release_date": "2022-05-17T00:00:00",
  "last_revision_date": "2022-05-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-466",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-05-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213257 du 16 mai 2022",
      "url": "https://support.apple.com/fr-fr/HT213257"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213255 du 16 mai 2022",
      "url": "https://support.apple.com/fr-fr/HT213255"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213261 du 16 mai 2022",
      "url": "https://support.apple.com/fr-fr/HT213261"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213256 du 16 mai 2022",
      "url": "https://support.apple.com/fr-fr/HT213256"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213253 du 16 mai 2022",
      "url": "https://support.apple.com/fr-fr/HT213253"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213254 du 16 mai 2022",
      "url": "https://support.apple.com/fr-fr/HT213254"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213258 du 16 mai 2022",
      "url": "https://support.apple.com/fr-fr/HT213258"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213260 du 16 mai 2022",
      "url": "https://support.apple.com/fr-fr/HT213260"
    }
  ]
}

CERTFR-2022-AVI-467

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	N/A	SUSE Linux Enterprise High Availability 15-SP3
SUSE	N/A	SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications
SUSE	N/A	SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE	N/A	SUSE Linux Enterprise High Availability 12-SP5
SUSE	SUSE Manager Retail Branch Server	SUSE Manager Retail Branch Server 4.2
SUSE	N/A	SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE	SUSE Manager Proxy	SUSE Manager Proxy 4.2
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 12-SP5
SUSE	openSUSE Leap	openSUSE Leap 15.4
SUSE	SUSE Linux Enterprise Real Time	SUSE Linux Enterprise Real Time Extension 12-SP5
SUSE	N/A	SUSE Linux Enterprise Module for Realtime 15-SP3
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro 5.2
SUSE	SUSE Manager Server	SUSE Manager Server 4.2
SUSE	N/A	SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP5
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro 5.1
SUSE	N/A	SUSE Linux Enterprise Module for Public Cloud 15-SP3
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing
SUSE	SUSE Linux Enterprise Real Time	SUSE Linux Enterprise Real Time 15-SP3
SUSE	SUSE Linux Enterprise Desktop	SUSE Linux Enterprise Desktop 15-SP3
SUSE	N/A	SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 12-SP5
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE	N/A	SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15-SP3
SUSE	SUSE Linux Enterprise Desktop	SUSE Linux Enterprise Desktop 12-SP5
SUSE	N/A	SUSE Linux Enterprise Realtime Extension 15-SP3
SUSE	N/A	SUSE Linux Enterprise Workstation Extension 12-SP5

References

Title

Publication Time

Tags

Bulletin de sécurité SUSE suse-su-20221686-1 du 16 mai 2022	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20221669-1 du 16 mai 2022	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20221668-1 du 16 mai 2022	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20221687-1 du 16 mai 2022	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20221676-1 du 16 mai 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise High Availability 15-SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module for Live Patching 15-SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server for SAP Applications 15-SP3",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server for SAP Applications",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module for Basesystem 15-SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Availability 12-SP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Manager Retail Branch Server 4.2",
      "product": {
        "name": "SUSE Manager Retail Branch Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module for Development Tools 15-SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Manager Proxy 4.2",
      "product": {
        "name": "SUSE Manager Proxy",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Live Patching 12-SP5",
      "product": {
        "name": "SUSE Linux Enterprise Live Patching",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "openSUSE Leap 15.4",
      "product": {
        "name": "openSUSE Leap",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Real Time Extension 12-SP5",
      "product": {
        "name": "SUSE Linux Enterprise Real Time",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module for Realtime 15-SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Micro 5.2",
      "product": {
        "name": "SUSE Linux Enterprise Micro",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Manager Server 4.2",
      "product": {
        "name": "SUSE Manager Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Software Development Kit 12-SP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 12-SP5",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Micro 5.1",
      "product": {
        "name": "SUSE Linux Enterprise Micro",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module for Public Cloud 15-SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Performance Computing 15-SP3",
      "product": {
        "name": "SUSE Linux Enterprise High Performance Computing",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Performance Computing",
      "product": {
        "name": "SUSE Linux Enterprise High Performance Computing",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Real Time 15-SP3",
      "product": {
        "name": "SUSE Linux Enterprise Real Time",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Desktop 15-SP3",
      "product": {
        "name": "SUSE Linux Enterprise Desktop",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Workstation Extension 15-SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Performance Computing 12-SP5",
      "product": {
        "name": "SUSE Linux Enterprise High Performance Computing",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server for SAP Applications 12-SP5",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module for Legacy Software 15-SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 15-SP3",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Desktop 12-SP5",
      "product": {
        "name": "SUSE Linux Enterprise Desktop",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Realtime Extension 15-SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Workstation Extension 12-SP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-26701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26701"
    },
    {
      "name": "CVE-2022-26722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26722"
    },
    {
      "name": "CVE-2022-26769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26769"
    },
    {
      "name": "CVE-2022-26761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26761"
    },
    {
      "name": "CVE-2021-4192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4192"
    },
    {
      "name": "CVE-2022-26751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26751"
    },
    {
      "name": "CVE-2022-26702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26702"
    },
    {
      "name": "CVE-2022-26693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26693"
    },
    {
      "name": "CVE-2022-26700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26700"
    },
    {
      "name": "CVE-2022-26753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26753"
    },
    {
      "name": "CVE-2022-26763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26763"
    },
    {
      "name": "CVE-2022-26776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26776"
    },
    {
      "name": "CVE-2022-26772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26772"
    },
    {
      "name": "CVE-2021-4173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
    },
    {
      "name": "CVE-2022-26756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26756"
    },
    {
      "name": "CVE-2022-22721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
    },
    {
      "name": "CVE-2022-26766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26766"
    },
    {
      "name": "CVE-2022-26744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26744"
    },
    {
      "name": "CVE-2022-26770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26770"
    },
    {
      "name": "CVE-2022-26739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26739"
    },
    {
      "name": "CVE-2022-22589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22589"
    },
    {
      "name": "CVE-2022-26723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26723"
    },
    {
      "name": "CVE-2022-22674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22674"
    },
    {
      "name": "CVE-2022-26760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26760"
    },
    {
      "name": "CVE-2022-26754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26754"
    },
    {
      "name": "CVE-2021-4136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
    },
    {
      "name": "CVE-2022-26740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26740"
    },
    {
      "name": "CVE-2022-26762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26762"
    },
    {
      "name": "CVE-2022-26717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26717"
    },
    {
      "name": "CVE-2022-26708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26708"
    },
    {
      "name": "CVE-2022-24765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24765"
    },
    {
      "name": "CVE-2022-26711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26711"
    },
    {
      "name": "CVE-2022-26764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26764"
    },
    {
      "name": "CVE-2022-26765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26765"
    },
    {
      "name": "CVE-2022-26775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26775"
    },
    {
      "name": "CVE-2021-4166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
    },
    {
      "name": "CVE-2022-0128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0128"
    },
    {
      "name": "CVE-2022-26742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26742"
    },
    {
      "name": "CVE-2022-22665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22665"
    },
    {
      "name": "CVE-2022-0530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0530"
    },
    {
      "name": "CVE-2022-22677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22677"
    },
    {
      "name": "CVE-2022-22673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22673"
    },
    {
      "name": "CVE-2022-26768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26768"
    },
    {
      "name": "CVE-2021-4193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
    },
    {
      "name": "CVE-2022-26738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26738"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2022-26719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26719"
    },
    {
      "name": "CVE-2022-22675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22675"
    },
    {
      "name": "CVE-2022-26720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26720"
    },
    {
      "name": "CVE-2022-26698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26698"
    },
    {
      "name": "CVE-2022-26748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26748"
    },
    {
      "name": "CVE-2022-26749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26749"
    },
    {
      "name": "CVE-2022-26714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26714"
    },
    {
      "name": "CVE-2022-26747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26747"
    },
    {
      "name": "CVE-2022-26726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26726"
    },
    {
      "name": "CVE-2022-22719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
    },
    {
      "name": "CVE-2022-26704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26704"
    },
    {
      "name": "CVE-2022-26755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26755"
    },
    {
      "name": "CVE-2022-26725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26725"
    },
    {
      "name": "CVE-2021-45444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45444"
    },
    {
      "name": "CVE-2022-23308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
    },
    {
      "name": "CVE-2022-22663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22663"
    },
    {
      "name": "CVE-2022-26721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26721"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2022-26741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26741"
    },
    {
      "name": "CVE-2022-26728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26728"
    },
    {
      "name": "CVE-2022-22720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
    },
    {
      "name": "CVE-2021-44224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
    },
    {
      "name": "CVE-2022-26743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26743"
    },
    {
      "name": "CVE-2022-26727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26727"
    },
    {
      "name": "CVE-2022-26737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26737"
    },
    {
      "name": "CVE-2022-26736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26736"
    },
    {
      "name": "CVE-2022-26715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26715"
    },
    {
      "name": "CVE-2022-26731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26731"
    },
    {
      "name": "CVE-2022-26767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26767"
    },
    {
      "name": "CVE-2022-26771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26771"
    },
    {
      "name": "CVE-2015-4142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4142"
    },
    {
      "name": "CVE-2022-26724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26724"
    },
    {
      "name": "CVE-2021-44790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
    },
    {
      "name": "CVE-2022-26752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26752"
    },
    {
      "name": "CVE-2022-26706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26706"
    },
    {
      "name": "CVE-2021-4187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
    },
    {
      "name": "CVE-2022-26750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26750"
    },
    {
      "name": "CVE-2021-46059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46059"
    },
    {
      "name": "CVE-2022-26745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26745"
    },
    {
      "name": "CVE-2022-26746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26746"
    },
    {
      "name": "CVE-2022-26716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26716"
    },
    {
      "name": "CVE-2022-26712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26712"
    },
    {
      "name": "CVE-2022-26710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26710"
    },
    {
      "name": "CVE-2022-26718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26718"
    },
    {
      "name": "CVE-2022-26694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26694"
    },
    {
      "name": "CVE-2022-26703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26703"
    },
    {
      "name": "CVE-2022-26697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26697"
    },
    {
      "name": "CVE-2022-26709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26709"
    },
    {
      "name": "CVE-2022-26757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26757"
    }
  ],
  "initial_release_date": "2022-05-17T00:00:00",
  "last_revision_date": "2022-05-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-467",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-05-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221686-1 du 16 mai 2022",
      "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221686-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221669-1 du 16 mai 2022",
      "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221669-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221668-1 du 16 mai 2022",
      "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221668-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221687-1 du 16 mai 2022",
      "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221687-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221676-1 du 16 mai 2022",
      "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221676-1/"
    }
  ]
}

