VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202207-1573 CVE-2022-20877 plural  Cisco  In the product  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco)
VAR-202207-1550 CVE-2022-2464 Rockwell Automation  of  ISaGRAF Workbench  Past traversal vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful. (DoS) It may be in a state
VAR-202207-1643 CVE-2022-20885 plural  Cisco  In the product  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco)
VAR-202207-1541 CVE-2022-32498 Dell's  Linux  for  powerstore command line interface  Vulnerability regarding uncontrolled search path elements in CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure. Dell's Linux for powerstore command line interface Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202207-1547 CVE-2022-20887 plural  Cisco  In the product  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco)
VAR-202207-1533 CVE-2022-20909 Cisco Nexus Dashboard  Input verification vulnerability in CVSS V2: -
CVSS V3: 6.7
Severity: MEDIUM
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device. Cisco Nexus Dashboard There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Nexus Dashboard is a single console of Cisco (Cisco). It can simplify the operation and management of the data center network
VAR-202207-1616 CVE-2022-20884 plural  Cisco  In the product  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco)
VAR-202207-1561 CVE-2022-20891 plural  Cisco  Classic buffer overflow vulnerability in the product CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202207-1583 CVE-2022-20880 plural  Cisco  In the product  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco). The following products are affected: RV110W, RV130, RV130W, RV215W
VAR-202207-1597 CVE-2022-20879 plural  Cisco  In the product  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco). The following products are affected: RV110W, RV130, RV130W, RV215W
VAR-202207-1580 CVE-2022-28861 citilog  Vulnerability in plaintext transmission of important information in CVSS V2: -
CVSS V3: 5.9
Severity: MEDIUM
The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server. citilog Contains a vulnerability in the transmission of important information in clear text.Information may be obtained
VAR-202207-1563 CVE-2022-20889 plural  Cisco  Classic buffer overflow vulnerability in the product CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco)
VAR-202207-1582 CVE-2022-20881 plural  Cisco  In the product  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco)
VAR-202207-1572 CVE-2022-20890 plural  Cisco  Classic buffer overflow vulnerability in the product CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco)
VAR-202207-1538 CVE-2022-20886 plural  Cisco  In the product  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco)
VAR-202207-1607 CVE-2022-20882 plural  Cisco  In the product  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco)
VAR-202207-1617 CVE-2022-20878 plural  Cisco  In the product  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco). The following products are affected: RV110W, RV130, RV130W, RV215W
VAR-202207-1564 CVE-2022-20876 plural  Cisco  In the product  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco). The following products are affected: RV110W, RV130, RV130W, RV215W
VAR-202207-1644 CVE-2022-20883 plural  Cisco  In the product  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco)
VAR-202207-1448 CVE-2022-32785 on multiple Apple products.  NULL  Pointer dereference vulnerability CVSS V2: -
CVSS V3: 5.5
Severity: MEDIUM
A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service. iPadOS , iOS , Apple Mac OS X For multiple Apple products such as NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-07-20-2 macOS Monterey 12.5 macOS Monterey 12.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213345. APFS Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03) AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36) Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36) Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32845: Mohamed Ghannam (@_simo36) AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security Audio Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher Audio Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom) Automation Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved checks. CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Calendar Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security CoreMedia Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom) CoreText Available for: macOS Monterey Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg) File System Events Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant GPU Drivers Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2022-32793: an anonymous researcher GPU Drivers Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom) iCloud Photo Library Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones ICU Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit) Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. Kernel Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32829: an anonymous researcher Liblouis Available for: macOS Monterey Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn) libxml2 Available for: macOS Monterey Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823 Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927) Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927) PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t) PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t) PluginKit Available for: macOS Monterey Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro PS Normalizer Available for: macOS Monterey Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz SMB Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0) Software Update Available for: macOS Monterey Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin) Spindump Available for: macOS Monterey Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Spotlight Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2022-32801: Joshua Mason (@josh@jhu.edu) subversion Available for: macOS Monterey Impact: Multiple issues in subversion Description: Multiple issues were addressed by updating subversion. CVE-2021-28544: Evgeny Kotkov, visualsvn.com CVE-2022-24070: Evgeny Kotkov, visualsvn.com CVE-2022-29046: Evgeny Kotkov, visualsvn.com CVE-2022-29048: Evgeny Kotkov, visualsvn.com TCC Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) WebKit Available for: macOS Monterey Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative WebRTC Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team Wi-Fi Available for: macOS Monterey Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2022-32837: Wang Yu of Cyberserval Wi-Fi Available for: macOS Monterey Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval Windows Server Available for: macOS Monterey Impact: An app may be able to capture a user’s screen Description: A logic issue was addressed with improved checks. CVE-2022-32848: Jeremy Legendre of MacEnhance Additional recognition 802.1X We would like to acknowledge Shin Sun of National Taiwan University for their assistance. AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. Calendar We would like to acknowledge Joshua Jones for their assistance. configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. DiskArbitration We would like to acknowledge Mike Cush for their assistance. macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b /Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh 6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9 V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg= =ibIr -----END PGP SIGNATURE----- . CVE-2022-32832: Tommy Muir (@Muirey03) AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote user may be able to cause kernel code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2022-32821: John Aakerblom (@jaakerblom) Home Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.6 and iPadOS 15.6"