Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apple | First view | 2020-11-04 |
| Product | Mac Os X | Last view | 2022-11-01 |
| Version | 10.15.7 | Type | Os |
| Update | supplemental_update | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:apple:mac_os_x | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2022-11-01 | CVE-2022-32794 | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges. |
| 9.8 | 2022-05-26 | CVE-2022-26775 | An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. |
| 7.8 | 2022-05-26 | CVE-2022-26770 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26769 | A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 7.1 | 2022-05-26 | CVE-2022-26698 | An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
| 7.1 | 2022-05-26 | CVE-2022-26697 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
| 6.7 | 2022-05-26 | CVE-2022-26691 | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. |
| 4.4 | 2022-05-26 | CVE-2022-26688 | An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files. |
| 5.5 | 2022-05-26 | CVE-2022-22674 | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory. |
| 7.8 | 2022-05-26 | CVE-2022-22672 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 5.5 | 2022-05-26 | CVE-2022-22663 | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks. |
| 6.5 | 2022-05-26 | CVE-2022-22662 | A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. |
| 5.5 | 2022-05-26 | CVE-2022-22616 | This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks. |
| 7.8 | 2022-03-18 | CVE-2022-22665 | A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22597 | A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution. |
| 7.8 | 2022-03-18 | CVE-2022-22593 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 6.1 | 2022-03-18 | CVE-2022-22589 | A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. |
| 7.8 | 2022-03-18 | CVE-2022-22579 | An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution. |
| 5.5 | 2022-02-09 | CVE-2022-0530 | A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. |
| 7.8 | 2021-12-19 | CVE-2021-4136 | vim is vulnerable to Heap-based Buffer Overflow |
| 7.8 | 2021-10-28 | CVE-2021-30834 | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution. |
| 5.5 | 2021-10-28 | CVE-2021-30833 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. |
| 7.8 | 2021-10-28 | CVE-2021-30824 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2021-10-28 | CVE-2021-30821 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 5.5 | 2021-10-19 | CVE-2021-30850 | An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of the file system. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 35% (66) | CWE-787 | Out-of-bounds Write |
| 27% (52) | CWE-125 | Out-of-bounds Read |
| 4% (9) | CWE-416 | Use After Free |
| 4% (9) | CWE-362 | Race Condition |
| 4% (9) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 4% (8) | CWE-20 | Improper Input Validation |
| 3% (7) | CWE-269 | Improper Privilege Management |
| 2% (4) | CWE-190 | Integer Overflow or Wraparound |
| 1% (3) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 1% (3) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 1% (2) | CWE-281 | Improper Preservation of Permissions |
| 0% (1) | CWE-770 | Allocation of Resources Without Limits or Throttling |
| 0% (1) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 0% (1) | CWE-697 | Insufficient Comparison |
| 0% (1) | CWE-674 | Uncontrolled Recursion |
| 0% (1) | CWE-667 | Insufficient Locking |
| 0% (1) | CWE-665 | Improper Initialization |
| 0% (1) | CWE-617 | Reachable Assertion |
| 0% (1) | CWE-502 | Deserialization of Untrusted Data |
| 0% (1) | CWE-494 | Download of Code Without Integrity Check |
| 0% (1) | CWE-415 | Double Free |
| 0% (1) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 0% (1) | CWE-295 | Certificate Issues |
| 0% (1) | CWE-287 | Improper Authentication |
| 0% (1) | CWE-276 | Incorrect Default Permissions |
