VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202207-1448 CVE-2022-32785 on multiple Apple products.  NULL  Pointer dereference vulnerability CVSS V2: -
CVSS V3: 5.5
Severity: MEDIUM
A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service. iPadOS , iOS , Apple Mac OS X For multiple Apple products such as NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-07-20-2 macOS Monterey 12.5 macOS Monterey 12.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213345. APFS Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03) AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36) Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36) Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32845: Mohamed Ghannam (@_simo36) AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security Audio Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher Audio Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom) Automation Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved checks. CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Calendar Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security CoreMedia Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom) CoreText Available for: macOS Monterey Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg) File System Events Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant GPU Drivers Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2022-32793: an anonymous researcher GPU Drivers Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom) iCloud Photo Library Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones ICU Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit) Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. Kernel Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32829: an anonymous researcher Liblouis Available for: macOS Monterey Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn) libxml2 Available for: macOS Monterey Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823 Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927) Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927) PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t) PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t) PluginKit Available for: macOS Monterey Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro PS Normalizer Available for: macOS Monterey Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz SMB Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0) Software Update Available for: macOS Monterey Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin) Spindump Available for: macOS Monterey Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Spotlight Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2022-32801: Joshua Mason (@josh@jhu.edu) subversion Available for: macOS Monterey Impact: Multiple issues in subversion Description: Multiple issues were addressed by updating subversion. CVE-2021-28544: Evgeny Kotkov, visualsvn.com CVE-2022-24070: Evgeny Kotkov, visualsvn.com CVE-2022-29046: Evgeny Kotkov, visualsvn.com CVE-2022-29048: Evgeny Kotkov, visualsvn.com TCC Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) WebKit Available for: macOS Monterey Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative WebRTC Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team Wi-Fi Available for: macOS Monterey Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2022-32837: Wang Yu of Cyberserval Wi-Fi Available for: macOS Monterey Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval Windows Server Available for: macOS Monterey Impact: An app may be able to capture a user’s screen Description: A logic issue was addressed with improved checks. CVE-2022-32848: Jeremy Legendre of MacEnhance Additional recognition 802.1X We would like to acknowledge Shin Sun of National Taiwan University for their assistance. AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. Calendar We would like to acknowledge Joshua Jones for their assistance. configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. DiskArbitration We would like to acknowledge Mike Cush for their assistance. macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b /Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh 6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9 V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg= =ibIr -----END PGP SIGNATURE----- . CVE-2022-32832: Tommy Muir (@Muirey03) AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote user may be able to cause kernel code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2022-32821: John Aakerblom (@jaakerblom) Home Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.6 and iPadOS 15.6"
VAR-202207-1449 CVE-2022-32810 Vulnerabilities in multiple Apple products CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges. iPadOS , iOS , macOS Unspecified vulnerabilities exist in multiple Apple products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15.6 and iPadOS 15.6. Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6 iOS 15.6 and iPadOS 15.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213346. APFS Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03) AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote user may be able to cause kernel code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2022-32788: Natalie Silvanovich of Google Project Zero AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom) AppleMobileFileIntegrity Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro Apple Neural Engine Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32845: Mohamed Ghannam (@_simo36) Apple Neural Engine Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36) CVE-2022-32829: an anonymous researcher Apple Neural Engine Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36) Audio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher Audio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom) CoreMedia Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom) CoreText Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg) File System Events Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant GPU Drivers Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to disclose kernel memory Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2022-32793: an anonymous researcher GPU Drivers Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom) Home Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32855: