Apple Mac OSX Macintosh Operating System

This issue was addressed by removing the vulnerable code

CVE-2023-27960 7.8 - High - May 08, 2023

This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macOS 10.4.8. An app may be able to gain elevated privileges during the installation of GarageBand

A validation issue existed in the handling of symlinks

CVE-2022-22582 5.5 - Medium - February 27, 2023

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files.

insecure temporary file

A logic issue was addressed with improved state management

CVE-2022-32794 7.8 - High - November 01, 2022

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges.

A logic issue was addressed with improved checks

CVE-2022-32910 7.5 - High - November 01, 2022

A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper.

An out-of-bounds read was addressed with improved bounds checking

CVE-2022-32831 7.1 - High - September 23, 2022

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.

Out-of-bounds Read

An out-of-bounds write issue was addressed with improved input validation

CVE-2022-32820 7.8 - High - September 23, 2022

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.

Memory Corruption

An authorization issue was addressed with improved state management

CVE-2022-32826 7.8 - High - September 23, 2022

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.

A memory initialization issue was addressed with improved memory handling

CVE-2022-32823 5.5 - Medium - September 23, 2022

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information.

Improper Initialization

A logic issue was addressed with improved state management

CVE-2022-32819 7.8 - High - September 23, 2022

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.

The issue was addressed with improved memory handling

CVE-2022-32815 7.8 - High - September 23, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.

This issue was addressed with improved file handling

CVE-2022-32807 7.1 - High - September 23, 2022

This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files.

The issue was addressed with improved handling of caches

CVE-2022-32805 5.5 - Medium - September 23, 2022

The issue was addressed with improved handling of caches. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to access sensitive user information.

This issue was addressed with improved checks

CVE-2022-32800 5.5 - Medium - September 23, 2022

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.

An out-of-bounds read issue was addressed with improved bounds checking

CVE-2022-32799 5.9 - Medium - September 23, 2022

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information.

Out-of-bounds Read

This issue was addressed with improved checks

CVE-2022-32797 7.1 - High - September 23, 2022

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.

This issue was addressed with improved checks

CVE-2022-32790 7.5 - High - September 23, 2022

This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service.

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-32787 8.8 - High - September 23, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

An issue in the handling of environment variables was addressed with improved validation

CVE-2022-32786 5.5 - Medium - September 23, 2022

An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.

A null pointer dereference was addressed with improved validation

CVE-2022-32785 5.5 - Medium - September 23, 2022

A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service.

NULL Pointer Dereference

This issue was addressed by enabling hardened runtime

CVE-2022-32781 4.4 - Medium - September 23, 2022

This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information.

An out-of-bounds read issue was addressed with improved input validation

CVE-2022-32842 7.8 - High - September 23, 2022

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. An app may be able to gain elevated privileges.

Out-of-bounds Read

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-32843 7.1 - High - September 23, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory.

Memory Corruption

The issue was addressed with improved memory handling

CVE-2022-32832 6.7 - Medium - September 23, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.

This issue was addressed with improved checks

CVE-2022-32847 9.1 - Critical - September 23, 2022

This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. A remote user may be able to cause unexpected system termination or corrupt kernel memory.

An information disclosure issue was addressed by removing the vulnerable code

CVE-2022-32849 5.5 - Medium - September 23, 2022

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.

An out-of-bounds read issue was addressed with improved input validation

CVE-2022-32851 7.1 - High - September 23, 2022

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.

Out-of-bounds Read

An out-of-bounds read issue was addressed with improved input validation

CVE-2022-32853 7.1 - High - September 23, 2022

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.

Out-of-bounds Read

An access issue was addressed with improvements to the sandbox

CVE-2022-32834 5.5 - Medium - August 24, 2022

An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.

A logic issue was addressed with improved state management

CVE-2022-32838 5.5 - Medium - August 24, 2022

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6. An app may be able to read arbitrary files.

The issue was addressed with improved bounds checks

CVE-2022-32839 9.8 - Critical - August 24, 2022

The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A remote user may cause an unexpected app termination or arbitrary code execution.

This issue was addressed by using HTTPS when sending information over the network

CVE-2022-32857 4.3 - Medium - August 24, 2022

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privileged network position can track a users activity.

The issue was addressed with improved memory handling

CVE-2022-32813 7.8 - High - August 24, 2022

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. An app with root privileges may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved memory handling

CVE-2022-32812 7.8 - High - August 24, 2022

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.