var-202205-1307

Vulnerability from variot

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15.5 and iPadOS 15.5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2022-05-16-5 watchOS 8.6

watchOS 8.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213253. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-22675: an anonymous researcher

DriverKit Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

ImageIO Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative

IOMobileFrameBuffer Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)

Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero

Kernel Available for: Apple Watch Series 3 and later Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel Available for: Apple Watch Series 3 and later Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices Available for: Apple Watch Series 3 and later Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e)

libxml2 Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308

Security Available for: Apple Watch Series 3 and later Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

TCC Available for: Apple Watch Series 3 and later Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher

WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238178 CVE-2022-26700: ryuzaki

WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori

WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

Wi-Fi Available for: Apple Watch Series 3 and later Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher

Additional recognition

AppleMobileFileIntegrity We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance.

Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p rhhgaBAAq/igmuSba0Occu1TcS6aXG50gjUZyJXPu7/UVVWI4icwz+c/ruKquy/w XuiT+C2Q6CJIWn2qM+hHrHtgsi3EYI6XxrbgcLgmvGvbwICs9RwHyHc1ztSyurTe ys8gJkc+/nZWPKR4dy7JUl8NdjoTWuUyGVE9xOJQeISND5xUoDz2i9d8FKgkZta6 FoJlIWCDuNq01vgcAfKSZqPX2mEPMnWL47Q6g69PXIs34iBcOrHNesZ/mH/jz5Nz aAnisEj9gC0+KERoMSmGoBrYmP7kr/DmVBEwa9cDA0rGfNntgNliQ7wbLxnT8kJG rJARAyLPtPsygs7UmnkDaNDkI/a63dIRWwPIKUOQYtKKqwNL5GSoytdk/OhRGjmN Hi7k1GmvGiJA7bFI3PIQDSi3YSC1cs9CeyIL2rNUSVmRZ7jHlXxlDQYH1/ad4DU1 TqVw9Rwg0mlc0tYKUNjChg/uAK1G5OGidxtLRt0FzUaXvPoVLe0/btYeaH6ijfU9 i1W+xJ8jGgWddP7r1HvNeN6B+WGuIEcla+GNduEV3+AcnxL9h6FP8sAzQuTHQtKC AkqUO1G20ieIQHKJPNEIpgLlrCFYVajDfRtB9zGDme6aBZNHxefOWMMxdKfnspj2 MtFpJ9qPmpnRITjCF5z1RDfqFjXUZvePcRA6rS1Lq4ClgQ575yI= =zdvf -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202205-1307",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.6"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.5"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.5"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.5"
      },
      {
        "model": "ipados",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "watchos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "tvos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "ios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011250"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26771"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "167193"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2022-26771",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2022-26771",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-417440",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2022-26771",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-26771",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-26771",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-26771",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202205-3496",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-417440",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-417440"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011250"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3496"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26771"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15.5 and iPadOS 15.5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-05-16-5 watchOS 8.6\n\nwatchOS 8.6 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213253. Apple is aware of a report that this issue may\nhave been actively exploited. \nCVE-2022-22675: an anonymous researcher\n\nDriverKit\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\nImageIO\nAvailable for: Apple Watch Series 3 and later\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend\nMicro Zero Day Initiative\n\nIOMobileFrameBuffer\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs\n(@starlabs_sg)\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26757: Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker that has already achieved kernel code execution\nmay be able to bypass kernel memory mitigations\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\nLaunchServices\nAvailable for: Apple Watch Series 3 and later\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions on third-party applications. \nCVE-2022-26706: Arsenii Kostromin (0x3c3e)\n\nlibxml2\nAvailable for: Apple Watch Series 3 and later\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-23308\n\nSecurity\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious app may be able to bypass signature validation\nDescription: A certificate parsing issue was addressed with improved\nchecks. \nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: An app may be able to capture a user\u0027s screen\nDescription: This issue was addressed with improved checks. \nCVE-2022-26726: an anonymous researcher\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238178\nCVE-2022-26700: ryuzaki\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 236950\nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 237475\nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 238171\nCVE-2022-26717: Jeonghoon Shin of Theori\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238183\nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\nWebKit Bugzilla: 238699\nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\nWi-Fi\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may disclose restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26745: an anonymous researcher\n\nAdditional recognition\n\nAppleMobileFileIntegrity\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nWebKit\nWe would like to acknowledge James Lee, an anonymous researcher for\ntheir assistance. \n\nInstructions on how to update your Apple Watch software are available\nat https://support.apple.com/kb/HT204641  To check the version on\nyour Apple Watch, open the Apple Watch app on your iPhone and select\n\"My Watch \u003e General \u003e About\".  Alternatively, on your watch, select\n\"My Watch \u003e General \u003e About\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p\nrhhgaBAAq/igmuSba0Occu1TcS6aXG50gjUZyJXPu7/UVVWI4icwz+c/ruKquy/w\nXuiT+C2Q6CJIWn2qM+hHrHtgsi3EYI6XxrbgcLgmvGvbwICs9RwHyHc1ztSyurTe\nys8gJkc+/nZWPKR4dy7JUl8NdjoTWuUyGVE9xOJQeISND5xUoDz2i9d8FKgkZta6\nFoJlIWCDuNq01vgcAfKSZqPX2mEPMnWL47Q6g69PXIs34iBcOrHNesZ/mH/jz5Nz\naAnisEj9gC0+KERoMSmGoBrYmP7kr/DmVBEwa9cDA0rGfNntgNliQ7wbLxnT8kJG\nrJARAyLPtPsygs7UmnkDaNDkI/a63dIRWwPIKUOQYtKKqwNL5GSoytdk/OhRGjmN\nHi7k1GmvGiJA7bFI3PIQDSi3YSC1cs9CeyIL2rNUSVmRZ7jHlXxlDQYH1/ad4DU1\nTqVw9Rwg0mlc0tYKUNjChg/uAK1G5OGidxtLRt0FzUaXvPoVLe0/btYeaH6ijfU9\ni1W+xJ8jGgWddP7r1HvNeN6B+WGuIEcla+GNduEV3+AcnxL9h6FP8sAzQuTHQtKC\nAkqUO1G20ieIQHKJPNEIpgLlrCFYVajDfRtB9zGDme6aBZNHxefOWMMxdKfnspj2\nMtFpJ9qPmpnRITjCF5z1RDfqFjXUZvePcRA6rS1Lq4ClgQ575yI=\n=zdvf\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-26771"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011250"