an anonymous researcher iCloud Photo Library Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to access sensitive user information Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones ICU Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-32841: hjy79425575 ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A logic issue was addressed with improved checks. CVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin (@patch1t) ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32830: Ye Zhang (@co0py_Cat) of Baidu Security ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit) IOMobileFrameBuffer Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved state management. CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0) Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0) Liblouis Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn) libxml2 Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823 Multi-Touch Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927) PluginKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro Safari Extensions Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Visiting a maliciously crafted website may leak sensitive data Description: The issue was addressed with improved UI handling. CVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National University Software Update Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin) WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative WebRTC Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2022-32837: Wang Yu of Cyberserval Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval Additional recognition 802.1X We would like to acknowledge Shin Sun of National Taiwan University for their assistance. AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.6 and iPadOS 15.6". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuMACgkQeC9qKD1p rhhc5hAA2emrXEYGmfH1M/gji0MOPflW+wrr0y8buntNyeJYFQbf1xgGkr9hmHlM DkROvVCXDzuMyH9QDOPNFGPqBTAe/5cL+auNq497f/vGVjEOZ09Y4vC/FVBBklgo kQND7CoWBhk99PgNxVdJyzkeKhBEs9JrNaIyGVqg8tChTWWghRzyyyQfHpSQfwj1 M9042Kj8w9hi4SrY9R8Oe+QrcCYw/lYo3yO6WIUfajzIs/urT175BFedXS+9l4cK 6srMpa/n67w3XZU9psQBVddlkVDymx1c5Lzuo84haM7TYNddOYDVluP+676Uq0vj 5E24vTuGLS+vdDlJri6WMJv2d7NZ8dtJAVhPioP3ThGGsAXdpT/PmNbkc5R0RbiV TKs/2CDK4+raGHlOz6leuEfUJtUD1rHLI5n21XBQY1HOvwB9CDqGc5l7FpRoMdaj DY/8yaIbWKVu1iycA2NAsxfyc9u1QTwwluGmzelpo9XdAWIZ17j6Dkalta9scCQb akHz3M1PSAYw4ljfGuYYiHElAKuZn/daeAUKZ0zMJOVdHtecliJbV3VlqMzaOKqm gXWNoBOwCow8Tj80F2dFNTvlQe91L8r7NeQAo7KCzEXbVSQqfemojtrREl5BvmWS 9s7+QxqDWAHSUr+WakmKTESMA3DTlZBhBbUXE+uNRrEwboUQKeI= =Nnrk -----END PGP SIGNATURE-----
VAR-202207-1467 CVE-2022-32829 Vulnerabilities in multiple Apple products CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. apple's iPadOS , iOS , macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. A buffer overflow vulnerability exists in Apple iOS. The vulnerability is caused by a boundary error in the operating system kernel when processing untrusted input. iOS 15.6 and iPadOS 15.6
VAR-202207-1464 CVE-2022-32840 Vulnerabilities in multiple Apple products CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges. iPadOS , iOS , macOS Unspecified vulnerabilities exist in multiple Apple products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15.6 and iPadOS 15.6
VAR-202207-1498 CVE-2022-32793 apple's  iPadOS  Out-of-Bounds Write Vulnerability in Other Vendors' Products CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory. apple's iPadOS Products from other vendors have out-of-bounds write vulnerabilities.Information may be obtained. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple iOS versions prior to 15.6 and iPadOS versions prior to 15.6 have a buffer error vulnerability, which is caused by a boundary error in the GPU driver. Native applications can trigger an out-of-bounds write error and execute arbitrary code with root privileges. The vulnerability could allow a local application to escalate privileges on the system. iOS 15.6 and iPadOS 15.6. Alternatively, on your watch, select "My Watch > General > About". Information about the security content is also available at https://support.apple.com/HT213345. APFS Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03) AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36) Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36) Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32845: Mohamed Ghannam (@_simo36) AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security Audio Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher Audio Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom) Automation Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved checks. CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Calendar Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom) CoreText Available for: macOS Monterey Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg) File System Events Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32793: an anonymous researcher GPU Drivers Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom) iCloud Photo Library Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones ICU Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-32841: hjy79425575 ImageIO Available for: macOS Monterey Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit) Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. Kernel Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32829: an anonymous researcher Liblouis Available for: macOS Monterey Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn) libxml2 Available for: macOS Monterey Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823 Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927) Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927) PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t) PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t) PluginKit Available for: macOS Monterey Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro PS Normalizer Available for: macOS Monterey Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz SMB Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0) Software Update Available for: macOS Monterey Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin) Spindump Available for: macOS Monterey Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Spotlight Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2022-32801: Joshua Mason (@josh@jhu.edu) subversion Available for: macOS Monterey Impact: Multiple issues in subversion Description: Multiple issues were addressed by updating subversion. CVE-2021-28544: Evgeny Kotkov, visualsvn.com CVE-2022-24070: Evgeny Kotkov, visualsvn.com CVE-2022-29046: Evgeny Kotkov, visualsvn.com CVE-2022-29048: Evgeny Kotkov, visualsvn.com TCC Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) WebKit Available for: macOS Monterey Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative WebRTC Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team Wi-Fi Available for: macOS Monterey Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2022-32837: Wang Yu of Cyberserval Wi-Fi Available for: macOS Monterey Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval Windows Server Available for: macOS Monterey Impact: An app may be able to capture a user’s screen Description: A logic issue was addressed with improved checks. CVE-2022-32848: Jeremy Legendre of MacEnhance Additional recognition 802.1X We would like to acknowledge Shin Sun of National Taiwan University for their assistance. AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. Calendar We would like to acknowledge Joshua Jones for their assistance. configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. DiskArbitration We would like to acknowledge Mike Cush for their assistance. macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b /Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh 6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9 V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg= =ibIr -----END PGP SIGNATURE----- . CVE-2022-32832: Tommy Muir (@Muirey03) AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote user may be able to cause kernel code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2022-32821: John Aakerblom (@jaakerblom) Home Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.6 and iPadOS 15.6"
VAR-202207-1447 CVE-2022-32781 Vulnerabilities in multiple Apple products CVSS V2: -
CVSS V3: 4.4
Severity: MEDIUM
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information. iPadOS , iOS , Apple Mac OS X Unspecified vulnerabilities exist in multiple Apple products.Information may be obtained. Information about the security content is also available at https://support.apple.com/HT213344. APFS Available for: macOS Big Sur Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03) AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security Audio Available for: macOS Big Sur Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom) Audio Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher Calendar Available for: macOS Big Sur Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security Calendar Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones CoreText Available for: macOS Big Sur Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32781: Wojciech Reguła (@_r3ggi) of SecuRing File System Events Available for: macOS Big Sur Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant ICU Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. ImageIO Available for: macOS Big Sur Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit) Intel Graphics Driver Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. Intel Graphics Driver Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o Kernel Available for: macOS Big Sur Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32815: Xinru Chi of Pangu Lab CVE-2022-32813: Xinru Chi of Pangu Lab libxml2 Available for: macOS Big Sur Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823 PackageKit Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t) PackageKit Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t) PluginKit Available for: macOS Big Sur Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro PS Normalizer Available for: macOS Big Sur Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz Software Update Available for: macOS Big Sur Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin) Spindump Available for: macOS Big Sur Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Spotlight Available for: macOS Big Sur Impact: An app may be able to gain elevated privileges Description: A validation issue in the handling of symlinks was addressed with improved validation of symlinks. CVE-2022-26704: Joshua Mason of Mandiant TCC Available for: macOS Big Sur Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Vim Available for: macOS Big Sur Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0156 CVE-2022-0158 Wi-Fi Available for: macOS Big Sur Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval Windows Server Available for: macOS Big Sur Impact: An app may be able to capture a user’s screen Description: A logic issue was addressed with improved checks. CVE-2022-32848: Jeremy Legendre of MacEnhance macOS Big Sur 11.6.8 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYf6sACgkQeC9qKD1p rhgOJBAAtzyKOqdTnnBbwbFoG/HoZIbCVSVOtI5VIGH1weMQ72R3X2tXB5yTlpto 3l/eoMe0/covxipiZ+CvTh9tM5ZfV3IxN4bpsbxew1R/s81YE2K55dFp5+4zzqgh YyWrx8SntngP9PywAdKa+GRZrW7R95oNp2UTwifcQvFPs40F/OPrNQm23Xkmqsx0 zNNvMmqPaeCU8mgIOadO/uv626LjnkyKdwHKM3VBxGmklNEddQDjjoWcYugH7QYj e28EpKINEYfGVP/5n4uSeP6+kXmJj9nLzdKzfBD78gyBu5NX3Ai5Wh1BbsFMoFYE wcqlgEjMk3440babLb9kSRm81NX+EPgJLtjVPNRIrqs8pTh95CcDTRsotDUDl03R BrP6XGyXiS+3XyhdbamJDG9pCthJdo455XaYOlmzgIfgTJMkX3kdxiMAgGvbkPVl 3IesUuChRvi6pZwTWXN4k5Rn9epZSV+9HaYplnFPScJpYeLzUKThz1P2KbMTd0CT fiBU+fxwQqfzGRX3gyzRz0DMqiGdk0PnO9pfWND+9lQDyht7s73XnZrVOnPZHGYC tiNdrEHm+4WKaEwl/5invCZ8vPaiJ9cTH/aSbeRkeqR8ilDQMIhm2xooSP8Sd00E gTOoTOANfxrOqkFWhj0HQEq5OmCeALkE8BqiLuOVVIrN4e2LgPg= =6wU+ -----END PGP SIGNATURE-----
VAR-202207-1385 CVE-2022-2030 plural  ZyXEL  Past traversal vulnerabilities in products CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device. usg flex 100w firmware, USG FLEX 200 firmware, USG FLEX 500 firmware etc. ZyXEL The product contains a path traversal vulnerability.Information may be obtained
VAR-202207-2120 No CVE Zeon Electronics (Shenzhen) Co., Ltd. EX300_V2 Exists Binary Vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
EX300_V2 is a repeater from Zeon Electronics (Shenzhen) Co., Ltd. The EX300_V2 of Zeon Electronics (Shenzhen) Co., Ltd. has a binary vulnerability, which can be exploited by an attacker to gain control of the server.
VAR-202207-1298 CVE-2022-30526 plural  ZyXEL  Product permission management vulnerabilities CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device. ZyXEL The product contains a vulnerability in permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202207-1422 CVE-2022-34029 Nginx NJS  Out-of-bounds read vulnerability in CVSS V2: -
CVSS V3: 9.1
Severity: CRITICAL
Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h. Nginx NJS Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. njs is one of the scripting language components that supports extending NGINX functionality. There is a security vulnerability in Nginx NJS 0.7.4, which is caused by the out-of-bounds reading problem of njs_scope_value in the njs_scope.h file
VAR-202207-1405 CVE-2022-23745 of Check Point Software Technologies  Android  for  capsule workspace  Out-of-bounds write vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). This could result in application crashing but could not be used to gather any sensitive information. of Check Point Software Technologies Android for capsule workspace Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202207-1404 CVE-2022-34028 Nginx NJS  Vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h. Nginx NJS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. njs is one of the scripting language components that supports extending NGINX functionality
VAR-202207-1356 CVE-2022-34030 Nginx NJS  Vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c. Nginx NJS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. njs is one of the scripting language components that supports extending NGINX functionality
VAR-202207-1338 CVE-2022-34031 Nginx NJS  Vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h. Nginx NJS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. njs is one of the scripting language components that supports extending NGINX functionality. There is a security vulnerability in Nginx NJS v0.7.5, which is caused by the fact that njs_value_to_number in src/njs_value_conversion.h contains illegal segments
VAR-202207-1358 CVE-2021-33656 Ubuntu Security Notice USN-5591-1 CVSS V2: -
CVSS V3: 6.8
Severity: MEDIUM
When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. ========================================================================== Ubuntu Security Notice USN-5650-1 September 30, 2022 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-kvm: Linux kernel for cloud environments - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33656) Christian Brauner discovered that the XFS file system implementation in the Linux kernel did not properly handle setgid file creation. A local attacker could use this to gain elevated privileges. (CVE-2021-4037) It was discovered that the ext4 file system implementation in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0850) Duoming Zhou discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1199) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel during device detach operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1204) Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1729) It was discovered that the Packet network protocol implementation in the Linux kernel contained an out-of-bounds access. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2022-20368) It was discovered that the Open vSwitch implementation in the Linux kernel contained an out of bounds write vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2639) Jann Horn discovered that the ASIX AX88179/178A USB Ethernet driver in the Linux kernel contained multiple out-of-bounds vulnerabilities. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2964) Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2978) Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3028) It was discovered that the Journaled File System (JFS) in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3202) Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-36946) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: linux-image-4.4.0-1114-kvm 4.4.0-1114.124 linux-image-4.4.0-1151-aws 4.4.0-1151.166 linux-image-4.4.0-234-generic 4.4.0-234.268 linux-image-4.4.0-234-lowlatency 4.4.0-234.268 linux-image-aws 4.4.0.1151.155 linux-image-generic 4.4.0.234.240 linux-image-kvm 4.4.0.1114.111 linux-image-lowlatency 4.4.0.234.240 linux-image-virtual 4.4.0.234.240 Ubuntu 14.04 ESM: linux-image-4.4.0-1113-aws 4.4.0-1113.119 linux-image-4.4.0-234-generic 4.4.0-234.268~14.04.1 linux-image-4.4.0-234-lowlatency 4.4.0-234.268~14.04.1 linux-image-aws 4.4.0.1113.110 linux-image-generic-lts-xenial 4.4.0.234.203 linux-image-lowlatency-lts-xenial 4.4.0.234.203 linux-image-virtual-lts-xenial 4.4.0.234.203 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5650-1 CVE-2021-33655, CVE-2021-33656, CVE-2021-4037, CVE-2022-0850, CVE-2022-1199, CVE-2022-1204, CVE-2022-1729, CVE-2022-20368, CVE-2022-2639, CVE-2022-2964, CVE-2022-2978, CVE-2022-3028, CVE-2022-3202, CVE-2022-36946 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2023:2951-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2951 Issue date: 2023-05-16 CVE Names: CVE-2021-26341 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 CVE-2022-1679 CVE-2022-1789 CVE-2022-2196 CVE-2022-2663 CVE-2022-3028 CVE-2022-3239 CVE-2022-3522 CVE-2022-3524 CVE-2022-3564 CVE-2022-3566 CVE-2022-3567 CVE-2022-3619 CVE-2022-3623 CVE-2022-3625 CVE-2022-3628 CVE-2022-3707 CVE-2022-4129 CVE-2022-20141 CVE-2022-25265 CVE-2022-30594 CVE-2022-39188 CVE-2022-39189 CVE-2022-41218 CVE-2022-41674 CVE-2022-42703 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-43750 CVE-2022-47929 CVE-2023-0394 CVE-2023-0461 CVE-2023-1195 CVE-2023-1582 CVE-2023-23454 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, x86_64 3. The following packages have been upgraded to a later upstream version: kernel (4.18.0). (BZ#2122230, BZ#2122267) Security Fix(es): * use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564) * net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461) * hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch (CVE-2021-26341) * malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655) * when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds (CVE-2021-33656) * possible race condition in drivers/tty/tty_buffers.c (CVE-2022-1462) * use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679) * KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789) * KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196) * netfilter: nf_conntrack_irc message handling issue (CVE-2022-2663) * race condition in xfrm_probe_algs can lead to OOB read/write (CVE-2022-3028) * media: em28xx: initialize refcount before kref_get (CVE-2022-3239) * race condition in hugetlb_no_page() in mm/hugetlb.c (CVE-2022-3522) * memory leak in ipv6_renew_options() (CVE-2022-3524) * data races around icsk->icsk_af_ops in do_ipv6_setsockopt (CVE-2022-3566) * data races around sk->sk_prot (CVE-2022-3567) * memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (CVE-2022-3619) * denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry (CVE-2022-3623) * use-after-free after failed devlink reload in devlink_param_get (CVE-2022-3625) * USB-accessible buffer overflow in brcmfmac (CVE-2022-3628) * Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed (CVE-2022-3707) * l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference (CVE-2022-4129) * igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets (CVE-2022-20141) * Executable Space Protection Bypass (CVE-2022-25265) * Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594) * unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry (CVE-2022-39188) * TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning (CVE-2022-39189) * Report vmalloc UAF in dvb-core/dmxdev (CVE-2022-41218) * u8 overflow problem in cfg80211_update_notlisted_nontrans() (CVE-2022-41674) * use-after-free related to leaf anon_vma double reuse (CVE-2022-42703) * use-after-free in bss_ref_get in net/wireless/scan.c (CVE-2022-42720) * BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (CVE-2022-42721) * Denial of service in beacon protection for P2P-device (CVE-2022-42722) * memory corruption in usbmon driver (CVE-2022-43750) * NULL pointer dereference in traffic control subsystem (CVE-2022-47929) * NULL pointer dereference in rawv6_push_pending_frames (CVE-2023-0394) * use-after-free caused by invalid pointer hostname in fs/cifs/connect.c (CVE-2023-1195) * Soft lockup occurred during __page_mapcount (CVE-2023-1582) * slab-out-of-bounds read vulnerabilities in cbq_classify (CVE-2023-23454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2055499 - CVE-2022-25265 kernel: Executable Space Protection Bypass 2061703 - CVE-2021-26341 hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch 2078466 - CVE-2022-1462 kernel: possible race condition in drivers/tty/tty_buffers.c 2079311 - VMs hang after migration 2084125 - CVE-2022-1679 kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges 2085300 - CVE-2022-30594 kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option 2090723 - CVE-2022-1789 kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva 2108691 - CVE-2021-33655 kernel: malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory 2108696 - CVE-2021-33656 kernel: when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds 2114937 - CVE-2022-20141 kernel: igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets 2116444 - kernel: Backport vfork support for time namespaces 2122228 - CVE-2022-3028 kernel: race condition in xfrm_probe_algs can lead to OOB read/write 2122960 - CVE-2022-41218 kernel: Report vmalloc UAF in dvb-core/dmxdev 2123056 - CVE-2022-2663 kernel: netfilter: nf_conntrack_irc message handling issue 2123854 - Backport kernel audit enhancements and fixes up to upstream v6.1 2124788 - CVE-2022-39189 kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning 2127985 - CVE-2022-3239 kernel: media: em28xx: initialize refcount before kref_get 2130141 - CVE-2022-39188 kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry 2131339 - CVE-2022-4269 kernel: net: CPU soft lockup in TC mirred egress-to-ingress action [rhel-8.8.0] 2131391 - fuse readdir cache sometimes corrupted 2133483 - CVE-2022-42703 kernel: use-after-free related to leaf anon_vma double reuse 2134377 - CVE-2022-41674 kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans() 2134451 - CVE-2022-42720 kernel: use-after-free in bss_ref_get in net/wireless/scan.c 2134506 - CVE-2022-42721 kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c 2134517 - CVE-2022-42722 kernel: Denial of service in beacon protection for P2P-device 2134528 - CVE-2022-4129 kernel: l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference 2137979 - CVE-2022-3707 kernel: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed 2139728 - [Azure][RHEL8] Live resize of disk does not trigger a rescan of the device capacity 2140163 - error 524 from seccomp(2) when trying to load filter 2143893 - CVE-2022-3566 kernel: data races around icsk->icsk_af_ops in do_ipv6_setsockopt 2143943 - CVE-2022-3567 kernel: data races around sk->sk_prot 2144720 - CVE-2022-3625 kernel: use-after-free after failed devlink reload in devlink_param_get 2150947 - CVE-2022-3524 kernel: memory leak in ipv6_renew_options() 2150960 - CVE-2022-3628 kernel: USB-accessible buffer overflow in brcmfmac 2150979 - CVE-2022-3522 kernel: race condition in hugetlb_no_page() in mm/hugetlb.c 2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c 2151270 - CVE-2022-43750 kernel: memory corruption in usbmon driver 2152133 - In FIPS mode, the kernel should reject SHA-224, SHA-384, SHA-512-224, and SHA-512-256 as hashes for hash-based DRBGs, or provide an indicator after 2023-05-16 2154171 - CVE-2023-1195 kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c 2154235 - CVE-2022-3619 kernel: memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c 2154880 - [rhel8] LTP: read_all_sys - RIP: 0010:intel_rps_get_max_frequency+0x5/0x40 [i915] 2159969 - backport vsock fixes for RHEL-8.8 2160023 - CVE-2022-2196 kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks 2162120 - CVE-2023-0394 kernel: NULL pointer dereference in rawv6_push_pending_frames 2165721 - CVE-2022-3623 kernel: denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry 2166364 - NFS hang on large dirs with kenel 4.18.0-448.el8.x86_64 2168246 - CVE-2022-47929 kernel: NULL pointer dereference in traffic control subsystem 2168297 - CVE-2023-23454 kernel: slab-out-of-bounds read vulnerabilities in cbq_classify 2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets 2180936 - CVE-2023-1582 kernel: Soft lockup occurred during __page_mapcount 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: kernel-4.18.0-477.10.1.el8_8.src.rpm aarch64: bpftool-4.18.0-477.10.1.el8_8.aarch64.rpm