| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-26775 |
190 |
|
Exec Code Overflow |
2022-05-26 |
2022-06-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. |
|
2 |
CVE-2022-26770 |
125 |
|
Exec Code |
2022-05-26 |
2022-06-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
|
3 |
CVE-2022-26769 |
787 |
|
Exec Code Mem. Corr. |
2022-05-26 |
2022-06-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
|
4 |
CVE-2022-26766 |
295 |
|
Bypass |
2022-05-26 |
2022-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation. |
|
5 |
CVE-2022-26763 |
119 |
|
Exec Code Overflow |
2022-05-26 |
2022-06-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges. |
|
6 |
CVE-2022-26761 |
787 |
|
Exec Code Mem. Corr. |
2022-05-26 |
2022-06-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. |
|
7 |
CVE-2022-26757 |
416 |
|
Exec Code |
2022-05-26 |
2022-06-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
|
8 |
CVE-2022-26756 |
787 |
|
Exec Code |
2022-05-26 |
2022-06-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. |
|
9 |
CVE-2022-26755 |
|
|
|
2022-05-26 |
2022-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox. |
|
10 |
CVE-2022-26751 |
787 |
|
Exec Code Mem. Corr. |
2022-05-26 |
2022-06-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
|
11 |
CVE-2022-26748 |
787 |
|
Exec Code |
2022-05-26 |
2022-06-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
12 |
CVE-2022-26746 |
|
|
Bypass |
2022-05-26 |
2022-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. |
|
13 |
CVE-2022-26728 |
|
|
|
2022-05-26 |
2022-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files. |
|
14 |
CVE-2022-26727 |
|
|
|
2022-05-26 |
2022-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system. |
|
15 |
CVE-2022-26726 |
|
|
|
2022-05-26 |
2022-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen. |
|
16 |
CVE-2022-26722 |
665 |
|
+Priv |
2022-05-26 |
2022-06-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. |
|
17 |
CVE-2022-26721 |
665 |
|
+Priv |
2022-05-26 |
2022-06-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. |
|
18 |
CVE-2022-26720 |
787 |
|
Exec Code |
2022-05-26 |
2022-06-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
|
19 |
CVE-2022-26715 |
787 |
|
+Priv |
2022-05-26 |
2022-06-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges. |
|
20 |
CVE-2022-26714 |
787 |
|
Exec Code Mem. Corr. |
2022-05-26 |
2022-06-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
|
21 |
CVE-2022-26698 |
125 |
|
|
2022-05-26 |
2022-06-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
|
22 |
CVE-2022-26697 |
125 |
|
|
2022-05-26 |
2022-06-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
|
23 |
CVE-2022-26691 |
269 |
|
+Priv |
2022-05-26 |
2022-06-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. |
|
24 |
CVE-2022-26688 |
59 |
|
|
2022-05-26 |
2022-06-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
Complete |
None |
|
An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files. |
|
25 |
CVE-2022-22674 |
125 |
|
|
2022-05-26 |
2022-06-08 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory. |
|
26 |
CVE-2022-22672 |
787 |
|
Exec Code Mem. Corr. |
2022-05-26 |
2022-06-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges. |
|
27 |
CVE-2022-22663 |
863 |
|
Bypass |
2022-05-26 |
2022-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks. |
|
28 |
CVE-2022-22662 |
668 |
|
|
2022-05-26 |
2022-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. |
|
29 |
CVE-2022-22627 |
787 |
|
|
2022-03-18 |
2022-03-26 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
|
30 |
CVE-2022-22616 |
863 |
|
Bypass |
2022-05-26 |
2022-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks. |
|
31 |
CVE-2022-22597 |
787 |
|
Exec Code Mem. Corr. |
2022-03-18 |
2022-03-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution. |
|
32 |
CVE-2022-22593 |
120 |
|
Exec Code Overflow |
2022-03-18 |
2022-03-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges. |
|
33 |
CVE-2022-22579 |
668 |
|
Exec Code |
2022-03-18 |
2022-03-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution. |
|
34 |
CVE-2021-31010 |
502 |
|
|
2021-08-24 |
2022-05-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release.. |
|
35 |
CVE-2021-30995 |
362 |
|
|
2021-08-24 |
2022-02-21 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to elevate privileges. |
|
36 |
CVE-2021-30990 |
|
|
Bypass |
2021-08-24 |
2021-12-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks. |
|
37 |
CVE-2021-30982 |
362 |
|
|
2021-08-24 |
2021-12-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A remote attacker may be able to cause unexpected application termination or heap corruption. |
|
38 |
CVE-2021-30981 |
120 |
|
Exec Code Overflow |
2021-08-24 |
2021-12-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges. |
|
39 |
CVE-2021-30980 |
416 |
|
Exec Code |
2021-08-24 |
2022-01-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to execute arbitrary code with kernel privileges. |
|
40 |
CVE-2021-30979 |
120 |
|
Exec Code Overflow |
2021-08-24 |
2022-02-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. |
|
41 |
CVE-2021-30977 |
120 |
|
Exec Code Overflow |
2021-08-24 |
2022-05-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code with kernel privileges. |
|
42 |
CVE-2021-30976 |
|
|
Bypass |
2021-08-24 |
2021-12-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks. |
|
43 |
CVE-2021-30975 |
863 |
|
Bypass |
2021-08-24 |
2021-12-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions. |
|
44 |
CVE-2021-30973 |
125 |
|
|
2021-08-24 |
2022-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted file may disclose user information. |
|
45 |
CVE-2021-30972 |
863 |
|
Bypass |
2021-08-24 |
2022-05-26 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-001 Catalina, macOS Big Sur 11.6.3. A malicious application may be able to bypass certain Privacy preferences. |
|
46 |
CVE-2021-30971 |
787 |
|
Exec Code |
2021-08-24 |
2022-01-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. |
|
47 |
CVE-2021-30969 |
|
|
|
2021-08-24 |
2022-01-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A path handling issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk. |
|
48 |
CVE-2021-30968 |
59 |
|
Bypass |
2021-08-24 |
2022-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A validation issue related to hard link behavior was addressed with improved sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to bypass certain Privacy preferences. |
|
49 |
CVE-2021-30965 |
|
|
DoS |
2021-08-24 |
2022-01-03 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to cause a denial of service to Endpoint Security clients. |
|
50 |
CVE-2021-30963 |
120 |
|
Overflow |
2021-08-24 |
2022-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information. |
