Macos Security Vulnerabilities and Issues — Macos CVE List

Lucene search

AppleMacos

55 matches found

CVE•added 2022/03/14 11:15 a.m.•7623 views

CVE-2022-22720

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

9.8CVSS9.4AI score0.29926EPSS

CVE•added 2022/03/25 9:15 a.m.•3078 views

CVE-2018-25032

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

7.5CVSS8.1AI score0.00075EPSS

CVE•added 2022/03/14 11:15 a.m.•2343 views

CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

9.1CVSS9.4AI score0.26907EPSS

CVE•added 2022/03/14 11:15 a.m.•2009 views

CVE-2022-22719

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

7.5CVSS8.7AI score0.27284EPSS

CVE•added 2022/03/18 6:15 p.m.•1154 views

CVE-2022-22620

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a re...

8.8CVSS8.8AI score0.03877EPSS

CVE•added 2022/03/18 6:15 p.m.•1104 views

CVE-2022-22587

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may ha...

10CVSS8.3AI score0.00483EPSS

CVE•added 2022/03/18 6:15 p.m.•278 views

CVE-2022-22639

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.

7.8CVSS7AI score0.04094EPSS

CVE•added 2022/03/18 6:15 p.m.•251 views

CVE-2022-22600

The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences.

5.5CVSS5.6AI score0.00748EPSS

CVE•added 2022/03/14 9:15 p.m.•229 views

CVE-2022-0943

Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.

8.4CVSS7.8AI score0.00037EPSS

CVE•added 2022/03/18 6:15 p.m.•185 views

CVE-2022-22592

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

6.5CVSS6.3AI score0.00128EPSS

CVE•added 2022/03/18 6:15 p.m.•183 views

CVE-2022-22631

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.

7.8CVSS7.3AI score0.00147EPSS

CVE•added 2022/03/13 6:15 p.m.•176 views

CVE-2022-26981

Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).

7.8CVSS7.8AI score0.00251EPSS

CVE•added 2022/03/18 6:15 p.m.•164 views

CVE-2022-22590

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.5AI score0.00313EPSS

CVE•added 2022/03/18 6:15 p.m.•161 views

CVE-2022-22660

This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI.

5.5CVSS6.1AI score0.00267EPSS

CVE•added 2022/03/18 6:15 p.m.•158 views

CVE-2022-22594

A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.

6.5CVSS6.4AI score0.00106EPSS

CVE•added 2022/03/18 6:15 p.m.•149 views

CVE-2022-22589

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.

6.1CVSS6.2AI score0.00278EPSS

CVE•added 2022/03/18 6:15 p.m.•147 views

CVE-2022-22638

A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service a...

6.5CVSS6.1AI score0.00217EPSS

CVE•added 2022/03/18 6:15 p.m.•135 views

CVE-2022-22611

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution.

7.8CVSS7.8AI score0.00593EPSS

CVE•added 2022/03/18 6:15 p.m.•135 views

CVE-2022-22633

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

9.3CVSS8.3AI score0.00349EPSS

CVE•added 2022/03/18 6:15 p.m.•124 views

CVE-2022-22665

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

9.3CVSS7.5AI score0.0035EPSS

CVE•added 2022/03/18 6:15 p.m.•123 views

CVE-2022-22617

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.

7.8CVSS7.6AI score0.00102EPSS

CVE•added 2022/03/18 6:15 p.m.•122 views

CVE-2022-22643

This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so.

7.5CVSS7AI score0.0027EPSS

CVE•added 2022/03/18 6:15 p.m.•118 views

CVE-2022-22664

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS7.4AI score0.00413EPSS

CVE•added 2022/03/18 6:15 p.m.•116 views

CVE-2022-22627

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memor...

7.1CVSS6.2AI score0.00362EPSS

CVE•added 2022/03/18 6:15 p.m.•112 views

CVE-2022-22614

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.9AI score0.00217EPSS

CVE•added 2022/03/18 6:15 p.m.•108 views

CVE-2022-22613

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privilege...