bpftool-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-core-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-cross-headers-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-debug-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-debug-core-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-debug-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-debug-devel-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-debug-modules-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-debug-modules-extra-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-devel-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-headers-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-modules-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-modules-extra-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-tools-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-tools-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-tools-libs-4.18.0-477.10.1.el8_8.aarch64.rpm perf-4.18.0-477.10.1.el8_8.aarch64.rpm perf-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm python3-perf-4.18.0-477.10.1.el8_8.aarch64.rpm python3-perf-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm noarch: kernel-abi-stablelists-4.18.0-477.10.1.el8_8.noarch.rpm kernel-doc-4.18.0-477.10.1.el8_8.noarch.rpm ppc64le: bpftool-4.18.0-477.10.1.el8_8.ppc64le.rpm bpftool-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-core-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-cross-headers-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-debug-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-debug-core-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-debug-devel-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-debug-modules-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-debug-modules-extra-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-devel-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-headers-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-modules-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-modules-extra-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-tools-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-tools-libs-4.18.0-477.10.1.el8_8.ppc64le.rpm perf-4.18.0-477.10.1.el8_8.ppc64le.rpm perf-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm python3-perf-4.18.0-477.10.1.el8_8.ppc64le.rpm python3-perf-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm s390x: bpftool-4.18.0-477.10.1.el8_8.s390x.rpm bpftool-debuginfo-4.18.0-477.10.1.el8_8.s390x.rpm kernel-4.18.0-477.10.1.el8_8.s390x.rpm kernel-core-4.18.0-477.10.1.el8_8.s390x.rpm kernel-cross-headers-4.18.0-477.10.1.el8_8.s390x.rpm kernel-debug-4.18.0-477.10.1.el8_8.s390x.rpm kernel-debug-core-4.18.0-477.10.1.el8_8.s390x.rpm kernel-debug-debuginfo-4.18.0-477.10.1.el8_8.s390x.rpm kernel-debug-devel-4.18.0-477.10.1.el8_8.s390x.rpm kernel-debug-modules-4.18.0-477.10.1.el8_8.s390x.rpm kernel-debug-modules-extra-4.18.0-477.10.1.el8_8.s390x.rpm kernel-debuginfo-4.18.0-477.10.1.el8_8.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-477.10.1.el8_8.s390x.rpm kernel-devel-4.18.0-477.10.1.el8_8.s390x.rpm kernel-headers-4.18.0-477.10.1.el8_8.s390x.rpm kernel-modules-4.18.0-477.10.1.el8_8.s390x.rpm kernel-modules-extra-4.18.0-477.10.1.el8_8.s390x.rpm kernel-tools-4.18.0-477.10.1.el8_8.s390x.rpm kernel-tools-debuginfo-4.18.0-477.10.1.el8_8.s390x.rpm kernel-zfcpdump-4.18.0-477.10.1.el8_8.s390x.rpm kernel-zfcpdump-core-4.18.0-477.10.1.el8_8.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-477.10.1.el8_8.s390x.rpm kernel-zfcpdump-devel-4.18.0-477.10.1.el8_8.s390x.rpm kernel-zfcpdump-modules-4.18.0-477.10.1.el8_8.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-477.10.1.el8_8.s390x.rpm perf-4.18.0-477.10.1.el8_8.s390x.rpm perf-debuginfo-4.18.0-477.10.1.el8_8.s390x.rpm python3-perf-4.18.0-477.10.1.el8_8.s390x.rpm python3-perf-debuginfo-4.18.0-477.10.1.el8_8.s390x.rpm x86_64: bpftool-4.18.0-477.10.1.el8_8.x86_64.rpm bpftool-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-core-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-cross-headers-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-debug-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-debug-core-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-debug-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-debug-devel-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-debug-modules-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-debug-modules-extra-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-devel-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-headers-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-modules-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-modules-extra-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-tools-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-tools-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-tools-libs-4.18.0-477.10.1.el8_8.x86_64.rpm