Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2022-2313
Vulnerability from csaf_certbund
Published
2022-12-13 23:00
Modified
2024-01-31 23:00
Summary
Apple macOS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.
Angriff
Ein entfernter Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um den Benutzer zu täuschen, Informationen offenzulegen, Sicherheitsmechanismen zu umgehen, Rechte zu erweitern und beliebigen Code mit Kernel-Rechten auszuführen.
Betroffene Betriebssysteme
- MacOS X
{ document: { aggregate_severity: { text: "kritisch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um den Benutzer zu täuschen, Informationen offenzulegen, Sicherheitsmechanismen zu umgehen, Rechte zu erweitern und beliebigen Code mit Kernel-Rechten auszuführen.", title: "Angriff", }, { category: "general", text: "- MacOS X", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-2313 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2313.json", }, { category: "self", summary: "WID-SEC-2022-2313 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2313", }, { category: "external", summary: "Apple Security Advisory HT213532 vom 2022-12-13", url: "https://support.apple.com/de-de/HT213532", }, { category: "external", summary: "Apple Security Advisory HT213533 vom 2022-12-13", url: "https://support.apple.com/de-de/HT213533", }, { category: "external", summary: "Apple Security Advisory HT213534 vom 2022-12-13", url: "https://support.apple.com/de-de/HT213534", }, { category: "external", summary: "CISA Known Exploited Vulnerabilities Catalog vom 2024-01-31", url: "https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-adds-one-known-exploited-vulnerability-catalog", }, ], source_lang: "en-US", title: "Apple macOS: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-31T23:00:00.000+00:00", generator: { date: "2024-08-15T17:39:54.708+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-2313", initial_release_date: "2022-12-13T23:00:00.000+00:00", revision_history: [ { date: "2022-12-13T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2022-12-20T23:00:00.000+00:00", number: "2", summary: "Name \"Achilles\" für CVE-2022-42821 aufgenommen", }, { date: "2023-04-10T22:00:00.000+00:00", number: "3", summary: "CVE ergänzt", }, { date: "2023-04-13T22:00:00.000+00:00", number: "4", summary: "CVE Nummern ergänzt", }, { date: "2024-01-31T23:00:00.000+00:00", number: "5", summary: "CVE-2022-48618 ergänzt, wird aktiv ausgenutzt", }, ], status: "final", version: "5", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Apple macOS Ventura < 13.1", product: { name: "Apple macOS Ventura < 13.1", product_id: "T025600", product_identification_helper: { cpe: "cpe:/o:apple:mac_os:13.1", }, }, }, { category: "product_name", name: "Apple macOS Monterey < 12.6.2", product: { name: "Apple macOS Monterey < 12.6.2", product_id: "T025601", product_identification_helper: { cpe: "cpe:/o:apple:mac_os:12.6.2", }, }, }, { category: "product_name", name: "Apple macOS Big Sur < 11.7.2", product: { name: "Apple macOS Big Sur < 11.7.2", product_id: "T025603", product_identification_helper: { cpe: "cpe:/o:apple:mac_os:11.7.2", }, }, }, ], category: "product_name", name: "macOS", }, ], category: "vendor", name: "Apple", }, ], }, vulnerabilities: [ { cve: "CVE-2022-48618", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-48618", }, { cve: "CVE-2022-46720", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-46720", }, { cve: "CVE-2022-46716", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-46716", }, { cve: "CVE-2022-46705", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-46705", }, { cve: "CVE-2022-46704", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-46704", }, { cve: "CVE-2022-46703", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-46703", }, { cve: "CVE-2022-46701", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-46701", }, { cve: "CVE-2022-46700", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-46700", }, { cve: "CVE-2022-46699", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-46699", }, { cve: "CVE-2022-46698", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-46698", }, { cve: "CVE-2022-46697", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-46697", }, { cve: "CVE-2022-46696", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-46696", }, { cve: "CVE-2022-46695", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-46695", }, { cve: "CVE-2022-46693", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-46693", }, { cve: "CVE-2022-46692", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-46692", }, { cve: "CVE-2022-46691", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-46691", }, { cve: "CVE-2022-46690", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-46690", }, { cve: "CVE-2022-46689", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-46689", }, { cve: "CVE-2022-42867", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42867", }, { cve: "CVE-2022-42866", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42866", }, { cve: "CVE-2022-42865", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42865", }, { cve: "CVE-2022-42864", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42864", }, { cve: "CVE-2022-42863", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42863", }, { cve: "CVE-2022-42862", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42862", }, { cve: "CVE-2022-42861", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42861", }, { cve: "CVE-2022-42859", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42859", }, { cve: "CVE-2022-42858", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42858", }, { cve: "CVE-2022-42856", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42856", }, { cve: "CVE-2022-42855", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42855", }, { cve: "CVE-2022-42854", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42854", }, { cve: "CVE-2022-42853", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42853", }, { cve: "CVE-2022-42852", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42852", }, { cve: "CVE-2022-42847", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42847", }, { cve: "CVE-2022-42845", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42845", }, { cve: "CVE-2022-42843", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42843", }, { cve: "CVE-2022-42842", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42842", }, { cve: "CVE-2022-42841", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42841", }, { cve: "CVE-2022-42840", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42840", }, { cve: "CVE-2022-42837", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42837", }, { cve: "CVE-2022-42821", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-42821", }, { cve: "CVE-2022-40304", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-40304", }, { cve: "CVE-2022-40303", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-40303", }, { cve: "CVE-2022-32943", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-32943", }, { cve: "CVE-2022-32942", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-32942", }, { cve: "CVE-2022-29181", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-29181", }, { cve: "CVE-2022-24836", notes: [ { category: "description", text: "In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.", }, ], release_date: "2022-12-13T23:00:00.000+00:00", title: "CVE-2022-24836", }, ], }
cve-2022-42845
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app with root privileges may be able to execute arbitrary code with kernel privileges.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.207Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213534", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "11.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "12.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app with root privileges may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app with root privileges may be able to execute arbitrary code with kernel privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213536", }, { url: "https://support.apple.com/en-us/HT213534", }, { url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42845", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-10-11T00:00:00", dateUpdated: "2024-08-03T13:19:05.207Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46695
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.550Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213531", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "15.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing.", }, ], problemTypes: [ { descriptions: [ { description: "Visiting a website that frames malicious content may lead to UI spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213531", }, { url: "https://support.apple.com/en-us/HT213536", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-46695", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-12-07T00:00:00", dateUpdated: "2024-08-03T14:39:38.550Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46692
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2025-02-13 16:33
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iCloud for Windows |
Version: unspecified < 14.1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.222Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213538", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213531", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-32", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iCloud for Windows", vendor: "Apple", versions: [ { lessThan: "14.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "15.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may bypass Same Origin Policy", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T05:09:55.806Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213538", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213531", }, { url: "https://support.apple.com/en-us/HT213536", }, { url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { url: "https://security.gentoo.org/glsa/202305-32", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-46692", datePublished: "2022-12-15T00:00:00.000Z", dateReserved: "2022-12-07T00:00:00.000Z", dateUpdated: "2025-02-13T16:33:50.320Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46698
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2025-02-13 16:33
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.402Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213538", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-32", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iCloud for Windows", vendor: "Apple", versions: [ { lessThan: "14.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may disclose sensitive user information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T05:10:14.768Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213538", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213536", }, { url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, { url: "https://security.gentoo.org/glsa/202305-32", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-46698", datePublished: "2022-12-15T00:00:00.000Z", dateReserved: "2022-12-07T00:00:00.000Z", dateUpdated: "2025-02-13T16:33:50.884Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42821
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:04.816Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213488", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213534", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "11.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks.", }, ], problemTypes: [ { descriptions: [ { description: "An app may bypass Gatekeeper checks", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213488", }, { url: "https://support.apple.com/en-us/HT213534", }, { url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42821", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-10-11T00:00:00", dateUpdated: "2024-08-03T13:19:04.816Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46703
Vulnerability from cvelistv5
Published
2023-04-10 00:00
Modified
2025-02-11 17:18
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. An app may be able to read sensitive location information
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.208Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213533", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213531", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-46703", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-11T17:18:44.713646Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-11T17:18:48.646Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. An app may be able to read sensitive location information", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to read sensitive location information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-06T00:00:00.000Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/kb/HT213533", }, { url: "https://support.apple.com/kb/HT213536", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213531", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-46703", datePublished: "2023-04-10T00:00:00.000Z", dateReserved: "2022-12-07T00:00:00.000Z", dateUpdated: "2025-02-11T17:18:48.646Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42853
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.1. An app may be able to modify protected parts of the file system.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.343Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213533", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.1. An app may be able to modify protected parts of the file system.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to modify protected parts of the file system", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-12T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/kb/HT213533", }, { url: "https://support.apple.com/en-us/HT213532", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42853", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-10-11T00:00:00", dateUpdated: "2024-08-03T13:19:05.343Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29181
Vulnerability from cvelistv5
Published
2022-05-20 00:00
Modified
2024-08-03 06:17
Severity ?
EPSS score ?
Summary
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sparklemotion | nokogiri |
Version: < 1.13.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:17:54.244Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m", }, { tags: [ "x_transferred", ], url: "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267", }, { tags: [ "x_transferred", ], url: "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6", }, { tags: [ "x_transferred", ], url: "https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/", }, { name: "GLSA-202208-29", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202208-29", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213532", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "nokogiri", vendor: "sparklemotion", versions: [ { status: "affected", version: "< 1.13.6", }, ], }, ], descriptions: [ { lang: "en", value: "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-241", description: "CWE-241: Improper Handling of Unexpected Data Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m", }, { url: "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267", }, { url: "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6", }, { url: "https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/", }, { name: "GLSA-202208-29", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202208-29", }, { url: "https://support.apple.com/kb/HT213532", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, ], source: { advisory: "GHSA-xh29-r2w5-wx8m", discovery: "UNKNOWN", }, title: "Improper Handling of Unexpected Data Type in Nokogiri", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-29181", datePublished: "2022-05-20T00:00:00", dateReserved: "2022-04-13T00:00:00", dateUpdated: "2024-08-03T06:17:54.244Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42864
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
A race condition was addressed with improved state handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 11.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.391Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213531", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213534", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "11.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "12.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "15.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A race condition was addressed with improved state handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213531", }, { url: "https://support.apple.com/en-us/HT213536", }, { url: "https://support.apple.com/en-us/HT213534", }, { url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42864", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-10-11T00:00:00", dateUpdated: "2024-08-03T13:19:05.391Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46696
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.646Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to arbitrary code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213536", }, { url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-46696", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-12-07T00:00:00", dateUpdated: "2024-08-03T14:39:38.646Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40303
Vulnerability from cvelistv5
Published
2022-11-22 00:00
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:14:40.053Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3", }, { tags: [ "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221209-0003/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213534", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213533", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213531", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213535", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3", }, { url: "https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0", }, { url: "https://security.netapp.com/advisory/ntap-20221209-0003/", }, { url: "https://support.apple.com/kb/HT213534", }, { url: "https://support.apple.com/kb/HT213533", }, { url: "https://support.apple.com/kb/HT213531", }, { url: "https://support.apple.com/kb/HT213536", }, { url: "https://support.apple.com/kb/HT213535", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-40303", datePublished: "2022-11-22T00:00:00", dateReserved: "2022-09-09T00:00:00", dateUpdated: "2024-08-03T12:14:40.053Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46690
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.471Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213536", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-46690", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-12-07T00:00:00", dateUpdated: "2024-08-03T14:39:38.471Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46699
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2025-02-13 16:33
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.530Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-32", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to arbitrary code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T05:09:53.896Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213536", }, { url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, { url: "https://security.gentoo.org/glsa/202305-32", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-46699", datePublished: "2022-12-15T00:00:00.000Z", dateReserved: "2022-12-07T00:00:00.000Z", dateUpdated: "2025-02-13T16:33:51.404Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46689
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 11.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.273Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213531", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213534", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "11.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "12.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "15.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213531", }, { url: "https://support.apple.com/en-us/HT213536", }, { url: "https://support.apple.com/en-us/HT213534", }, { url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-46689", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-12-07T00:00:00", dateUpdated: "2024-08-03T14:39:38.273Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42858
Vulnerability from cvelistv5
Published
2023-04-10 00:00
Modified
2025-02-11 17:15
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.381Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-42858", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-11T17:15:09.246485Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-11T17:15:33.158Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-08T00:00:00.000Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213532", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42858", datePublished: "2023-04-10T00:00:00.000Z", dateReserved: "2022-10-11T00:00:00.000Z", dateUpdated: "2025-02-11T17:15:33.158Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46691
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2025-02-13 16:33
Severity ?
EPSS score ?
Summary
A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.517Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213531", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-32", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "15.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to arbitrary code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T05:10:41.971Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213531", }, { url: "https://support.apple.com/en-us/HT213536", }, { url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, { url: "https://security.gentoo.org/glsa/202305-32", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-46691", datePublished: "2022-12-15T00:00:00.000Z", dateReserved: "2022-12-07T00:00:00.000Z", dateUpdated: "2025-02-13T16:33:49.756Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42841
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. Processing a maliciously crafted package may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:04.868Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213534", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "11.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. Processing a maliciously crafted package may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted package may lead to arbitrary code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213534", }, { url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42841", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-10-11T00:00:00", dateUpdated: "2024-08-03T13:19:04.868Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46700
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2025-02-13 16:33
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.248Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213531", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-32", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "15.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to arbitrary code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T05:10:04.366Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213531", }, { url: "https://support.apple.com/en-us/HT213536", }, { url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, { url: "https://security.gentoo.org/glsa/202305-32", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-46700", datePublished: "2022-12-15T00:00:00.000Z", dateReserved: "2022-12-07T00:00:00.000Z", dateUpdated: "2025-02-13T16:33:51.968Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46701
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.710Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-46701", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-12-07T00:00:00", dateUpdated: "2024-08-03T14:39:38.710Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42837
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:04.843Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213531", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "A remote user may be able to cause unexpected app termination or arbitrary code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-07T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/kb/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213531", }, { url: "https://support.apple.com/en-us/HT213536", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42837", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-10-11T00:00:00", dateUpdated: "2024-08-03T13:19:04.843Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46716
Vulnerability from cvelistv5
Published
2023-04-10 00:00
Modified
2025-02-11 16:17
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. Private Relay functionality did not match system settings
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.370Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-46716", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-11T16:16:57.839124Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-11T16:17:57.400Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. Private Relay functionality did not match system settings", }, ], problemTypes: [ { descriptions: [ { description: "Private Relay functionality did not match system settings", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-08T00:00:00.000Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-46716", datePublished: "2023-04-10T00:00:00.000Z", dateReserved: "2022-12-07T00:00:00.000Z", dateUpdated: "2025-02-11T16:17:57.400Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42861
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.401Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213531", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to break out of its sandbox", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213531", }, { url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42861", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-10-11T00:00:00", dateUpdated: "2024-08-03T13:19:05.401Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40304
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:14:40.052Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, { tags: [ "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3", }, { tags: [ "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221209-0003/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213534", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213533", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213531", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213535", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, { url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3", }, { url: "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b", }, { url: "https://security.netapp.com/advisory/ntap-20221209-0003/", }, { url: "https://support.apple.com/kb/HT213534", }, { url: "https://support.apple.com/kb/HT213533", }, { url: "https://support.apple.com/kb/HT213531", }, { url: "https://support.apple.com/kb/HT213536", }, { url: "https://support.apple.com/kb/HT213535", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-40304", datePublished: "2022-11-23T00:00:00", dateReserved: "2022-09-09T00:00:00", dateUpdated: "2024-08-03T12:14:40.052Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42862
