Summary
Detail | |||
---|---|---|---|
Vendor | Apple | First view | 2020-11-04 |
Product | Mac Os X | Last view | 2022-11-01 |
Version | 10.15.7 | Type | Os |
Update | supplemental_update | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:apple:mac_os_x |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.8 | 2022-11-01 | CVE-2022-32794 | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges. |
9.8 | 2022-05-26 | CVE-2022-26775 | An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. |
7.8 | 2022-05-26 | CVE-2022-26770 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
7.8 | 2022-05-26 | CVE-2022-26769 | A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
7.1 | 2022-05-26 | CVE-2022-26698 | An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
7.1 | 2022-05-26 | CVE-2022-26697 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
6.7 | 2022-05-26 | CVE-2022-26691 | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. |
4.4 | 2022-05-26 | CVE-2022-26688 | An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files. |
5.5 | 2022-05-26 | CVE-2022-22674 | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory. |
7.8 | 2022-05-26 | CVE-2022-22672 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges. |
5.5 | 2022-05-26 | CVE-2022-22663 | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks. |
6.5 | 2022-05-26 | CVE-2022-22662 | A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. |
5.5 | 2022-05-26 | CVE-2022-22616 | This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks. |
7.8 | 2022-03-18 | CVE-2022-22665 | A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges. |
7.8 | 2022-03-18 | CVE-2022-22597 | A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution. |
7.8 | 2022-03-18 | CVE-2022-22593 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges. |
6.1 | 2022-03-18 | CVE-2022-22589 | A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. |
7.8 | 2022-03-18 | CVE-2022-22579 | An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution. |
5.5 | 2022-02-09 | CVE-2022-0530 | A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. |
7.8 | 2021-12-19 | CVE-2021-4136 | vim is vulnerable to Heap-based Buffer Overflow |
7.8 | 2021-10-28 | CVE-2021-30834 | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution. |
5.5 | 2021-10-28 | CVE-2021-30833 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. |
7.8 | 2021-10-28 | CVE-2021-30824 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. |
7.8 | 2021-10-28 | CVE-2021-30821 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. |
5.5 | 2021-10-19 | CVE-2021-30850 | An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of the file system. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
35% (66) | CWE-787 | Out-of-bounds Write |
27% (52) | CWE-125 | Out-of-bounds Read |
4% (9) | CWE-416 | Use After Free |
4% (9) | CWE-362 | Race Condition |
4% (9) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
4% (8) | CWE-20 | Improper Input Validation |
3% (7) | CWE-269 | Improper Privilege Management |
2% (4) | CWE-190 | Integer Overflow or Wraparound |
1% (3) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
1% (3) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
1% (2) | CWE-281 | Improper Preservation of Permissions |
0% (1) | CWE-770 | Allocation of Resources Without Limits or Throttling |
0% (1) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
0% (1) | CWE-697 | Insufficient Comparison |
0% (1) | CWE-674 | Uncontrolled Recursion |
0% (1) | CWE-667 | Insufficient Locking |
0% (1) | CWE-665 | Improper Initialization |
0% (1) | CWE-617 | Reachable Assertion |
0% (1) | CWE-502 | Deserialization of Untrusted Data |
0% (1) | CWE-494 | Download of Code Without Integrity Check |
0% (1) | CWE-415 | Double Free |
0% (1) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
0% (1) | CWE-295 | Certificate Issues |
0% (1) | CWE-287 | Improper Authentication |
0% (1) | CWE-276 | Incorrect Default Permissions |