# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2023-27960 |
|
|
+Priv |
2023-05-08 |
2023-05-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macOS 10.4.8. An app may be able to gain elevated privileges during the installation of GarageBand |
2 |
CVE-2022-32910 |
|
|
Bypass |
2022-11-01 |
2022-11-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper. |
3 |
CVE-2022-32849 |
|
|
|
2022-09-23 |
2023-01-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. |
4 |
CVE-2022-32837 |
|
|
|
2022-08-24 |
2022-10-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory. |
5 |
CVE-2022-32794 |
|
|
+Priv |
2022-11-01 |
2022-11-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges. |
6 |
CVE-2022-26775 |
190 |
|
Exec Code Overflow |
2022-05-26 |
2022-06-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. |
7 |
CVE-2022-26770 |
125 |
|
Exec Code |
2022-05-26 |
2022-06-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
8 |
CVE-2022-26769 |
787 |
|
Exec Code Mem. Corr. |
2022-05-26 |
2022-06-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
9 |
CVE-2022-26766 |
295 |
|
Bypass |
2022-05-26 |
2022-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation. |
10 |
CVE-2022-26763 |
119 |
|
Exec Code Overflow |
2022-05-26 |
2022-06-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges. |
11 |
CVE-2022-26761 |
787 |
|
Exec Code Mem. Corr. |
2022-05-26 |
2022-06-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. |
12 |
CVE-2022-26757 |
416 |
|
Exec Code |
2022-05-26 |
2023-01-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
13 |
CVE-2022-26756 |
787 |
|
Exec Code |
2022-05-26 |
2022-06-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. |
14 |
CVE-2022-26755 |
|
|
|
2022-05-26 |
2022-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox. |
15 |
CVE-2022-26751 |
787 |
|
Exec Code Mem. Corr. |
2022-05-26 |
2022-06-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
16 |
CVE-2022-26748 |
787 |
|
Exec Code |
2022-05-26 |
2022-06-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution. |
17 |
CVE-2022-26746 |
|
|
Bypass |
2022-05-26 |
2022-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. |
18 |
CVE-2022-26728 |
|
|
|
2022-05-26 |
2022-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files. |
19 |
CVE-2022-26727 |
|
|
|
2022-05-26 |
2022-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system. |
20 |
CVE-2022-26726 |
|
|
|
2022-05-26 |
2022-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen. |
21 |
CVE-2022-26722 |
665 |
|
+Priv |
2022-05-26 |
2022-06-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. |
22 |
CVE-2022-26721 |
665 |
|
+Priv |
2022-05-26 |
2022-06-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. |
23 |
CVE-2022-26720 |
787 |
|
Exec Code |
2022-05-26 |
2022-06-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
24 |
CVE-2022-26715 |
787 |
|
+Priv |
2022-05-26 |
2022-06-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges. |
25 |
CVE-2022-26714 |
787 |
|
Exec Code Mem. Corr. |
2022-05-26 |
2022-06-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
26 |
CVE-2022-26704 |
59 |
|
+Priv |
2022-05-26 |
2022-11-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges. |
27 |
CVE-2022-26698 |
125 |
|
|
2022-05-26 |
2022-06-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
28 |
CVE-2022-26697 |
125 |
|
|
2022-05-26 |
2022-06-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
29 |
CVE-2022-26691 |
269 |
|
+Priv |
2022-05-26 |
2022-10-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. |
30 |
CVE-2022-26688 |
59 |
|
|
2022-05-26 |
2022-06-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
Complete |
None |
An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files. |
31 |
CVE-2022-23308 |
416 |
|
|
2022-02-26 |
2022-11-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. |
32 |
CVE-2022-22721 |
190 |
|
Overflow |
2022-03-14 |
2022-11-02 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. |
33 |
CVE-2022-22674 |
125 |
|
|
2022-05-26 |
2022-06-08 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory. |
34 |
CVE-2022-22672 |
787 |
|
Exec Code Mem. Corr. |
2022-05-26 |
2022-06-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges. |
35 |
CVE-2022-22665 |
269 |
|
+Priv |
2022-03-18 |
2022-10-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges. |
36 |
CVE-2022-22663 |
863 |
|
Bypass |
2022-05-26 |
2022-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks. |
37 |
CVE-2022-22662 |
668 |
|
|
2022-05-26 |
2022-09-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. |
38 |
CVE-2022-22661 |
843 |
|
Exec Code |
2022-03-18 |
2022-11-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges. |
39 |
CVE-2022-22656 |
287 |
|
|
2022-03-18 |
2022-11-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen. |
40 |
CVE-2022-22650 |
281 |
|
|
2022-03-18 |
2022-11-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data. |
41 |
CVE-2022-22648 |
|
|
|
2022-03-18 |
2022-11-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory. |
42 |
CVE-2022-22647 |
|
|
Bypass |
2022-03-18 |
2022-11-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window. |
43 |
CVE-2022-22638 |
476 |
|
DoS |
2022-03-18 |
2022-11-02 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack. |
44 |
CVE-2022-22631 |
787 |
|
+Priv |
2022-03-18 |
2022-11-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges. |
45 |
CVE-2022-22627 |
787 |
|
|
2022-03-18 |
2022-03-26 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
46 |
CVE-2022-22626 |
125 |
|
|
2022-03-18 |
2022-11-02 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
47 |
CVE-2022-22625 |
125 |
|
|
2022-03-18 |
2022-11-02 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
48 |
CVE-2022-22617 |
269 |
|
+Priv |
2022-03-18 |
2022-11-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges. |
49 |
CVE-2022-22616 |
863 |
|
Bypass |
2022-05-26 |
2022-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks. |
50 |
CVE-2022-22615 |
416 |
|
Exec Code |
2022-03-18 |
2022-11-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. |