var-202201-0416
Vulnerability from variot

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32


                                       https://security.gentoo.org/

Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32


Synopsis

Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.

Background

Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060

Description

Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Vim users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"

All gVim users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"

All vim-core users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"

References

[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202208-32

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-6026-1 April 19, 2023

vim vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in Vim.

Software Description: - vim: Vi IMproved - enhanced vi editor

Details:

It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-4166)

It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4192)

It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193)

It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213)

It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318)

It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319)

It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351)

It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359)

It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368)

It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408)

It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443)

It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)

It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)

It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629)

It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)

It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)

It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)

It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. (CVE-2022-2207)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.7

Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.14

Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.13

Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm9

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13

macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.

Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki

Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)

Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)

AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher

AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.

AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)

ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)

ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)

ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)

Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher

Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022

AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.

Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher

CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)

ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC

Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike

curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208

Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.

DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)

DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)

Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher

FaceTime Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022

Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)

Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD

GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)

Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)

Heimdal Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-3437: Evgeny Legerov of Intevydis Entry added October 25, 2022

Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)

ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622

Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)

IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs

IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University

Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero

Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab

Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab

Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022

Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022

Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022

Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022

Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security

Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com

MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher

Model I/O Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022

ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537

ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458

Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure

Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer

PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)

Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd

ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher

ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher

ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher

ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022

Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739

Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security

Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher

Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake

Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)

Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania

Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital

Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)

SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger

Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro

SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690

Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126

Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher

WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)

WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)

WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative

WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)

WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs

WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University

WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022

WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative

WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab

zlib Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022

Additional recognition

Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.

FaceTime We would like to acknowledge an anonymous researcher for their assistance.

FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.

Find My We would like to acknowledge an anonymous researcher for their assistance.

Identity Services We would like to acknowledge Joshua Jones for their assistance.

IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.

Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.

Mail We would like to acknowledge an anonymous researcher for their assistance.

Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.

Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.

Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.

Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.

Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.

System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.

System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.

UIKit We would like to acknowledge Aleczander Ewing for their assistance.

WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.

WebRTC We would like to acknowledge an anonymous researcher for their assistance.

macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke Nxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC /v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5 hyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb h3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z Eois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ qdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok r5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ MzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv tswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY +aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU w3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA= =lIdC -----END PGP SIGNATURE-----

