# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-24668 |
|
|
DoS |
2022-02-09 |
2022-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handling. ORIGIN and ALTSVC frames are not currently supported by swift-nio-http2, and should be ignored. However, one code path that encounters them has a deliberate trap instead. This was left behind from the original development process and was never removed. Sending an ALTSVC or ORIGIN frame does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send one of these frames. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send these frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself. This is a controlled, intentional crash. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. |
2 |
CVE-2022-24667 |
190 |
|
DoS Overflow |
2022-02-09 |
2022-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of HPACK-encoded header blocks that allow maliciously crafted HPACK header blocks to cause crashes in processes using swift-nio-http2. Each of these crashes is triggered instead of an integer overflow. A malicious HPACK header block could be sent on any of the HPACK-carrying frames in a HTTP/2 connection (HEADERS and PUSH_PROMISE), at any position. Sending a HPACK header block does not require any special permission, so any HTTP/2 connection peer may send one. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted field block. The impact on availability is high: receiving a frame carrying this field block immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted field blocks, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the field block in memory-safe code and the crash is triggered instead of an integer overflow. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle all conditions in the function. The principal issue was found by automated fuzzing by oss-fuzz, but several associated bugs in the same code were found by code audit and fixed at the same time |
3 |
CVE-2022-24666 |
|
|
DoS |
2022-02-09 |
2022-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS frame where the frame contains priority information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame with HTTP/2 priority information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. |
4 |
CVE-2022-22670 |
|
|
|
2022-03-18 |
2022-03-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed. |
5 |
CVE-2022-22660 |
20 |
|
|
2022-03-18 |
2022-03-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI. |
6 |
CVE-2022-22659 |
|
|
+Info |
2022-03-18 |
2022-03-24 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An attacker in a privileged network position may be able to leak sensitive user information. |
7 |
CVE-2022-22654 |
20 |
|
|
2022-03-18 |
2022-03-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing. |
8 |
CVE-2022-22653 |
20 |
|
|
2022-03-18 |
2022-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices. |
9 |
CVE-2022-22652 |
668 |
|
|
2022-03-18 |
2022-03-26 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen. |
10 |
CVE-2022-22644 |
|
|
|
2022-03-18 |
2022-03-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user's contacts. |
11 |
CVE-2022-22643 |
|
|
|
2022-03-18 |
2022-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so. |
12 |
CVE-2022-22638 |
476 |
|
DoS |
2022-03-18 |
2022-03-24 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack. |
13 |
CVE-2022-22631 |
787 |
|
+Priv |
2022-03-18 |
2022-03-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges. |
14 |
CVE-2022-22627 |
787 |
|
|
2022-03-18 |
2022-03-26 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
15 |
CVE-2022-22626 |
125 |
|
|
2022-03-18 |
2022-03-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
16 |
CVE-2022-22625 |
125 |
|
|
2022-03-18 |
2022-03-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
17 |
CVE-2022-22618 |
863 |
|
Bypass |
2022-03-18 |
2022-03-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. |
18 |
CVE-2022-22617 |
269 |
|
+Priv |
2022-03-18 |
2022-03-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges. |
19 |
CVE-2022-22609 |
|
|
|
2022-03-18 |
2022-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings. |
20 |
CVE-2022-22600 |
|
|
Bypass |
2022-03-18 |
2022-03-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences. |
21 |
CVE-2022-22594 |
346 |
|
|
2022-03-18 |
2022-03-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information. |
22 |
CVE-2022-22592 |
|
|
|
2022-03-18 |
2022-03-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. |
23 |
CVE-2022-22589 |
20 |
|
|
2022-03-18 |
2022-05-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. |
24 |
CVE-2022-22588 |
400 |
|
DoS |
2022-03-18 |
2022-03-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service. |
25 |
CVE-2022-22585 |
59 |
|
|
2022-03-18 |
2022-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files. |
26 |
CVE-2022-0158 |
122 |
|
Overflow |
2022-01-10 |
2022-03-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
vim is vulnerable to Heap-based Buffer Overflow |
27 |
CVE-2022-0156 |
416 |
|
|
2022-01-10 |
2022-03-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
vim is vulnerable to Use After Free |
28 |
CVE-2021-36976 |
416 |
|
|
2021-07-20 |
2022-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). |
29 |
CVE-2021-30995 |
362 |
|
|
2021-08-24 |
2022-02-21 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to elevate privileges. |
30 |
CVE-2021-30990 |
|
|
Bypass |
2021-08-24 |
2021-12-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks. |
31 |
CVE-2021-30988 |
668 |
|
|
2021-08-24 |
2021-12-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to identify what other applications a user has installed. |
32 |
CVE-2021-30984 |
362 |
|
Exec Code |
2021-08-24 |
2022-02-19 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
33 |
CVE-2021-30982 |
362 |
|
|
2021-08-24 |
2021-12-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A remote attacker may be able to cause unexpected application termination or heap corruption. |
34 |
CVE-2021-30976 |
|
|
Bypass |
2021-08-24 |
2021-12-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks. |
35 |
CVE-2021-30973 |
125 |
|
|
2021-08-24 |
2022-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted file may disclose user information. |
36 |
CVE-2021-30970 |
|
|
Bypass |
2021-08-24 |
2021-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy preferences. |
37 |
CVE-2021-30968 |
59 |
|
Bypass |
2021-08-24 |
2022-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A validation issue related to hard link behavior was addressed with improved sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to bypass certain Privacy preferences. |
38 |
CVE-2021-30966 |
668 |
|
|
2021-08-24 |
2021-12-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly be leaked to a proxy server despite PAC configurations. |
39 |
CVE-2021-30964 |
732 |
|
Bypass |
2021-08-24 |
2021-12-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences. |
40 |
CVE-2021-30963 |
120 |
|
Overflow |
2021-08-24 |
2022-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information. |
41 |
CVE-2021-30961 |
120 |
|
Overflow |
2021-08-24 |
2022-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information. |
42 |
CVE-2021-30960 |
120 |
|
Overflow |
2021-08-24 |
2022-02-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Parsing a maliciously crafted audio file may lead to disclosure of user information. |
43 |
CVE-2021-30959 |
120 |
|
Overflow |
2021-08-24 |
2022-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information. |
44 |
CVE-2021-30950 |
|
|
Bypass |
2021-08-24 |
2021-12-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks. |
45 |
CVE-2021-30947 |
668 |
|
|
2021-08-24 |
2021-12-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user's files. |
46 |
CVE-2021-30946 |
668 |
|
Bypass |
2021-08-24 |
2022-02-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. A malicious application may be able to bypass certain Privacy preferences. |
47 |
CVE-2021-30945 |
269 |
|
|
2021-08-24 |
2022-01-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local attacker may be able to elevate their privileges. |
48 |
CVE-2021-30941 |
120 |
|
Overflow |
2021-08-24 |
2022-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may disclose memory contents. |
49 |
CVE-2021-30940 |
120 |
|
Overflow |
2021-08-24 |
2022-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may disclose memory contents. |
50 |
CVE-2021-30930 |
|
|
|
2021-08-24 |
2021-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. An attacker may be able to track users through their IP address. |