      },
      {
        "db": "VULHUB",
        "id": "VHN-417440"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26771"
      },
      {
        "db": "PACKETSTORM",
        "id": "167193"
      }
    ],
    "trust": 1.89
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-417440",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-417440"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-26771",
        "trust": 3.5
      },
      {
        "db": "PACKETSTORM",
        "id": "167193",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011250",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2022051708",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2410",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3496",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-417440",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26771",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-417440"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26771"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011250"
      },
      {
        "db": "PACKETSTORM",
        "id": "167193"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3496"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26771"
      }
    ]
  },
  "id": "VAR-202205-1307",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-417440"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:26:20.606000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT213254 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT213253"
      },
      {
        "title": "Apple tvOS Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193022"
      },
      {
        "title": "Apple: iOS 15.5 and iPadOS 15.5",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f66f27c9aed3f1df2b9271d627617604"
      },
      {
        "title": "Apple: watchOS 8.6",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=6bd411659b23f6a36cfd1c59cf69e092"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-26771"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011250"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3496"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-417440"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011250"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26771"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://support.apple.com/en-us/ht213254"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213253"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213258"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26771"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-38380"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022051708"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167193/apple-security-advisory-2022-05-16-5.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2410"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-26771/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht213258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26726"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26766"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26714"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26764"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26745"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26765"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213253."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26757"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26763"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26711"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26768"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht201222."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-417440"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26771"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011250"
      },
      {
        "db": "PACKETSTORM",
        "id": "167193"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3496"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26771"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-417440"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26771"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011250"
      },
      {
        "db": "PACKETSTORM",
        "id": "167193"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3496"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26771"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-417440"
      },
      {
        "date": "2023-08-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-011250"
      },
      {
        "date": "2022-05-17T17:06:32",
        "db": "PACKETSTORM",
        "id": "167193"
      },
      {
        "date": "2022-05-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-3496"
      },
      {
        "date": "2022-05-26T20:15:09.930000",
        "db": "NVD",
        "id": "CVE-2022-26771"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-06-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-417440"
      },
      {
        "date": "2023-08-21T06:38:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-011250"
      },
      {
        "date": "2022-06-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-3496"
      },
      {
        "date": "2024-11-21T06:54:28.403000",
        "db": "NVD",
        "id": "CVE-2022-26771"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3496"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0Apple\u00a0 Out-of-bounds write vulnerabilities in the product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011250"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3496"
      }
    ],
    "trust": 0.6
  }
}

