Filtered by vendor Apple Subscriptions
Filtered by product Macos Subscriptions
Total 3615 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-32797 1 Apple 2 Mac Os X, Macos 2024-11-21 7.1 High
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.
CVE-2022-32796 1 Apple 1 Macos 2024-11-21 7.8 High
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.
CVE-2022-32794 1 Apple 2 Mac Os X, Macos 2024-11-21 7.8 High
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges.
CVE-2022-32793 2 Apple, Fedoraproject 6 Ipados, Iphone Os, Macos and 3 more 2024-11-21 7.5 High
Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.
CVE-2022-32792 2 Apple, Redhat 6 Ipados, Iphone Os, Macos and 3 more 2024-11-21 8.8 High
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-32790 1 Apple 6 Ipados, Iphone Os, Mac Os X and 3 more 2024-11-21 7.5 High
This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service.
CVE-2022-32789 1 Apple 1 Macos 2024-11-21 5.5 Medium
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to bypass Privacy preferences.
CVE-2022-32788 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-11-21 9.8 Critical
A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. A remote user may be able to cause kernel code execution.
CVE-2022-32787 1 Apple 6 Ipados, Iphone Os, Mac Os X and 3 more 2024-11-21 8.8 High
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-32786 1 Apple 2 Mac Os X, Macos 2024-11-21 5.5 Medium
An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.
CVE-2022-32785 1 Apple 4 Ipados, Iphone Os, Mac Os X and 1 more 2024-11-21 5.5 Medium
A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service.
CVE-2022-32783 1 Apple 1 Macos 2024-11-21 5.5 Medium
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An app may gain unauthorized access to Bluetooth.
CVE-2022-32782 1 Apple 1 Macos 2024-11-21 4.4 Medium
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4. An app with root privileges may be able to access private information.
CVE-2022-32781 1 Apple 4 Ipados, Iphone Os, Mac Os X and 1 more 2024-11-21 4.4 Medium
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information.
CVE-2022-32221 6 Apple, Debian, Haxx and 3 more 16 Macos, Debian Linux, Curl and 13 more 2024-11-21 9.8 Critical
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
CVE-2022-32208 7 Apple, Debian, Fedoraproject and 4 more 21 Macos, Debian Linux, Fedora and 18 more 2024-11-21 5.9 Medium
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
CVE-2022-32207 7 Apple, Debian, Fedoraproject and 4 more 21 Macos, Debian Linux, Fedora and 18 more 2024-11-21 9.8 Critical
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
CVE-2022-32205 7 Apple, Debian, Fedoraproject and 4 more 29 Macos, Debian Linux, Fedora and 26 more 2024-11-21 4.3 Medium
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
CVE-2022-30676 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2024-11-21 5.5 Medium
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-30675 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2024-11-21 5.5 Medium
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.