. Apple is aware of a report that this issue may have been actively exploited

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0416",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.6"
      },
      {
        "model": "vim",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "vim",
        "version": "8.2.4217"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "vim",
        "scope": null,
        "trust": 0.8,
        "vendor": "vim",
        "version": null
      },
      {
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004365"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0368"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169561"
      },
      {
        "db": "PACKETSTORM",
        "id": "169576"
      },
      {
        "db": "PACKETSTORM",
        "id": "169551"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2022-0368",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2022-0368",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-413368",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2022-0368",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "security@huntr.dev",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2022-0368",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-0368",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-0368",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "security@huntr.dev",
            "id": "CVE-2022-0368",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-0368",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202201-2480",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-413368",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-0368",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-413368"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-0368"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004365"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2480"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0368"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0368"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n    Title: Vim, gVim: Multiple Vulnerabilities\n     Date: August 21, 2022\n     Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n       ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  app-editors/gvim           \u003c 9.0.0060                \u003e= 9.0.0060\n  2  app-editors/vim            \u003c 9.0.0060                \u003e= 9.0.0060\n  3  app-editors/vim-core       \u003c 9.0.0060                \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n      https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n      https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n      https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n      https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n      https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n      https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n      https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n      https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n      https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n      https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n      https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n      https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n      https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n      https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n      https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n      https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n      https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n      https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n      https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n      https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-6026-1\nApril 19, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An      \nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS. \n(CVE-2021-4166)\n\nIt was discovered that Vim was using freed memory when dealing with regular\nexpressions inside a visual selection. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu\n20.04 LTS. (CVE-2021-4192)\n\nIt was discovered that Vim was incorrectly handling virtual column position\noperations, which could result in an out-of-bounds read. An attacker could\npossibly use this issue to expose sensitive information. This issue only\naffected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2021-4193)\n\nIt was discovered that Vim was not properly performing bounds checks when\nupdating windows present on a screen, which could result in a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0213)\n\nIt was discovered that Vim was incorrectly performing read and write\noperations when in visual block mode, going beyond the end of a line and\ncausing a heap buffer overflow. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS. (CVE-2022-0261, CVE-2022-0318)\n\nIt was discovered that Vim was incorrectly handling window exchanging\noperations when in Visual mode, which could result in an out-of-bounds read. \nAn attacker could possibly use this issue to expose sensitive information. \n(CVE-2022-0319)\n\nIt was discovered that Vim was incorrectly handling recursion when parsing\nconditional expressions. An attacker could possibly use this issue to cause\na denial of service or execute arbitrary code. (CVE-2022-0351)\n\nIt was discovered that Vim was not properly handling memory allocation when\nprocessing data in Ex mode, which could result in a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0359)\n\nIt was discovered that Vim was not properly performing bounds checks when\nexecuting line operations in Visual mode, which could result in a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,\nCVE-2022-0368)\n\nIt was discovered that Vim was not properly handling loop conditions when\nlooking for spell suggestions, which could result in a stack buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0408)\n\nIt was discovered that Vim was incorrectly handling memory access when\nexecuting buffer operations, which could result in the usage of freed\nmemory. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2022-0443)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks for\ncolumn numbers when replacing tabs with spaces or spaces with tabs, which\ncould cause a heap buffer overflow. An attacker could possibly use this\nissue to cause a denial of service or execute arbitrary code. \n(CVE-2022-0572)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2022-0629)\n\nIt was discovered that Vim was not properly performing validation of data\nthat contained special multi-byte characters, which could cause an\nout-of-bounds read. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to define\nindentation in a file, which could cause a heap buffer overflow. An\nattacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds read. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0729)\n\nIt was discovered that Vim incorrectly handled memory access. An attacker\ncould potentially use this issue to cause the corruption of sensitive\ninformation, a crash, or arbitrary code execution. (CVE-2022-2207)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n  vim                             2:8.2.3995-1ubuntu2.7\n\nUbuntu 20.04 LTS:\n  vim                             2:8.1.2269-1ubuntu5.14\n\nUbuntu 18.04 LTS:\n  vim                             2:8.0.1453-1ubuntu1.13\n\nUbuntu 14.04 ESM:\n  vim                             2:7.4.052-1ubuntu3.1+esm9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFaceTime\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nHeimdal\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-3437: Evgeny Legerov of Intevydis\nEntry added October 25, 2022\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nModel I/O\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nzlib\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke\nNxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC\n/v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5\nhyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb\nh3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z\nEois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ\nqdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok\nr5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ\nMzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv\ntswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY\n+aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU\nw3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA=\n=lIdC\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may\nhave been actively exploited",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-0368"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004365"
      },
      {
        "db": "VULHUB",
        "id": "VHN-413368"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-0368"
      },
      {
        "db": "PACKETSTORM",
        "id": "168124"
      },
      {
        "db": "PACKETSTORM",
        "id": "171934"
      },
      {
        "db": "PACKETSTORM",
        "id": "169561"
      },
      {
        "db": "PACKETSTORM",
        "id": "169576"
      },
      {
        "db": "PACKETSTORM",
        "id": "169551"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-413368",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-413368"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-0368",
        "trust": 3.9
      },
      {
        "db": "PACKETSTORM",
        "id": "169576",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004365",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2480",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060217",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022022221",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1056",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5300",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "169561",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "169551",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-413368",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-0368",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168124",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171934",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-413368"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-0368"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004365"
      },
      {
        "db": "PACKETSTORM",
        "id": "168124"
      },
      {
        "db": "PACKETSTORM",
        "id": "171934"
      },
      {
        "db": "PACKETSTORM",
        "id": "169561"
      },
      {
        "db": "PACKETSTORM",
        "id": "169576"
      },
      {
        "db": "PACKETSTORM",
        "id": "169551"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2480"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0368"
      }
    ]
  },
  "id": "VAR-202201-0416",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-413368"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:03:46.843000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT213444 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
      },
      {
        "title": "Vim Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=183814"
      },
      {
        "title": "Red Hat: CVE-2022-0368",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0368"
      },
      {
        "title": "Ubuntu Security Notice: USN-5458-1: Vim vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5458-1"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-023",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-023"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Live-Hack-CVE/CVE-2022-0368 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-0368"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004365"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2480"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.1
      },
      {
        "problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-413368"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004365"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0368"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/202208-32"
      },
      {
        "trust": 1.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht213444"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht213488"
      },
      {
        "trust": 1.8,
        "url": "https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2022/oct/28"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2022/oct/41"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2022/oct/43"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
      },
      {
        "trust": 0.8,
        "url": "https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-0368"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1056"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169576/apple-security-advisory-2022-10-27-7.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213488"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060217"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-src-undo-c-37782"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/ht213488."
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/125.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2022-0368"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5458-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-6026-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213444."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-413368"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-0368"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004365"
      },
      {
        "db": "PACKETSTORM",
        "id": "168124"
      },
      {
        "db": "PACKETSTORM",
        "id": "171934"
      },
      {
        "db": "PACKETSTORM",
        "id": "169561"
      },
      {
        "db": "PACKETSTORM",
        "id": "169576"
      },
      {
        "db": "PACKETSTORM",
        "id": "169551"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2480"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0368"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-413368"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-0368"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004365"
      },
      {
        "db": "PACKETSTORM",
        "id": "168124"
      },
      {
        "db": "PACKETSTORM",
        "id": "171934"
      },
      {
        "db": "PACKETSTORM",
        "id": "169561"
      },
      {
        "db": "PACKETSTORM",
        "id": "169576"
      },
      {
        "db": "PACKETSTORM",
        "id": "169551"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2480"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0368"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-01-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-413368"
      },
      {
        "date": "2022-01-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-0368"
      },
      {
        "date": "2023-04-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-004365"
      },
      {
        "date": "2022-08-22T16:01:59",
        "db": "PACKETSTORM",
        "id": "168124"
      },
      {
        "date": "2023-04-19T13:03:56",
        "db": "PACKETSTORM",
        "id": "171934"
      },
      {
        "date": "2022-10-31T14:22:32",
        "db": "PACKETSTORM",
        "id": "169561"
      },
      {
        "date": "2022-10-31T14:42:57",
        "db": "PACKETSTORM",
        "id": "169576"
      },
      {
        "date": "2022-10-31T14:19:00",
        "db": "PACKETSTORM",
        "id": "169551"
      },
      {
        "date": "2022-01-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202201-2480"
      },
      {
        "date": "2022-01-26T18:15:08.077000",
        "db": "NVD",
        "id": "CVE-2022-0368"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-11-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-413368"
      },
      {
        "date": "2022-11-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-0368"
      },
      {
        "date": "2023-04-10T05:38:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-004365"
      },
      {
        "date": "2022-11-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202201-2480"
      },
      {
        "date": "2024-11-21T06:38:28.443000",
        "db": "NVD",
        "id": "CVE-2022-0368"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2480"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "vim/vim\u00a0 Out-of-bounds read vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004365"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2480"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.