Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-32859: About the security content of iOS 16

A logic issue was addressed with improved state management. This issue is fixed in iOS 16. Deleted contacts may still appear in spotlight search results.

CVE
#sql#web#ios#apple#google#dos#git#buffer_overflow#zero_day#webkit#wifi

Released September 12, 2022

Accelerate Framework

Available for: iPhone 8 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory consumption issue was addressed with improved memory handling.

CVE-2022-42795: ryuzaki

Entry added October 27, 2022

AppleAVD

Available for: iPhone 8 and later

Impact: An app may be able to cause a denial-of-service

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, and an anonymous researcher

Entry added October 27, 2022

AppleAVD

Available for: iPhone 8 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: This issue was addressed with improved checks.

CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__)

Entry added October 27, 2022

Apple Neural Engine

Available for: iPhone 8 and later

Impact: An app may be able to leak sensitive kernel state

Description: The issue was addressed with improved memory handling.

CVE-2022-32858: Mohamed Ghannam (@_simo36)

Entry added October 27, 2022

Apple Neural Engine

Available for: iPhone 8 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32898: Mohamed Ghannam (@_simo36)

CVE-2022-32899: Mohamed Ghannam (@_simo36)

CVE-2022-32889: Mohamed Ghannam (@_simo36)

Entry added October 27, 2022

Apple TV

Available for: iPhone 8 and later

Impact: An app may be able to access user-sensitive data

Description: The issue was addressed with improved handling of caches.

CVE-2022-32909: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added October 27, 2022

Contacts

Available for: iPhone 8 and later

Impact: An app may be able to bypass Privacy preferences

Description: This issue was addressed with improved checks.

CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security

Crash Reporter

Available for: iPhone 8 and later

Impact: A user with physical access to an iOS device may be able to read past diagnostic logs

Description: This issue was addressed with improved data protection.

CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike

Entry added October 27, 2022

DriverKit

Available for: iPhone 8 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)

Entry added October 27, 2022

Exchange

Available for: iPhone 8 and later

Impact: A user in a privileged network position may be able to intercept mail credentials

Description: A logic issue was addressed with improved restrictions.

CVE-2022-32928: an anonymous researcher

Entry added October 27, 2022

GPU Drivers

Available for: iPhone 8 and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26744: an anonymous researcher

Entry added October 27, 2022

GPU Drivers

Available for: iPhone 8 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-32903: an anonymous researcher

Entry added October 27, 2022

ImageIO

Available for: iPhone 8 and later

Impact: Processing an image may lead to a denial-of-service

Description: A denial-of-service issue was addressed with improved validation.

CVE-2022-1622

Entry added October 27, 2022

Image Processing

Available for: iPhone 8 and later

Impact: A sandboxed app may be able to determine which app is currently using the camera

Description: The issue was addressed with additional restrictions on the observability of app states.

CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)

Entry added October 27, 2022

IOGPUFamily

Available for: iPhone 8 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32887: an anonymous researcher

Entry added October 27, 2022

Kernel

Available for: iPhone 8 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-32914: Zweig of Kunlun Lab

Entry added October 27, 2022

Kernel

Available for: iPhone 8 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)

CVE-2022-32911: Zweig of Kunlun Lab

Entry updated October 27, 2022

Kernel

Available for: iPhone 8 and later

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel

Available for: iPhone 8 and later

Impact: An application may be able to execute arbitrary code with kernel privileges.

Description: The issue was addressed with improved bounds checks.

CVE-2022-32917: an anonymous researcher

Maps

Available for: iPhone 8 and later

Impact: An app may be able to read sensitive location information

Description: A logic issue was addressed with improved restrictions.

CVE-2022-32883: Ron Masas, breakpointhq.com

MediaLibrary

Available for: iPhone 8 and later

Impact: A user may be able to elevate privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-32908: an anonymous researcher

Notifications

Available for: iPhone 8 and later

Impact: A user with physical access to a device may be able to access contacts from the lock screen

Description: A logic issue was addressed with improved state management.

