Filtered by vendor Apple
Subscriptions
Total
11603 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-35260 | 4 Apple, Haxx, Netapp and 1 more | 12 Macos, Curl, Clustered Data Ontap and 9 more | 2024-08-03 | 6.5 Medium |
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. | ||||
CVE-2022-35252 | 6 Apple, Debian, Haxx and 3 more | 21 Macos, Debian Linux, Curl and 18 more | 2024-08-03 | 3.7 Low |
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. | ||||
CVE-2022-34238 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-03 | 5.5 Medium |
Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 20.005.30334 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2022-34227 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-03 | 7.8 High |
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2022-34224 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-03 | 7.8 High |
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2022-33140 | 3 Apache, Apple, Linux | 4 Nifi, Nifi Registry, Macos and 1 more | 2024-08-03 | 8.8 High |
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments. | ||||
CVE-2022-32946 | 1 Apple | 2 Ipados, Iphone Os | 2024-08-03 | 5.5 Medium |
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods. | ||||
CVE-2022-32935 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-08-03 | 4.6 Medium |
A lock screen issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. A user may be able to view restricted content from the lock screen. | ||||
CVE-2022-32948 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-08-03 | 7.8 High |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | ||||
CVE-2022-32931 | 1 Apple | 1 Macos | 2024-08-03 | 5.5 Medium |
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information. | ||||
CVE-2022-32939 | 1 Apple | 2 Ipados, Iphone Os | 2024-08-03 | 7.8 High |
The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An app may be able to execute arbitrary code with kernel privileges. | ||||
CVE-2022-32947 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-08-03 | 7.8 High |
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. | ||||
CVE-2022-32934 | 1 Apple | 1 Macos | 2024-08-03 | 8.8 High |
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. A remote user may be able to cause kernel code execution. | ||||
CVE-2022-32944 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-08-03 | 7.8 High |
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to execute arbitrary code with kernel privileges. | ||||
CVE-2022-32942 | 1 Apple | 1 Macos | 2024-08-03 | 7.8 High |
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. An app may be able to execute arbitrary code with kernel privileges. | ||||
CVE-2022-32940 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-08-03 | 7.8 High |
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. | ||||
CVE-2022-32945 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-08-03 | 4.3 Medium |
An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods. | ||||
CVE-2022-32943 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-08-03 | 5.3 Medium |
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication. | ||||
CVE-2022-32925 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2024-08-03 | 7.1 High |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to cause unexpected system termination or write kernel memory. | ||||
CVE-2022-32938 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-08-03 | 5.3 Medium |
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system. |