9.3CVSS7.9AI score0.00152EPSS

CVE•added 2022/03/18 6:15 p.m.•108 views

CVE-2022-22657

A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS7.5AI score0.00316EPSS

CVE•added 2022/03/18 6:15 p.m.•106 views

CVE-2022-22612

A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to heap corruption.

7.8CVSS7.1AI score0.00352EPSS

CVE•added 2022/03/18 6:15 p.m.•106 views

CVE-2022-22632

A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges.

9.8CVSS7.5AI score0.00871EPSS

CVE•added 2022/03/18 6:15 p.m.•104 views

CVE-2022-22656

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.

3.3CVSS4.6AI score0.00148EPSS

CVE•added 2022/03/18 6:15 p.m.•103 views

CVE-2022-22599

Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. A person with physical access to a device may be able to use Siri to obtain some location information from the lock scree...

2.4CVSS3.8AI score0.00107EPSS

CVE•added 2022/03/18 6:15 p.m.•103 views

CVE-2022-22621

This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.

4.6CVSS4.4AI score0.00156EPSS

CVE•added 2022/03/18 6:15 p.m.•103 views

CVE-2022-22625

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memo...

7.1CVSS6.2AI score0.00368EPSS

CVE•added 2022/03/18 6:15 p.m.•103 views

CVE-2022-22647

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window.

4.6CVSS4.9AI score0.00102EPSS

CVE•added 2022/03/18 6:15 p.m.•101 views

CVE-2022-22661

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.6AI score0.00246EPSS

CVE•added 2022/03/18 6:15 p.m.•101 views

CVE-2022-22669

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.

7.8CVSS8.1AI score0.00158EPSS

CVE•added 2022/03/18 6:15 p.m.•98 views

CVE-2022-22648

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory.

5.5CVSS5.2AI score0.00159EPSS

CVE•added 2022/03/18 6:15 p.m.•96 views

CVE-2022-22640

A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS8AI score0.00467EPSS

CVE•added 2022/03/18 6:15 p.m.•95 views

CVE-2022-22609

The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings.

7.5CVSS6.9AI score0.00361EPSS

CVE•added 2022/03/18 6:15 p.m.•94 views

CVE-2022-22626

7.1CVSS6.2AI score0.00362EPSS

CVE•added 2022/03/18 6:15 p.m.•90 views

CVE-2022-22651

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

7.8CVSS7.5AI score0.00593EPSS

CVE•added 2022/03/18 6:15 p.m.•89 views

CVE-2022-22650

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data.

5.5CVSS5.6AI score0.00103EPSS

CVE•added 2022/03/18 6:15 p.m.•88 views

CVE-2022-22615

9.3CVSS7.9AI score0.00196EPSS

CVE•added 2022/03/18 6:15 p.m.•86 views

CVE-2022-22593

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privi...

9.3CVSS8.1AI score0.01307EPSS

CVE•added 2022/03/18 6:15 p.m.•86 views

CVE-2022-22641

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.

9.8CVSS8.1AI score0.00619EPSS

CVE•added 2022/03/18 6:15 p.m.•83 views

CVE-2022-22597

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution.

7.8CVSS7.7AI score0.00281EPSS

CVE•added 2022/03/18 6:15 p.m.•83 views

CVE-2022-22644

A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user's contacts.

5.5CVSS5.7AI score0.003EPSS

CVE•added 2022/03/18 6:15 p.m.•75 views

CVE-2022-22579

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termin...

9.3CVSS7.8AI score0.003EPSS

CVE•added 2022/03/18 6:15 p.m.•72 views

CVE-2022-22583

A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.

5.5CVSS5.5AI score0.00065EPSS

CVE•added 2022/03/18 6:15 p.m.•72 views

CVE-2022-22586

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.

10CVSS8.5AI score0.00553EPSS

Total number of security vulnerabilities55