var-202203-0128
Vulnerability from variot
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges. macOS contains a type confusion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Information about the security content is also available at https://support.apple.com/HT213184.
Accelerate Framework Available for: macOS Big Sur Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AppleGraphicsControl Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Big Sur Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Big Sur Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22615: an anonymous researcher CVE-2022-22614: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Login Window Available for: macOS Big Sur Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Big Sur Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
PackageKit Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)
QuickTime Player Available for: macOS Big Sur Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Siri Available for: macOS Big Sur Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
xar Available for: macOS Big Sur Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
macOS Big Sur 11.6.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0MkACgkQeC9qKD1p rhjeyBAAwbocibmTCpZ1T8MzPHJGuJryh7RDG8+nMJxmntI+3gA0SeFAxuNuXf2Z xh+NhEwjm60gzLAdckjfT5iF1YAPxUDWnk0FRVxhqZ4g8FvdmTxgAn5rwWWUuBBC VpW5XONija+SY3yNX3blklg95FyO8ITlqwyy5/Fqr0OFTvnA8TKRXrZRmA/gypnA pEqR0WaQdL8ITFEbv9+INAV2geFBbEWPvifycbYSvrDWo9JPq05Ur0hz7o2kJYfk M5PZachAGeCOR3E2ixfIczW0QNbDsoyKqLBjRzFovqWhcOwQ+17yVeuj/mDFXOkA X8FSxnad7C76xH+LcnZE/WV+qcv5G3QufpK5kZULWoQTLdKuB7yQZYF19T4+8H4X 6qDl5ZYL81h9rfIHYwbGZp0aRmqsu6pmleQ970qrkFzn/ZHf0KdAwms0+BOR8jZ7 l1w71ADm7uLJCs+nZ/lxv3wLYEva+TfGfIGnFULcL4dVPqbDOC6hH3Xm8VelVF0p 1/0Bfbfg4ou3vP1LqTY/ODdRnAhVCCGiv9PFcAFJriOoQgYYcVYQYwa2dA5Xdijc 6KVOzadvxCt1Ewj8nNYRJrfe/H6pjj2cFbWbKevqtRlQeeca7j17srbOnt9mmJMV x/d73AkuCyfOdeX8fac83TWMhhBaCg5JwsO7cO7eXwIOsiSDZXU= =nZ2X -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0128", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "macos", scope: "gte", trust: 1, vendor: "apple", version: "12.0", }, { model: "mac os x", scope: "eq", trust: 1, vendor: "apple", version: "10.15.7", }, { model: "macos", scope: "lt", trust: 1, vendor: "apple", version: "11.6.5", }, { model: "macos", scope: "gte", trust: 1, vendor: "apple", version: "11.6", }, { model: "mac os x", scope: "lt", trust: 1, vendor: "apple", version: "10.15.7", }, { model: "mac os x", scope: "gte", trust: 1, vendor: "apple", version: "10.15", }, { model: "macos", scope: "eq", trust: 1, vendor: "apple", version: "10.15.7", }, { model: "macos", scope: "lt", trust: 1, vendor: "apple", version: "12.3", }, { model: "macos", scope: null, trust: 0.8, vendor: "アップル", version: null, }, { model: "apple mac os x", scope: null, trust: 0.8, vendor: "アップル", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-008339", }, { db: "NVD", id: "CVE-2022-22661", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apple", sources: [ { db: "PACKETSTORM", id: "166315", }, { db: "PACKETSTORM", id: "166312", }, ], trust: 0.2, }, cve: "CVE-2022-22661", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 8.6, id: "CVE-2022-22661", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 8.6, id: "VHN-411289", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2022-22661", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-22661", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-22661", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-22661", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202203-1242", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-411289", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2022-22661", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-411289", }, { db: "VULMON", id: "CVE-2022-22661", }, { db: "JVNDB", id: "JVNDB-2022-008339", }, { db: "CNNVD", id: "CNNVD-202203-1242", }, { db: "NVD", id: "CVE-2022-22661", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges. macOS contains a type confusion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213184. \n\nAccelerate