A memory corruption vulnerability was addressed with improved locking

CVE-2022-32811 7.8 - High - August 24, 2022

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.

Buffer Overflow

This issue was addressed with improved checks

CVE-2022-32837 7.8 - High - August 24, 2022

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory.

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114

CVE-2022-2294 8.8 - High - July 28, 2022

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

A memory corruption issue was addressed with improved input validation

CVE-2022-26769 7.8 - High - May 26, 2022

A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

An out-of-bounds read issue was addressed with improved input validation

CVE-2022-26770 7.8 - High - May 26, 2022

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.

Out-of-bounds Read

An integer overflow was addressed with improved input validation

CVE-2022-26775 9.8 - Critical - May 26, 2022

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution.

Integer Overflow or Wraparound

This issue was addressed by removing the vulnerable code

CVE-2022-26746 5.5 - Medium - May 26, 2022

This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.

An out-of-bounds write issue was addressed with improved input validation

CVE-2022-26748 8.8 - High - May 26, 2022

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A memory corruption issue was addressed with improved input validation

CVE-2022-26751 7.8 - High - May 26, 2022

A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Memory Corruption

This issue was addressed with improved environment sanitization

CVE-2022-26755 6.3 - Medium - May 26, 2022

This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox.

An out-of-bounds write issue was addressed with improved input validation

CVE-2022-26756 7.8 - High - May 26, 2022

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A use after free issue was addressed with improved memory management

CVE-2022-26757 7.8 - High - May 26, 2022

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.

Dangling pointer

A memory corruption issue was addressed with improved memory handling

CVE-2022-26761 7.8 - High - May 26, 2022

A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

An out-of-bounds access issue was addressed with improved bounds checking

CVE-2022-26763 7.8 - High - May 26, 2022

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges.

Buffer Overflow

A certificate parsing issue was addressed with improved checks

CVE-2022-26766 5.5 - Medium - May 26, 2022

A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation.

Improper Certificate Validation

An out-of-bounds read issue was addressed with improved input validation

CVE-2022-26697 7.1 - High - May 26, 2022

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

Out-of-bounds Read

An out-of-bounds read issue was addressed with improved bounds checking

CVE-2022-26698 7.1 - High - May 26, 2022

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

Out-of-bounds Read

A memory corruption issue was addressed with improved validation

CVE-2022-26714 7.8 - High - May 26, 2022

A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-26715 7.8 - High - May 26, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges.

Memory Corruption

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-26720 7.8 - High - May 26, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A memory initialization issue was addressed

CVE-2022-26721 7.8 - High - May 26, 2022

A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.

Improper Initialization

A memory initialization issue was addressed

CVE-2022-26722 7.8 - High - May 26, 2022

A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.

Improper Initialization

This issue was addressed with improved checks

CVE-2022-26726 6.5 - Medium - May 26, 2022

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen.

This issue was addressed with improved entitlements

CVE-2022-26727 5.5 - Medium - May 26, 2022

This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system.

This issue was addressed with improved entitlements

CVE-2022-26728 5.5 - Medium - May 26, 2022

This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files.

A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks

CVE-2022-26704 7.8 - High - May 26, 2022

A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges.

insecure temporary file

An issue in the handling of symlinks was addressed with improved validation

CVE-2022-26688 4.4 - Medium - May 26, 2022

An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files.

insecure temporary file

This issue was addressed with improved checks

CVE-2022-22616 5.5 - Medium - May 26, 2022

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.

AuthZ

A cookie management issue was addressed with improved state management

CVE-2022-22662 6.5 - Medium - May 26, 2022

A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information.

Exposure of Resource to Wrong Sphere

This issue was addressed with improved checks to prevent unauthorized actions

CVE-2022-22663 5.5 - Medium - May 26, 2022

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks.

AuthZ

A memory corruption issue was addressed with improved memory handling

CVE-2022-22672 7.8 - High - May 26, 2022

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

An out-of-bounds read issue existed that led to the disclosure of kernel memory

CVE-2022-22674 5.5 - Medium - May 26, 2022

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory.

Out-of-bounds Read

A logic issue was addressed with improved state management

CVE-2022-26691 6.7 - Medium - May 26, 2022

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.

Improper Privilege Management

zlib before 1.2.12 allows memory corruption when deflating (i.e

CVE-2018-25032 7.5 - High - March 25, 2022

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Memory Corruption

A validation issue was addressed with improved input sanitization

CVE-2022-22589 6.1 - Medium - March 18, 2022

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.

