Total
3247 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-34229 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-12-10 | N/A | 7.8 HIGH |
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-34222 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-12-10 | N/A | 7.8 HIGH |
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-34260 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2023-12-10 | N/A | 7.8 HIGH |
Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-42825 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-10 | N/A | 5.5 MEDIUM |
This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system. | |||||
CVE-2022-42818 | 1 Apple | 1 Macos | 2023-12-10 | N/A | 5.9 MEDIUM |
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity. | |||||
CVE-2022-26737 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-23189 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-1733 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. | |||||
CVE-2022-30647 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-22779 | 3 Apple, Keybase, Microsoft | 3 Macos, Keybase, Windows | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user’s filesystem. | |||||
CVE-2022-1769 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. | |||||
CVE-2022-28236 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-26731 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private browsing mode. | |||||
CVE-2022-30655 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-24370 | 2 Apple, Foxit | 3 Macos, Pdf Editor, Pdf Reader | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14819. | |||||
CVE-2022-22586 | 1 Apple | 1 Macos | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-0797 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | |||||
CVE-2022-28275 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-26722 | 1 Apple | 2 Mac Os X, Macos | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. | |||||
CVE-2022-26743 | 1 Apple | 1 Macos | 2023-12-10 | 6.9 MEDIUM | 7.0 HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.4. An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges. |