gsd-2022-26771

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2022-26771

Aliases

CVE-2022-26771

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-26771",
    "description": "A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges.",
    "id": "GSD-2022-26771"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-26771"
      ],
      "details": "A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges.",
      "id": "GSD-2022-26771",
      "modified": "2023-12-13T01:19:38.879754Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2022-26771",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "8.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "15.5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "15.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "A malicious application may be able to execute arbitrary code with kernel privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT213258",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213258"
          },
          {
            "name": "https://support.apple.com/en-us/HT213253",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213253"
          },
          {
            "name": "https://support.apple.com/en-us/HT213254",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213254"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2022-26771"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT213254",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213254"
            },
            {
              "name": "https://support.apple.com/en-us/HT213253",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213253"
            },
            {
              "name": "https://support.apple.com/en-us/HT213258",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213258"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-06-07T21:14Z",
      "publishedDate": "2022-05-26T20:15Z"
    }
  }
}

ghsa-7wfh-9fp9-8cww

Vulnerability from github

Published

2022-05-27 00:00

Modified

2022-06-08 00:00

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-26771"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-26T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges.",
  "id": "GHSA-7wfh-9fp9-8cww",
  "modified": "2022-06-08T00:00:32Z",
  "published": "2022-05-27T00:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26771"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213253"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213254"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213258"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-26771 (GCVE-0-2022-26771)

Vulnerability from cvelistv5

fkie_cve-2022-26771

Vulnerability from fkie_nvd

CERTFR-2022-AVI-466

Vulnerability from certfr_avis

Solution

CERTFR-2022-AVI-467

Vulnerability from certfr_avis

Solution

var-202205-1307

Vulnerability from variot

gsd-2022-26771

Vulnerability from gsd

ghsa-7wfh-9fp9-8cww

Vulnerability from github

Tags

Sightings

Nomenclature