Apple macOS vulnerabilities

CVE-2022-26767 [MEDIUM] CWE-863 CVE-2022-26767: The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12 The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.

CVE-2022-26766 [MEDIUM] CWE-295 CVE-2022-26766: A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iO A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation.

CVE-2022-22662 [MEDIUM] CVE-2022-22662: A cookie management issue was addressed with improved state management. This issue is fixed in Secur A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information.

CVE-2022-26691 [MEDIUM] CWE-697 CVE-2022-26691: A logic issue was addressed with improved state management. This issue is fixed in Security Update 2 A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.

CVE-2022-26690 [MEDIUM] CWE-362 CVE-2022-26690: Description: A race condition was addressed with additional validation. This issue is fixed in macOS Description: A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to modify protected parts of the file system.

CVE-2022-22674 [MEDIUM] CWE-125 CVE-2022-22674: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory.

CVE-2022-26765 [MEDIUM] CWE-362 CVE-2022-26765: A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvO A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

CVE-2022-22676 [MEDIUM] CVE-2022-22676: An event handler validation issue in the XPC Services API was addressed by removing the service. Thi An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission.

CVE-2022-26725 [MEDIUM] CVE-2022-26725: A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12 A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector.

CVE-2022-26726 [MEDIUM] CVE-2022-26726: This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catal This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen.

CVE-2022-26727 [MEDIUM] CVE-2022-26727: This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system.

CVE-2022-1851 [HIGH] CWE-125 CVE-2022-1851: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

CVE-2022-29181 [HIGH] CWE-241 CVE-2022-29181: Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure

CVE-2022-1769 [HIGH] CWE-126 CVE-2022-1769: Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.

CVE-2022-1735 [HIGH] CWE-120 CVE-2022-1735: Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.

CVE-2022-1733 [HIGH] CWE-122 CVE-2022-1733: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.

CVE-2022-1674 [MEDIUM] CWE-476 CVE-2022-1674: NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vi NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.

CVE-2022-1622 [MEDIUM] CWE-125 CVE-2022-1622: LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing atta LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

CVE-2022-1629 [HIGH] CWE-126 CVE-2022-1629: Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vu Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution

CVE-2022-1621 [HIGH] CWE-122 CVE-2022-1621: Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This v Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution