Product:

Mac_os_x

(Apple)
Repositories https://github.com/madler/zlib
https://github.com/apache/httpd
https://github.com/file/file
https://github.com/Perl/perl5
https://github.com/openssh/openssh-portable
#Vulnerabilities 3208
Date Id Summary Products Score Patch Annotated
2022-01-18 CVE-2022-0261 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Mac_os_x, Macos, Debian_linux, Vim 7.8
2022-02-09 CVE-2022-0530 A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. Mac_os_x, Macos, Debian_linux, Fedora, Enterprise_linux, Unzip 5.5
2022-02-14 CVE-2021-45444 In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. Mac_os_x, Macos, Debian_linux, Fedora, Zsh 7.8
2022-02-26 CVE-2022-23308 valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. Ipados, Iphone_os, Mac_os_x, Macos, Tvos, Watchos, Debian_linux, Fedora, Active_iq_unified_manager, Bootstrap_os, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Manageability_software_development_kit, Ontap_select_deploy_administration_utility, Smi\-S_provider, Snapdrive, Snapmanager, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_unified_data_repository, Mysql_workbench, Zfs_storage_appliance_kit, Libxml2 7.5
2022-03-14 CVE-2022-22719 A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Http_server, Mac_os_x, Macos, Debian_linux, Fedora, Http_server, Zfs_storage_appliance_kit 7.5
2022-03-14 CVE-2022-22720 Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Http_server, Mac_os_x, Macos, Debian_linux, Fedora, Enterprise_manager_ops_center, Http_server, Zfs_storage_appliance_kit 9.8
2022-03-14 CVE-2022-22721 If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Http_server, Mac_os_x, Macos, Debian_linux, Fedora, Enterprise_manager_ops_center, Http_server, Zfs_storage_appliance_kit 9.1
2022-03-18 CVE-2022-22579 An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution. Ipados, Iphone_os, Mac_os_x, Macos, Tvos 7.8
2022-03-18 CVE-2022-22583 A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files. Mac_os_x, Macos 5.5
2022-03-18 CVE-2022-22589 A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. Ipados, Iphone_os, Mac_os_x, Macos, Safari, Tvos, Watchos 6.1