perf-4.18.0-477.10.1.el8_8.x86_64.rpm perf-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm python3-perf-4.18.0-477.10.1.el8_8.x86_64.rpm python3-perf-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm Red Hat Enterprise Linux CRB (v. 8): aarch64: bpftool-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-debug-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-tools-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm kernel-tools-libs-devel-4.18.0-477.10.1.el8_8.aarch64.rpm perf-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm python3-perf-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm kernel-tools-libs-devel-4.18.0-477.10.1.el8_8.ppc64le.rpm perf-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm python3-perf-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-debug-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-tools-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm kernel-tools-libs-devel-4.18.0-477.10.1.el8_8.x86_64.rpm perf-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm python3-perf-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGNu39zjgjWX9erEAQjR8A//doUSB647itItEwNVjnWUYBQhY5vM+LNx 0bBO7uUOtEno6Fo0yus1y7uVRoR6AjNghnL+4TumuMh9c5OGYrpCE3ij3ImN/RSX zbImH13s1HaeyPxXroEUhwTcAwODXicrqMu0MYOe3rqC66q+Bf7nfdxBn5KubgzX 0niXjah23bXzlQ61vsDYm/0ctUommRZyMaDFD2Pm6OycaKOJOCudiFx3sj+p0Bxw x2lDXyZpKoSpkHj9xGTzU99AvmQO/HmGjuDtx6tBH9IHRZSQWfPwqxsNUvpc7lp7 ZWbxrOl7IyJPMGqUXP6knpXsd+/rxEck2RlKyCCNQM75h6EYgYtt1NzXuQkhUj2S yRHr36YTfhXqfXTlrCHPzDca11PmYpNLwQ21PjePgmB2/eHypOxUKVT67sZY+RLp saJacLhc5xw+Wv/aV+NOrReZtT70M8HgGEA4U7NdStJh2uOBOzMGyRTIUCXtbHLT S/65Gp6+54Ez2xWD6Cgwb/R6iS4AQv0IzE4ggi5Im0BvOXgae54DBn8hqcCHOi+0 UdiB0+ILRt+m/24rxPUEuDY2N+/f/9HKyZ7FD92lBJZ8S9x1EeOEvXXmVtFwMuAE Oxt2DDjydHtoP/GrbaTNvGHOZdjCIXtKZp9aVCBtqGjIKqIzF8TwKX7+drdMS9hn 7ISc7Ji2irg=bvSS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.5.9 General Availability release images, which fix security issues and update container images. Description: Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Bugs fixed (https://bugzilla.redhat.com/): 2208376 - CVE-2023-32314 vm2: Sandbox Escape 2208377 - CVE-2023-32313 vm2: Inspect Manipulation 5
VAR-202207-1155 CVE-2022-23142 ZTE  of  zxen cg200  Firmware vulnerabilities CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible. ZTE of zxen cg200 There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state. ZTE ZXEN CG200 is a government-enterprise gateway device of China ZTE Corporation (ZTE). There is a denial of service vulnerability in ZXEN CG200 V1.0.0P1N5_M and previous versions, which is caused by improper processing of a large number of message requests
VAR-202207-1110 CVE-2022-35404 plural  Zoho Corporation  Product input verification vulnerabilities CVSS V2: -
CVSS V3: 8.2
Severity: HIGH
ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. ManageEngine OpManager , manageengine network configuration manager , ManageEngine NetFlow Analyzer etc. multiple Zoho Corporation The product contains an input validation vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state
VAR-202207-1613 CVE-2022-34027 Nginx NJS  Vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. Nginx NJS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. njs is one of the scripting language components that supports extending NGINX functionality
VAR-202207-1303 CVE-2022-34032 Nginx NJS  Vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. Nginx NJS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. njs is one of the scripting language components that supports extending NGINX functionality
VAR-202207-1223 CVE-2022-35871 Inductive Automation Ignition Access Control Error Vulnerability CVSS V2: 7.6
CVSS V3: 8.1
Severity: HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206. Inductive Automation of Ignition There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Inductive Automation Ignition‌ is a comprehensive platform for industrial automation that provides scalable solutions for monitoring, control, data collection, and analysis