CVE-2022-32879: Ubeydullah Sümer

Entry added October 27, 2022

Photos

Available for: iPhone 8 and later

Impact: An app may be able to bypass Privacy preferences

Description: This issue was addressed with improved data protection.

CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd

Entry added October 27, 2022

Safari

Available for: iPhone 8 and later

Impact: Visiting a malicious website may lead to address bar spoofing

Description: This issue was addressed with improved checks.

CVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati

Safari Extensions

Available for: iPhone 8 and later

Impact: A website may be able to track users through Safari web extensions

Description: A logic issue was addressed with improved state management.

WebKit Bugzilla: 242278
CVE-2022-32868: Michael

Sandbox

Available for: iPhone 8 and later

Impact: An app may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved restrictions.

CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added October 27, 2022

Security

Available for: iPhone 8 and later

Impact: An app may be able to bypass code signing checks

Description: An issue in code signature validation was addressed with improved checks.

CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)

Entry added October 27, 2022

Shortcuts

Available for: iPhone 8 and later

Impact: A person with physical access to an iOS device may be able to access photos from the lock screen

Description: A logic issue was addressed with improved restrictions.

CVE-2022-32872: Elite Tech Guru

Sidecar

Available for: iPhone 8 and later

Impact: A user may be able to view restricted content from the lock screen

Description: A logic issue was addressed with improved state management.

CVE-2022-42790: Om kothawade of Zaprico Digital

Entry added October 27, 2022

Siri

Available for: iPhone 8 and later

Impact: A user with physical access to a device may be able to use Siri to obtain some call history information

Description: A logic issue was addressed with improved state management.

CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/andrew-goldberg-/)

Entry added October 27, 2022

SQLite

Available for: iPhone 8 and later

Impact: A remote user may be able to cause a denial-of-service

Description: This issue was addressed with improved checks.

CVE-2021-36690

Entry added October 27, 2022

Time Zone

Available for: iPhone 8 and later

Impact: Deleted contacts may still appear in spotlight search results

Description: A logic issue was addressed with improved state management.

CVE-2022-32859

Entry added October 27, 2022

Watch app

Available for: iPhone 8 and later

Impact: An app may be able to read a persistent device identifier

Description: This issue was addressed with improved entitlements.

CVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes)

Entry added October 27, 2022

Weather

Available for: iPhone 8 and later

Impact: An app may be able to read sensitive location information

Description: A logic issue was addressed with improved state management.

CVE-2022-32875: an anonymous researcher

Entry added October 27, 2022

WebKit

Available for: iPhone 8 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

WebKit Bugzilla: 242047
CVE-2022-32888: P1umer (@p1umer)

Entry added October 27, 2022

WebKit

Available for: iPhone 8 and later

Impact: Visiting a website that frames malicious content may lead to UI spoofing

Description: The issue was addressed with improved UI handling.

WebKit Bugzilla: 243236
CVE-2022-32891: @real_as3617, and an anonymous researcher

Entry added October 27, 2022

WebKit

Available for: iPhone 8 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

WebKit Bugzilla: 241969
CVE-2022-32886: P1umer, afang5472, xmzyshypnc

WebKit

Available for: iPhone 8 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

WebKit Bugzilla: 242762
CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative

WebKit Sandboxing

Available for: iPhone 8 and later

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An access issue was addressed with improvements to the sandbox.

WebKit Bugzilla: 243181
CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity’s WeBin lab

Entry added October 27, 2022

Wi-Fi

Available for: iPhone 8 and later

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32925: Wang Yu of Cyberserval

Entry added October 27, 2022

Related news

Gentoo Linux Security Advisory 202305-32

Gentoo Linux Security Advisory 202305-32 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.40.1 are affected.

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Red Hat Security Advisory 2023-2834-01

Red Hat Security Advisory 2023-2834-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities.