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to bypass Privacy preferences.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.290Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to bypass Privacy preferences.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to bypass Privacy preferences", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42862", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-10-11T00:00:00", dateUpdated: "2024-08-03T13:19:05.290Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42847
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.apple.com/en-us/HT213532 | ||
| http://seclists.org/fulldisclosure/2022/Dec/23 | mailing-list |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.112Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213532", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42847", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-10-11T00:00:00", dateUpdated: "2024-08-03T13:19:05.112Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42843
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. A user may be able to view sensitive user information.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:04.837Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. A user may be able to view sensitive user information.", }, ], problemTypes: [ { descriptions: [ { description: "A user may be able to view sensitive user information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213536", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42843", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-10-11T00:00:00", dateUpdated: "2024-08-03T13:19:04.837Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24836
Vulnerability from cvelistv5
Published
2022-04-11 00:00
Modified
2024-09-03 12:03
Severity ?
EPSS score ?
Summary
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sparklemotion | nokogiri |
Version: < 1.13.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-09-03T12:03:46.858Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8", }, { tags: [ "x_transferred", ], url: "https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd", }, { name: "FEDORA-2022-9ed7641ce0", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/", }, { name: "FEDORA-2022-132c6d7c2e", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/", }, { name: "FEDORA-2022-d231cb5e1f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/", }, { name: "[debian-lts-announce] 20220513 [SECURITY] [DLA 3003-1] ruby-nokogiri security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html", }, { name: "GLSA-202208-29", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202208-29", }, { name: "[debian-lts-announce] 20221012 [SECURITY] [DLA 3149-1] ruby-nokogiri security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213532", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { url: "https://lists.debian.org/debian-lts-announce/2024/09/msg00010.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "nokogiri", vendor: "sparklemotion", versions: [ { status: "affected", version: "< 1.13.4", }, ], }, ], descriptions: [ { lang: "en", value: "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-1333", description: "CWE-1333: Inefficient Regular Expression Complexity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8", }, { url: "https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd", }, { name: "FEDORA-2022-9ed7641ce0", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/", }, { name: "FEDORA-2022-132c6d7c2e", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/", }, { name: "FEDORA-2022-d231cb5e1f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/", }, { name: "[debian-lts-announce] 20220513 [SECURITY] [DLA 3003-1] ruby-nokogiri security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html", }, { name: "GLSA-202208-29", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202208-29", }, { name: "[debian-lts-announce] 20221012 [SECURITY] [DLA 3149-1] ruby-nokogiri security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html", }, { url: "https://support.apple.com/kb/HT213532", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, ], source: { advisory: "GHSA-crjr-9rc5-ghw8", discovery: "UNKNOWN", }, title: "Inefficient Regular Expression Complexity in Nokogiri", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-24836", datePublished: "2022-04-11T00:00:00", dateReserved: "2022-02-10T00:00:00", dateUpdated: "2024-09-03T12:03:46.858Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42840
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:04.835Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213531", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213534", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "11.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213531", }, { url: "https://support.apple.com/en-us/HT213534", }, { url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42840", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-10-11T00:00:00", dateUpdated: "2024-08-03T13:19:04.835Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46693
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing a maliciously crafted file may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.594Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213538", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iCloud for Windows", vendor: "Apple", versions: [ { lessThan: "14.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing a maliciously crafted file may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted file may lead to arbitrary code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213538", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213536", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-46693", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-12-07T00:00:00", dateUpdated: "2024-08-03T14:39:38.594Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46697
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.apple.com/en-us/HT213532 | ||
| http://seclists.org/fulldisclosure/2022/Dec/23 | mailing-list |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.335Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213532", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-46697", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-12-07T00:00:00", dateUpdated: "2024-08-03T14:39:38.335Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42856
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2025-02-13 16:33
Severity ?