Improper Input Validation

A logic issue was addressed with improved validation

CVE-2022-22665 7.8 - High - March 18, 2022

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

Improper Privilege Management

An information disclosure issue was addressed with improved state management

CVE-2022-22579 7.8 - High - March 18, 2022

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution.

Exposure of Resource to Wrong Sphere

A buffer overflow issue was addressed with improved memory handling

CVE-2022-22593 7.8 - High - March 18, 2022

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges.

Classic Buffer Overflow

An out-of-bounds read was addressed with improved bounds checking

CVE-2022-22627 7.1 - High - March 18, 2022

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

Memory Corruption

A memory corruption issue was addressed with improved validation

CVE-2022-22597 7.8 - High - March 18, 2022

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution.

Memory Corruption

An out-of-bounds read was addressed with improved bounds checking

CVE-2022-22626 7.1 - High - March 18, 2022

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

Out-of-bounds Read

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-22631 7.8 - High - March 18, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.

Memory Corruption

A null pointer dereference was addressed with improved validation

CVE-2022-22638 6.5 - Medium - March 18, 2022

A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack.

NULL Pointer Dereference

This issue was addressed with improved checks

CVE-2022-22647 4.6 - Medium - March 18, 2022

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window.

A permissions issue was addressed with improved validation

CVE-2022-22583 5.5 - Medium - March 18, 2022

A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.

Exposure of Resource to Wrong Sphere

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-22613 7.8 - High - March 18, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A use after free issue was addressed with improved memory management

CVE-2022-22614 7.8 - High - March 18, 2022

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.

Dangling pointer

A use after free issue was addressed with improved memory management

CVE-2022-22615 7.8 - High - March 18, 2022

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.

Dangling pointer

A logic issue was addressed with improved state management

CVE-2022-22617 7.8 - High - March 18, 2022

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.

Improper Privilege Management

An out-of-bounds read was addressed with improved input validation

CVE-2022-22625 7.1 - High - March 18, 2022

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

Out-of-bounds Read

This issue was addressed with improved checks

CVE-2022-22648 5.5 - Medium - March 18, 2022

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory.

This issue was addressed with improved checks

CVE-2022-22650 5.5 - Medium - March 18, 2022

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data.

Improper Preservation of Permissions

An authentication issue was addressed with improved state management

CVE-2022-22656 3.3 - Low - March 18, 2022

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in users desktop from the fast user switching screen.

authentification

A type confusion issue was addressed with improved state handling

CVE-2022-22661 7.8 - High - March 18, 2022

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges.

Object Type Confusion

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body

CVE-2022-22720 9.8 - Critical - March 14, 2022

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

HTTP Request Smuggling

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash

CVE-2022-22719 7.5 - High - March 14, 2022

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

Improper Initialization

If LimitXMLRequestBody is set to

CVE-2022-22721 9.1 - Critical - March 14, 2022

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

Integer Overflow or Wraparound

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

CVE-2022-23308 7.5 - High - February 26, 2022

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Dangling pointer

In zsh before 5.8.1, an attacker

CVE-2021-45444 7.8 - High - February 14, 2022

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.

A flaw was found in Unzip

CVE-2022-0530 5.5 - Medium - February 09, 2022

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-0261 7.8 - High - January 18, 2022

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Memory Corruption

vim is vulnerable to Out-of-bounds Read

CVE-2022-0128 7.8 - High - January 06, 2022

vim is vulnerable to Out-of-bounds Read

Out-of-bounds Read

vim is vulnerable to Out-of-bounds Read

CVE-2021-4193 5.5 - Medium - December 31, 2021

vim is vulnerable to Out-of-bounds Read

Out-of-bounds Read

vim is vulnerable to Use After Free

CVE-2021-4192 7.8 - High - December 31, 2021

vim is vulnerable to Use After Free

Dangling pointer

vim is vulnerable to Use After Free

CVE-2021-4187 7.8 - High - December 29, 2021

vim is vulnerable to Use After Free

Dangling pointer

vim is vulnerable to Use After Free

CVE-2021-4173 7.8 - High - December 27, 2021

vim is vulnerable to Use After Free

Dangling pointer

vim is vulnerable to Out-of-bounds Read

CVE-2021-4166 7.1 - High - December 25, 2021

vim is vulnerable to Out-of-bounds Read

Out-of-bounds Read