Framework\nAvailable for: macOS Big Sur\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAppleGraphicsControl\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Big Sur\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22615: an anonymous researcher\nCVE-2022-22614: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nLogin Window\nAvailable for: macOS Big Sur\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to view the previous logged in\nuser’s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nQuickTime Player\nAvailable for: macOS Big Sur\nImpact: A plug-in may be able to inherit the application's\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing\n\nSiri\nAvailable for: macOS Big Sur\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nxar\nAvailable for: macOS Big Sur\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nmacOS Big Sur 11.6.5 may be obtained from the Mac App Store or\nApple's Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0MkACgkQeC9qKD1p\nrhjeyBAAwbocibmTCpZ1T8MzPHJGuJryh7RDG8+nMJxmntI+3gA0SeFAxuNuXf2Z\nxh+NhEwjm60gzLAdckjfT5iF1YAPxUDWnk0FRVxhqZ4g8FvdmTxgAn5rwWWUuBBC\nVpW5XONija+SY3yNX3blklg95FyO8ITlqwyy5/Fqr0OFTvnA8TKRXrZRmA/gypnA\npEqR0WaQdL8ITFEbv9+INAV2geFBbEWPvifycbYSvrDWo9JPq05Ur0hz7o2kJYfk\nM5PZachAGeCOR3E2ixfIczW0QNbDsoyKqLBjRzFovqWhcOwQ+17yVeuj/mDFXOkA\nX8FSxnad7C76xH+LcnZE/WV+qcv5G3QufpK5kZULWoQTLdKuB7yQZYF19T4+8H4X\n6qDl5ZYL81h9rfIHYwbGZp0aRmqsu6pmleQ970qrkFzn/ZHf0KdAwms0+BOR8jZ7\nl1w71ADm7uLJCs+nZ/lxv3wLYEva+TfGfIGnFULcL4dVPqbDOC6hH3Xm8VelVF0p\n1/0Bfbfg4ou3vP1LqTY/ODdRnAhVCCGiv9PFcAFJriOoQgYYcVYQYwa2dA5Xdijc\n6KVOzadvxCt1Ewj8nNYRJrfe/H6pjj2cFbWbKevqtRlQeeca7j17srbOnt9mmJMV\nx/d73AkuCyfOdeX8fac83TWMhhBaCg5JwsO7cO7eXwIOsiSDZXU=\n=nZ2X\n-----END PGP SIGNATURE-----\n\n\n", sources: [ { db: "NVD", id: "CVE-2022-22661", }, { db: "JVNDB", id: "JVNDB-2022-008339", }, { db: "VULHUB", id: "VHN-411289", }, { db: "VULMON", id: "CVE-2022-22661", }, { db: "PACKETSTORM", id: "166315", }, { db: "PACKETSTORM", id: "166312", }, ], trust: 1.98, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-22661", trust: 3.6, }, { db: "PACKETSTORM", id: "166315", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-008339", trust: 0.8, }, { db: "CS-HELP", id: "SB2022031435", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202203-1242", trust: 0.6, }, { db: "PACKETSTORM", id: "166312", trust: 0.2, }, { db: "VULHUB", id: "VHN-411289", trust: 0.1, }, { db: "VULMON", id: "CVE-2022-22661", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-411289", }, { db: "VULMON", id: "CVE-2022-22661", }, { db: "JVNDB", id: "JVNDB-2022-008339", }, { db: "PACKETSTORM", id: "166315", }, { db: "PACKETSTORM", id: "166312", }, { db: "CNNVD", id: "CNNVD-202203-1242", }, { db: "NVD", id: "CVE-2022-22661", }, ], }, id: "VAR-202203-0128", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-411289", }, ], trust: 0.01, }, last_update_date: "2024-11-23T20:59:17.080000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "HT213185", trust: 0.8, url: "https://support.apple.com/en-us/HT213183", }, { title: "Apple macOS Big Sur Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=185744", }, { title: "Apple: macOS Big Sur 11.6.5", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=4c90c4b83ae5b2687f4b5d9d71e49f12", }, { title: "Apple: macOS Monterey 12.3", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f1105c4a20da11497b610b14a1668180", }, { title: "Kemon", trust: 0.1, url: "https://github.com/didi/kemon ", }, { title: "CVE-2022-XXXX", trust: 0.1, url: "https://github.com/AlphabugX/CVE-2022-23305 ", }, { title: "CVE-2022-XXXX", trust: 0.1, url: "https://github.com/AlphabugX/CVE-2022-RCE ", }, ], sources: [ { db: "VULMON", id: "CVE-2022-22661", }, { db: "JVNDB", id: "JVNDB-2022-008339", }, { db: "CNNVD", id: "CNNVD-202203-1242", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-843", trust: 1.1, }, { problemtype: "Mistake of type (CWE-843) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-411289", }, { db: "JVNDB", id: "JVNDB-2022-008339", }, { db: "NVD", id: "CVE-2022-22661", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://support.apple.com/en-us/ht213184", }, { trust: 