) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-004:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-32910 |
A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper. Published: November 01, 2022; 4:15:19 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2022-32794 |
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges. Published: November 01, 2022; 4:15:17 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2022-32849 |
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. Published: September 23, 2022; 3:15:13 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
| CVE-2022-32837 |
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory. Published: August 24, 2022; 4:15:08 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2022-2294 |
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Published: July 27, 2022; 10:15:07 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2022-26704 |
A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges. Published: May 26, 2022; 3:15:08 PM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2022-22719 |
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Published: March 14, 2022; 7:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2022-23308 |
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. Published: February 26, 2022; 12:15:08 AM -0500 |
V3.1: 7.5 HIGH V2.0: 4.3 MEDIUM |
| CVE-2021-4193 |
vim is vulnerable to Out-of-bounds Read Published: December 31, 2021; 11:15:07 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2021-4192 |
vim is vulnerable to Use After Free Published: December 31, 2021; 10:15:08 AM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2021-4187 |
vim is vulnerable to Use After Free Published: December 29, 2021; 12:15:07 PM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2021-4173 |
vim is vulnerable to Use After Free Published: December 27, 2021; 8:15:07 AM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2021-4166 |
vim is vulnerable to Out-of-bounds Read Published: December 25, 2021; 2:15:07 PM -0500 |
V3.1: 7.1 HIGH V2.0: 5.8 MEDIUM |
| CVE-2021-44224 |
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). Published: December 20, 2021; 7:15:07 AM -0500 |
V3.1: 8.2 HIGH V2.0: 6.4 MEDIUM |
| CVE-2021-4136 |
vim is vulnerable to Heap-based Buffer Overflow Published: December 19, 2021; 12:15:07 PM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2021-30713 |
A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.. Published: September 08, 2021; 11:15:15 AM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
| CVE-2021-30652 |
A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges. Published: September 08, 2021; 11:15:12 AM -0400 |
V3.1: 7.0 HIGH V2.0: 7.6 HIGH |
| CVE-2021-1875 |
A double free issue was addressed with improved memory management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted file may lead to heap corruption. Published: September 08, 2021; 11:15:12 AM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2021-1858 |
Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds write issue was addressed with improved bounds checking. Published: September 08, 2021; 11:15:11 AM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2021-1857 |
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information. Published: September 08, 2021; 11:15:11 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |