Apple macOS vulnerabilities

CVE-2022-22660 [MEDIUM] CVE-2022-22660: This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI.

CVE-2022-22599 [LOW] CVE-2022-22599: Description: A permissions issue was addressed with improved validation. This issue is fixed in watc Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen.

CVE-2022-22656 [LOW] CWE-287 CVE-2022-22656: An authentication issue was addressed with improved state management. This issue is fixed in macOS B An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.

CVE-2022-22721 [CRITICAL] CWE-190 CVE-2022-22721: If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit s If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

CVE-2022-22720 [CRITICAL] CWE-444 CVE-2022-22720: Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

CVE-2022-22719 [HIGH] CWE-665 CVE-2022-22719: A carefully crafted request body can cause a read to a random memory area which could cause the proc A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

CVE-2022-0943 [HIGH] CWE-122 CVE-2022-0943: Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.

CVE-2022-26981 [HIGH] CWE-120 CVE-2022-26981: Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (cal Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).

CVE-2022-23308 [HIGH] CWE-416 CVE-2022-23308: valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

CVE-2022-0729 [HIGH] CWE-823 CVE-2022-0729: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.

CVE-2022-0714 [MEDIUM] CWE-122 CVE-2022-0714: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.

CVE-2022-0696 [MEDIUM] CWE-476 CVE-2022-0696: NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.

CVE-2022-0685 [HIGH] CWE-823 CVE-2022-0685: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.

CVE-2022-0629 [HIGH] CWE-121 CVE-2022-0629: Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-0572 [HIGH] CWE-122 CVE-2022-0572: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2021-45444 [HIGH] CVE-2021-45444: In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.

CVE-2022-0554 [HIGH] CWE-823 CVE-2022-0554: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.

CVE-2022-0530 [MEDIUM] CVE-2022-0530: A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a loca A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

CVE-2022-0392 [HIGH] CWE-122 CVE-2022-0392: Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.

CVE-2022-0368 [HIGH] CWE-125 CVE-2022-0368: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.