Apple Mac OSX Macintosh Operating System
By the Year
In 2023 there have been 2 vulnerabilities in Apple Mac OSX with an average score of 6.7 out of ten. Last year Mac OSX had 93 security vulnerabilities published. Right now, Mac OSX is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.39
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 2 | 6.65 |
2022 | 93 | 7.04 |
2021 | 333 | 7.18 |
2020 | 237 | 7.11 |
2019 | 304 | 7.41 |
2018 | 88 | 7.25 |
It may take a day or so for new Mac OSX vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple Mac OSX Security Vulnerabilities
This issue was addressed by removing the vulnerable code
CVE-2023-27960
7.8 - High
- May 08, 2023
This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macOS 10.4.8. An app may be able to gain elevated privileges during the installation of GarageBand
A validation issue existed in the handling of symlinks
CVE-2022-22582
5.5 - Medium
- February 27, 2023
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files.
insecure temporary file
A logic issue was addressed with improved state management
CVE-2022-32794
7.8 - High
- November 01, 2022
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges.
A logic issue was addressed with improved checks
CVE-2022-32910
7.5 - High
- November 01, 2022
A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper.
An out-of-bounds read was addressed with improved bounds checking
CVE-2022-32831
7.1 - High
- September 23, 2022
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.
Out-of-bounds Read
An out-of-bounds write issue was addressed with improved input validation
CVE-2022-32820
7.8 - High
- September 23, 2022
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An authorization issue was addressed with improved state management
CVE-2022-32826
7.8 - High
- September 23, 2022
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.
A memory initialization issue was addressed with improved memory handling
CVE-2022-32823
5.5 - Medium
- September 23, 2022
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information.
Improper Initialization
A logic issue was addressed with improved state management
CVE-2022-32819
7.8 - High
- September 23, 2022
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.
The issue was addressed with improved memory handling
CVE-2022-32815
7.8 - High
- September 23, 2022
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.
This issue was addressed with improved file handling
CVE-2022-32807
7.1 - High
- September 23, 2022
This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files.
The issue was addressed with improved handling of caches
CVE-2022-32805
5.5 - Medium
- September 23, 2022
The issue was addressed with improved handling of caches. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to access sensitive user information.
This issue was addressed with improved checks
CVE-2022-32800
5.5 - Medium
- September 23, 2022
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.
An out-of-bounds read issue was addressed with improved bounds checking
CVE-2022-32799
5.9 - Medium
- September 23, 2022
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information.
Out-of-bounds Read
This issue was addressed with improved checks
CVE-2022-32797
7.1 - High
- September 23, 2022
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.
This issue was addressed with improved checks
CVE-2022-32790
7.5 - High
- September 23, 2022
This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service.
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-32787
8.8 - High
- September 23, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
An issue in the handling of environment variables was addressed with improved validation
CVE-2022-32786
5.5 - Medium
- September 23, 2022
An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.
A null pointer dereference was addressed with improved validation
CVE-2022-32785
5.5 - Medium
- September 23, 2022
A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service.
NULL Pointer Dereference
This issue was addressed by enabling hardened runtime
CVE-2022-32781
4.4 - Medium
- September 23, 2022
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information.
An out-of-bounds read issue was addressed with improved input validation
CVE-2022-32842
7.8 - High
- September 23, 2022
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. An app may be able to gain elevated privileges.
Out-of-bounds Read
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-32843
7.1 - High
- September 23, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory.
Memory Corruption
The issue was addressed with improved memory handling
CVE-2022-32832
6.7 - Medium
- September 23, 2022
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.
This issue was addressed with improved checks
CVE-2022-32847
9.1 - Critical
- September 23, 2022
This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. A remote user may be able to cause unexpected system termination or corrupt kernel memory.
An information disclosure issue was addressed by removing the vulnerable code
CVE-2022-32849
5.5 - Medium
- September 23, 2022
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.
An out-of-bounds read issue was addressed with improved input validation
CVE-2022-32851
7.1 - High
- September 23, 2022
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.
Out-of-bounds Read
An out-of-bounds read issue was addressed with improved input validation
CVE-2022-32853
7.1 - High
- September 23, 2022
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.
Out-of-bounds Read
An access issue was addressed with improvements to the sandbox
CVE-2022-32834
5.5 - Medium
- August 24, 2022
An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.
A logic issue was addressed with improved state management
CVE-2022-32838
5.5 - Medium
- August 24, 2022
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6. An app may be able to read arbitrary files.
The issue was addressed with improved bounds checks
CVE-2022-32839
9.8 - Critical
- August 24, 2022
The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A remote user may cause an unexpected app termination or arbitrary code execution.
This issue was addressed by using HTTPS when sending information over the network
CVE-2022-32857
4.3 - Medium
- August 24, 2022
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privileged network position can track a users activity.
The issue was addressed with improved memory handling
CVE-2022-32813
7.8 - High
- August 24, 2022
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. An app with root privileges may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved memory handling
CVE-2022-32812
7.8 - High
- August 24, 2022
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.
A memory corruption vulnerability was addressed with improved locking
CVE-2022-32811
7.8 - High
- August 24, 2022
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.
Buffer Overflow
This issue was addressed with improved checks
CVE-2022-32837
7.8 - High
- August 24, 2022
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory.
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114
CVE-2022-2294
8.8 - High
- July 28, 2022
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
A memory corruption issue was addressed with improved input validation
CVE-2022-26769
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds read issue was addressed with improved input validation
CVE-2022-26770
7.8 - High
- May 26, 2022
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.
Out-of-bounds Read
An integer overflow was addressed with improved input validation
CVE-2022-26775
9.8 - Critical
- May 26, 2022
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution.
Integer Overflow or Wraparound
This issue was addressed by removing the vulnerable code
CVE-2022-26746
5.5 - Medium
- May 26, 2022
This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.
An out-of-bounds write issue was addressed with improved input validation
CVE-2022-26748
8.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
A memory corruption issue was addressed with improved input validation
CVE-2022-26751
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.
Memory Corruption
This issue was addressed with improved environment sanitization
CVE-2022-26755
6.3 - Medium
- May 26, 2022
This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox.
An out-of-bounds write issue was addressed with improved input validation
CVE-2022-26756
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A use after free issue was addressed with improved memory management
CVE-2022-26757
7.8 - High
- May 26, 2022
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Dangling pointer
A memory corruption issue was addressed with improved memory handling
CVE-2022-26761
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds access issue was addressed with improved bounds checking
CVE-2022-26763
7.8 - High
- May 26, 2022
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges.
Buffer Overflow
A certificate parsing issue was addressed with improved checks
CVE-2022-26766
5.5 - Medium
- May 26, 2022
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation.
Improper Certificate Validation
An out-of-bounds read issue was addressed with improved input validation
CVE-2022-26697
7.1 - High
- May 26, 2022
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
Out-of-bounds Read
An out-of-bounds read issue was addressed with improved bounds checking
CVE-2022-26698
7.1 - High
- May 26, 2022
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
Out-of-bounds Read
A memory corruption issue was addressed with improved validation
CVE-2022-26714
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-26715
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges.
Memory Corruption
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-26720
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A memory initialization issue was addressed
CVE-2022-26721
7.8 - High
- May 26, 2022
A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.
Improper Initialization
A memory initialization issue was addressed
CVE-2022-26722
7.8 - High
- May 26, 2022
A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.
Improper Initialization
This issue was addressed with improved checks
CVE-2022-26726
6.5 - Medium
- May 26, 2022
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen.
This issue was addressed with improved entitlements
CVE-2022-26727
5.5 - Medium
- May 26, 2022
This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system.
This issue was addressed with improved entitlements
CVE-2022-26728
5.5 - Medium
- May 26, 2022
This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files.
A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks
CVE-2022-26704
7.8 - High
- May 26, 2022
A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges.
insecure temporary file
An issue in the handling of symlinks was addressed with improved validation
CVE-2022-26688
4.4 - Medium
- May 26, 2022
An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files.
insecure temporary file
This issue was addressed with improved checks
CVE-2022-22616
5.5 - Medium
- May 26, 2022
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.
AuthZ
A cookie management issue was addressed with improved state management
CVE-2022-22662
6.5 - Medium
- May 26, 2022
A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information.
Exposure of Resource to Wrong Sphere
This issue was addressed with improved checks to prevent unauthorized actions
CVE-2022-22663
5.5 - Medium
- May 26, 2022
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks.
AuthZ
A memory corruption issue was addressed with improved memory handling
CVE-2022-22672
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds read issue existed that led to the disclosure of kernel memory
CVE-2022-22674
5.5 - Medium
- May 26, 2022
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory.
Out-of-bounds Read
A logic issue was addressed with improved state management
CVE-2022-26691
6.7 - Medium
- May 26, 2022
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.
Improper Privilege Management
zlib before 1.2.12 allows memory corruption when deflating (i.e
CVE-2018-25032
7.5 - High
- March 25, 2022
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Memory Corruption
A validation issue was addressed with improved input sanitization
CVE-2022-22589
6.1 - Medium
- March 18, 2022
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.
Improper Input Validation
A logic issue was addressed with improved validation
CVE-2022-22665
7.8 - High
- March 18, 2022
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.
Improper Privilege Management
An information disclosure issue was addressed with improved state management
CVE-2022-22579
7.8 - High
- March 18, 2022
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution.
Exposure of Resource to Wrong Sphere
A buffer overflow issue was addressed with improved memory handling
CVE-2022-22593
7.8 - High
- March 18, 2022
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges.
Classic Buffer Overflow
An out-of-bounds read was addressed with improved bounds checking
CVE-2022-22627
7.1 - High
- March 18, 2022
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
Memory Corruption
A memory corruption issue was addressed with improved validation
CVE-2022-22597
7.8 - High
- March 18, 2022
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution.
Memory Corruption
An out-of-bounds read was addressed with improved bounds checking
CVE-2022-22626
7.1 - High
- March 18, 2022
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
Out-of-bounds Read
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-22631
7.8 - High
- March 18, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.
Memory Corruption
A null pointer dereference was addressed with improved validation
CVE-2022-22638
6.5 - Medium
- March 18, 2022
A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack.
NULL Pointer Dereference
This issue was addressed with improved checks
CVE-2022-22647
4.6 - Medium
- March 18, 2022
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window.
A permissions issue was addressed with improved validation
CVE-2022-22583
5.5 - Medium
- March 18, 2022
A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.
Exposure of Resource to Wrong Sphere
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-22613
7.8 - High
- March 18, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A use after free issue was addressed with improved memory management
CVE-2022-22614
7.8 - High
- March 18, 2022
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.
Dangling pointer
A use after free issue was addressed with improved memory management
CVE-2022-22615
7.8 - High
- March 18, 2022
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.
Dangling pointer
A logic issue was addressed with improved state management
CVE-2022-22617
7.8 - High
- March 18, 2022
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.
Improper Privilege Management
An out-of-bounds read was addressed with improved input validation
CVE-2022-22625
7.1 - High
- March 18, 2022
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
Out-of-bounds Read
This issue was addressed with improved checks
CVE-2022-22648
5.5 - Medium
- March 18, 2022
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory.
This issue was addressed with improved checks
CVE-2022-22650
5.5 - Medium
- March 18, 2022
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data.
Improper Preservation of Permissions
An authentication issue was addressed with improved state management
CVE-2022-22656
3.3 - Low
- March 18, 2022
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in users desktop from the fast user switching screen.
authentification
A type confusion issue was addressed with improved state handling
CVE-2022-22661
7.8 - High
- March 18, 2022
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges.
Object Type Confusion
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body
CVE-2022-22720
9.8 - Critical
- March 14, 2022
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
HTTP Request Smuggling
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash
CVE-2022-22719
7.5 - High
- March 14, 2022
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.
Improper Initialization
If LimitXMLRequestBody is set to
CVE-2022-22721
9.1 - Critical
- March 14, 2022
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
Integer Overflow or Wraparound
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
CVE-2022-23308
7.5 - High
- February 26, 2022
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
Dangling pointer
In zsh before 5.8.1, an attacker
CVE-2021-45444
7.8 - High
- February 14, 2022
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
A flaw was found in Unzip
CVE-2022-0530
5.5 - Medium
- February 09, 2022
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0261
7.8 - High
- January 18, 2022
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Memory Corruption
vim is vulnerable to Out-of-bounds Read
CVE-2022-0128
7.8 - High
- January 06, 2022
vim is vulnerable to Out-of-bounds Read
Out-of-bounds Read
vim is vulnerable to Out-of-bounds Read
CVE-2021-4193
5.5 - Medium
- December 31, 2021
vim is vulnerable to Out-of-bounds Read
Out-of-bounds Read
vim is vulnerable to Use After Free
CVE-2021-4192
7.8 - High
- December 31, 2021
vim is vulnerable to Use After Free
Dangling pointer
vim is vulnerable to Use After Free
CVE-2021-4187
7.8 - High
- December 29, 2021
vim is vulnerable to Use After Free
Dangling pointer
vim is vulnerable to Use After Free
CVE-2021-4173
7.8 - High
- December 27, 2021
vim is vulnerable to Use After Free
Dangling pointer
vim is vulnerable to Out-of-bounds Read
CVE-2021-4166
7.1 - High
- December 25, 2021
vim is vulnerable to Out-of-bounds Read
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by Apple? Click the Watch button to subscribe.