EPSS score ?
Summary
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.404Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213531", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213516", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-3 iOS 16.1.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/22", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/12/26/1", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-32", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-42856", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T21:34:19.303837Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-12-14", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-42856", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T21:38:54.411Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "15.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T05:11:05.606Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213531", }, { url: "https://support.apple.com/en-us/HT213516", }, { url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-3 iOS 16.1.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/22", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/12/26/1", }, { url: "https://security.gentoo.org/glsa/202305-32", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42856", datePublished: "2022-12-15T00:00:00.000Z", dateReserved: "2022-10-11T00:00:00.000Z", dateUpdated: "2025-02-13T16:33:24.558Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42867
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2025-02-13 16:33
Severity ?
EPSS score ?
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.296Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, { name: "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/12/26/1", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-32", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to arbitrary code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T05:10:59.329Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213536", }, { url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, { name: "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/12/26/1", }, { url: "https://security.gentoo.org/glsa/202305-32", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42867", datePublished: "2022-12-15T00:00:00.000Z", dateReserved: "2022-10-11T00:00:00.000Z", dateUpdated: "2025-02-13T16:33:26.273Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42854
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1. An app may be able to disclose kernel memory.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.195Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1. An app may be able to disclose kernel memory.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to disclose kernel memory", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42854", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-10-11T00:00:00", dateUpdated: "2024-08-03T13:19:05.195Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42866
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to read sensitive location information.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.209Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to read sensitive location information.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to read sensitive location information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213536", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42866", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-10-11T00:00:00", dateUpdated: "2024-08-03T13:19:05.209Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46705
Vulnerability from cvelistv5
Published
2023-02-27 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.239Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213531", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213537", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213676", }, { name: "[oss-security] 20231115 WebKitGTK and WPE WebKit Security Advisory WSA-2023-0010", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/11/15/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.", }, ], problemTypes: [ { descriptions: [ { description: "Visiting a malicious website may lead to address bar spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-15T21:06:16.893140", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/kb/HT213531", }, { url: "https://support.apple.com/kb/HT213536", }, { url: "https://support.apple.com/kb/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213537", }, { url: "https://support.apple.com/kb/HT213676", }, { name: "[oss-security] 20231115 WebKitGTK and WPE WebKit Security Advisory WSA-2023-0010", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/11/15/1", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-46705", datePublished: "2023-02-27T00:00:00", dateReserved: "2022-12-07T00:00:00", dateUpdated: "2024-08-03T14:39:38.239Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46704
Vulnerability from cvelistv5
Published
2023-02-27 00:00
Modified
2025-03-11 14:29
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to modify protected parts of the file system.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.544Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213534", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213533", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-46704", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T14:27:39.155534Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T14:29:05.417Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "11.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to modify protected parts of the file system.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to modify protected parts of the file system", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-27T00:00:00.000Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213534", }, { url: "https://support.apple.com/en-us/HT213533", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-46704", datePublished: "2023-02-27T00:00:00.000Z", dateReserved: "2022-12-07T00:00:00.000Z", dateUpdated: "2025-03-11T14:29:05.417Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-48618
Vulnerability from cvelistv5
Published
2024-01-09 17:58
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "16.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "16.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "16.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "13.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "16.2", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-48618", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-01T05:00:06.857910Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-01-31", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-48618", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-367", description: "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-05T19:24:46.773Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T15:17:55.511Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-09T17:58:59.097Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213536", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-48618", datePublished: "2024-01-09T17:58:59.097Z", dateReserved: "2024-01-05T23:19:09.977Z", dateUpdated: "2024-08-03T15:17:55.511Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46720
Vulnerability from cvelistv5
Published
2023-05-08 00:00
Modified
2025-01-29 16:19
Severity ?
EPSS score ?