1.8, url: "https://support.apple.com/en-us/ht213183", }, { trust: 1.8, url: "https://support.apple.com/en-us/ht213185", }, { trust: 1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22661", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/166315/apple-security-advisory-2022-03-14-5.html", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-22661/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-37800", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022031435", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22625", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22616", }, { trust: 0.2, url: "https://support.apple.com/en-us/ht201222.", }, { trust: 0.2, url: "https://support.apple.com/downloads/", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22613", }, { trust: 0.2, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22650", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22617", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22638", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22626", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22631", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22597", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22627", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22615", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22582", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22647", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22614", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22648", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22662", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22656", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/843.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://support.apple.com/kb/ht213184", }, { trust: 0.1, url: "https://github.com/didi/kemon", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22633", }, { trust: 0.1, url: "https://support.apple.com/ht213184.", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22599", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22632", }, { trust: 0.1, url: "https://support.apple.com/ht213185.", }, ], sources: [ { db: "VULHUB", id: "VHN-411289", }, { db: "VULMON", id: "CVE-2022-22661", }, { db: "JVNDB", id: "JVNDB-2022-008339", }, { db: "PACKETSTORM", id: "166315", }, { db: "PACKETSTORM", id: "166312", }, { db: "CNNVD", id: "CNNVD-202203-1242", }, { db: "NVD", id: "CVE-2022-22661", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-411289", }, { db: "VULMON", id: "CVE-2022-22661", }, { db: "JVNDB", id: "JVNDB-2022-008339", }, { db: "PACKETSTORM", id: "166315", }, { db: "PACKETSTORM", id: "166312", }, { db: "CNNVD", id: "CNNVD-202203-1242", }, { db: "NVD", id: "CVE-2022-22661", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-18T00:00:00", db: "VULHUB", id: "VHN-411289", }, { date: "2022-03-18T00:00:00", db: "VULMON", id: "CVE-2022-22661", }, { date: "2023-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2022-008339", }, { date: "2022-03-15T15:46:38", db: "PACKETSTORM", id: "166315", }, { date: "2022-03-15T15:45:47", db: "PACKETSTORM", id: "166312", }, { date: "2022-03-14T00:00:00", db: "CNNVD", id: "CNNVD-202203-1242", }, { date: "2022-03-18T18:15:15.037000", db: "NVD", id: "CVE-2022-22661", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-11-02T00:00:00", db: "VULHUB", id: "VHN-411289", }, { date: "2022-11-02T00:00:00", db: "VULMON", id: "CVE-2022-22661", }, { date: "2023-07-26T06:33:00", db: "JVNDB", id: "JVNDB-2022-008339", }, { date: "2022-03-25T00:00:00", db: "CNNVD", id: "CNNVD-202203-1242", }, { date: "2024-11-21T06:47:13.550000", db: "NVD", id: "CVE-2022-22661", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202203-1242", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "macOS Vulnerability regarding mix-ups in", sources: [ { db: "JVNDB", id: "JVNDB-2022-008339", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202203-1242", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
This schema specifies the format of a comment related to a security advisory.
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.