Download
| Alert*
CVE-2022-42816
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system. CVE-2022-42811 An access issue was addressed with additional sandbox restrictions. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to access user-sensitive data. CVE-2022-0392 Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. CVE-2022-42810 The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing a maliciously crafted USD file may disclose memory contents. CVE-2022-0318 Heap-based Buffer Overflow in vim/vim prior to 8.2. CVE-2022-0714 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. CVE-2022-42815 This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. CVE-2022-0319 Out-of-bounds Read in vim/vim prior to 8.2. CVE-2022-42813 A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. Processing a maliciously crafted certificate may lead to arbitrary code execution. CVE-2022-1769 Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. CVE-2022-42814 A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. CVE-2022-42819 An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to read sensitive location information. CVE-2022-0554 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. CVE-2022-42818 This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity. CVE-2022-32205 A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger ... CVE-2022-32206 curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unli ... CVE-2022-32207 When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the ... CVE-2022-32208 When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. CVE-2022-26730 A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution. CVE-2022-26699 A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to cause a denial-of-service to Endpoint Security clients. CVE-2022-42789 An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data. CVE-2021-36690 A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed ... CVE-2022-42823 A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-2042 Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-42820 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may cause unexpected app termination or arbitrary code execution. CVE-2022-0261 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-42788 A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location information. CVE-2022-42826 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-0943 Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. CVE-2022-28739 There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. CVE-2022-42824 A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information. CVE-2022-42825 This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system. CVE-2022-42828 The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-42829 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. CVE-2022-32833 An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history. CVE-2022-1629 Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution CVE-2022-42793 An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. An app may be able to bypass code signing checks. CVE-2022-42790 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. A user may be able to view restricted content from the lock screen. CVE-2022-42791 A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-42796 This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.7 and iPadOS 15.7, macOS Ventura 13. An app may be able to gain elevated privileges. CVE-2022-1620 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. CVE-2022-42830 The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. CVE-2022-42795 A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 16, iOS 16, macOS Ventura 13, watchOS 9. Processing a maliciously crafted image may lead to arbitrary code execution. CVE-2022-42833 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-42834 An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression CVE-2022-47965 The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-42798 The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. Parsing a maliciously crafted audio file may lead to disclosure of user informati ... CVE-2022-42831 A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. CVE-2022-42799 The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing. CVE-2022-42832 A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. CVE-2022-42838 An issue with app access to camera data was addressed with improved logic. This issue is fixed in macOS Ventura 13. A camera extension may be able to continue receiving video after the app which activated was closed. CVE-2022-1621 Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVE-2022-1622 LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. CVE-2022-32944 A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to execute arbitrary code with kernel privile ... CVE-2022-32945 An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods. CVE-2022-32940 The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-1619 Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution CVE-2022-32941 The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A buffer overflow may result in arbitrary code execution. CVE-2022-32947 The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-32827 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to cause a denial-of-service. CVE-2022-1851 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVE-2022-0361 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-1616 Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVE-2022-1735 Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. CVE-2022-37434 zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHea ... CVE-2022-1733 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. CVE-2022-0368 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVE-2022-32898 The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-32931 This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information. CVE-2022-32899 The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-32934 The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. A remote user may be able to cause kernel code execution. CVE-2022-32895 A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system. CVE-2022-32935 A lock screen issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. A user may be able to view restricted content from the lock screen. CVE-2022-32936 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13. An app may be able to disclose kernel memory. CVE-2022-32938 A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system. CVE-2022-0351 Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. CVE-2022-1968 Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-32890 A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions. CVE-2022-32892 An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions. CVE-2022-1725 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. CVE-2022-0359 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-1720 Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. CVE-2022-32888 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-32922 A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-32923 A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app. CVE-2022-32883 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information. CVE-2022-0629 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-32886 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-32928 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user in a privileged network position may be able to intercept mail credentials. CVE-2022-32809 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. CVE-2022-32924 The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-32926 The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16. An app with root privileges may be able to execute arbitrary code with kernel privileges. CVE-2022-1674 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. CVE-2022-2125 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-2126 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVE-2022-42860 This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system CVE-2022-47915 The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-2124 Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVE-2022-2000 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVE-2022-32881 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to modify protected parts of the file system. CVE-2022-46707 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. CVE-2022-46709 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16. An app may be able to execute arbitrary code with kernel privileges CVE-2022-32876 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13. A shortcut may be able to view the hidden photos album without authentication. CVE-2022-32877 A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Monterey 12.6. An app may be able to access user-sensitive data. CVE-2022-32911 The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-32879 A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, tvOS 16. A user with physical access to a device may be able to access contacts from the lock screen. CVE-2022-32912 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-32875 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6. An app may be able to read sensitive location information. CVE-2022-48577 An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. CVE-2022-32918 This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to bypass Privacy preferences. CVE-2022-32913 The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. A sandboxed app may be able to determine which app is currently using the camera. CVE-2022-32914 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-32915 A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-0696 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. CVE-2022-0572 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-1420 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. CVE-2022-46712 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13. An app may be able to cause unexpected system termination or potentially execute code with kernel privileges. CVE-2022-46713 A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system. CVE-2022-32870 A logic issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user with physical access to a device may be able to use Siri to obtain some call history information. CVE-2022-1942 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2021-39537 An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. CVE-2022-32865 The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-32866 The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-32867 This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. A user with physical access to an iOS device may be able to read past diagnostic logs. CVE-2022-0729 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. CVE-2022-32862 This issue was addressed with improved data protection. This issue is fixed in macOS Big Sur 11.7.1, macOS Ventura 13, macOS Monterey 12.6.1. An app with root privileges may be able to access private information. CVE-2022-32864 The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to disclose kernel memory. CVE-2022-1381 global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVE-2022-32907 This issue was addressed with improved checks. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-32908 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. A user may be able to elevate privileges. CVE-2022-32902 A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences. CVE-2022-32904 An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data. CVE-2022-32905 This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges. CVE-2022-0685 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. CVE-2022-42800 This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution. CVE-2022-46721 The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-48504 The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. CVE-2022-42801 A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-46722 A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system. CVE-2022-42803 A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-1898 Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-42808 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. A remote user may be able to cause kernel code execution. CVE-2022-42809 The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution. CVE-2022-3437 A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a ... CVE-2022-42806 A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. CVE-2022-1897 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVE-2022-29458 ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. CVE-2022-1927 Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVE-2022-32858 The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. An app may be able to leak sensitive kernel state. CVE-2022-42821 A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks. |