Summary
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to break out of its sandbox
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.941Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-46720", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T16:19:23.573064Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T16:19:27.402Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to break out of its sandbox", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to break out of its sandbox", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-19T00:00:00.000Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-46720", datePublished: "2023-05-08T00:00:00.000Z", dateReserved: "2022-12-07T00:00:00.000Z", dateUpdated: "2025-01-29T16:19:27.402Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-32942
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 07:54
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:54:03.445Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213534", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "11.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. An app may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213534", }, { url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-32942", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-06-09T00:00:00", dateUpdated: "2024-08-03T07:54:03.445Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42863
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2025-02-13 16:33
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.210Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, { name: "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/12/26/1", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-32", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to arbitrary code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T05:11:02.471Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213536", }, { url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, { name: "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/12/26/1", }, { url: "https://security.gentoo.org/glsa/202305-32", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42863", datePublished: "2022-12-15T00:00:00.000Z", dateReserved: "2022-10-11T00:00:00.000Z", dateUpdated: "2025-02-13T16:33:25.163Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42852
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2025-02-13 16:33
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:04.842Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213531", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-32", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "15.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may result in the disclosure of process memory", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T05:10:31.760Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213531", }, { url: "https://support.apple.com/en-us/HT213536", }, { url: "https://support.apple.com/en-us/HT213537", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/28", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, { url: "https://security.gentoo.org/glsa/202305-32", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42852", datePublished: "2022-12-15T00:00:00.000Z", dateReserved: "2022-10-11T00:00:00.000Z", dateUpdated: "2025-02-13T16:33:24.038Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42865
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2025-02-13 16:33
Severity ?
EPSS score ?
Summary
This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to bypass Privacy preferences.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.353Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213534", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to bypass Privacy preferences.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to bypass Privacy preferences", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-12T08:06:17.448Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213536", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, { url: "https://support.apple.com/kb/HT213534", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42865", datePublished: "2022-12-15T00:00:00.000Z", dateReserved: "2022-10-11T00:00:00.000Z", dateUpdated: "2025-02-13T16:33:25.697Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42855
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.206Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213531", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/170518/libCoreEntitlements-CEContextQuery-Arbitrary-Entitlement-Returns.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "12.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "15.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to use arbitrary entitlements", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-06T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/kb/HT213536", }, { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213531", }, { url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/21", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, { url: "http://packetstormsecurity.com/files/170518/libCoreEntitlements-CEContextQuery-Arbitrary-Entitlement-Returns.html", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42855", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-10-11T00:00:00", dateUpdated: "2024-08-03T13:19:05.206Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-32943
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 07:54
Severity ?
EPSS score ?
Summary
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:54:03.437Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.", }, ], problemTypes: [ { descriptions: [ { description: "Shake-to-undo may allow a deleted photo to be re-surfaced without authentication", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-32943", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-06-09T00:00:00", dateUpdated: "2024-08-03T07:54:03.437Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42859
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.392Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to bypass Privacy preferences", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213536", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42859", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-10-11T00:00:00", dateUpdated: "2024-08-03T13:19:05.392Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42842
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. A remote user may be able to cause kernel code execution.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.119Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213535", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213532", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213530", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213536", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213534", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "11.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "13.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "12.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "16.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "9.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. A remote user may be able to cause kernel code execution.", }, ], problemTypes: [ { descriptions: [ { description: "A remote user may be able to cause kernel code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213535", }, { url: "https://support.apple.com/en-us/HT213532", }, { url: "https://support.apple.com/en-us/HT213530", }, { url: "https://support.apple.com/en-us/HT213536", }, { url: "https://support.apple.com/en-us/HT213534", }, { url: "https://support.apple.com/en-us/HT213533", }, { name: "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/20", }, { name: "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/25", }, { name: "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/23", }, { name: "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/26", }, { name: "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/24", }, { name: "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/27", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42842", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-10-11T00:00:00", dateUpdated: "2024-08-03T13:19:05.119Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.