RHSA-2023:2834: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32886: A vulnerability was found in webkitgtkm, where a buffer overflow issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to arbitrary code execution. * CVE-2022-32888: A vulnerability was found in webkitgtk, where an out-of-bounds read was addressed with improved bounds checking. Processing mali...

Red Hat Security Advisory 2023-2256-01

Red Hat Security Advisory 2023-2256-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities.

RHSA-2023:2256: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32886: A vulnerability was found in webkitgtkm, where a buffer overflow issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to arbitrary code execution. * CVE-2022-32888: A vulnerability was found in webkitgtk, where an out-of-bounds read was addressed with improved bounds checking. Processing mali...

Debian Security Advisory 5333-1

Debian Linux Security Advisory 5333-1 - Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products

Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. Tracked as CVE-2022-42856, the issue has been described by the tech giant as a type confusion issue in the WebKit browser engine that could be triggered when processing specially crafted content, leading to

Ubuntu Security Notice USN-5730-1

Ubuntu Security Notice 5730-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-32903: About the security content of tvOS 16

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-32835: About the security content of watchOS 9

This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-32835: About the security content of watchOS 9

This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-32835: About the security content of watchOS 9

This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-32835: About the security content of watchOS 9

This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-32835: About the security content of watchOS 9

This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-32835: About the security content of watchOS 9

This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-32835: About the security content of watchOS 9

This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-32835: About the security content of watchOS 9

This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-32835: About the security content of watchOS 9

This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-32835: About the security content of watchOS 9

This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.

Apple Security Advisory 2022-10-27-14

Apple Security Advisory 2022-10-27-14 - Safari 16 addresses buffer overflow, code execution, out of bounds read, and spoofing vulnerabilities.

Apple Security Advisory 2022-10-27-14

Apple Security Advisory 2022-10-27-14 - Safari 16 addresses buffer overflow, code execution, out of bounds read, and spoofing vulnerabilities.

Apple Security Advisory 2022-10-27-14

Apple Security Advisory 2022-10-27-14 - Safari 16 addresses buffer overflow, code execution, out of bounds read, and spoofing vulnerabilities.

Apple Security Advisory 2022-10-27-14

Apple Security Advisory 2022-10-27-14 - Safari 16 addresses buffer overflow, code execution, out of bounds read, and spoofing vulnerabilities.

Apple Security Advisory 2022-10-27-14

Apple Security Advisory 2022-10-27-14 - Safari 16 addresses buffer overflow, code execution, out of bounds read, and spoofing vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?

Supply chain attacks were all the rage in 2020 after SolarWinds, but we seem to have forgotten how important they are.

Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability

Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827, has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges. Successful exploitation of

Apple's Constant Battles Against Zero-Day Exploits

Such exploits sell for up to $10 million, making them the single most valuable commodity in the cybercrime underworld.

Ubuntu Security Notice USN-5642-1

Ubuntu Security Notice 5642-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

CVE-2022-32917: About the security content of macOS Big Sur 11.7

The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

CVE-2022-32872: About the security content of iOS 15.7 and iPadOS 15.7

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.

CVE-2022-32872: About the security content of iOS 15.7 and iPadOS 15.7

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.

CVE-2022-32912: About the security content of Safari 16

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-32917: About the security content of macOS Big Sur 11.7

The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

CVE-2022-32872: About the security content of iOS 15.7 and iPadOS 15.7

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.

CVE-2022-32917: About the security content of macOS Big Sur 11.7

The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

CVE-2022-32912: About the security content of Safari 16

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-32912: About the security content of Safari 16

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-32872: About the security content of iOS 15.7 and iPadOS 15.7

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.

CVE-2022-32872: About the security content of iOS 15.7 and iPadOS 15.7

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.

CVE-2022-32872: About the security content of iOS 15.7 and iPadOS 15.7

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.

CVE-2022-32872: About the security content of iOS 15.7 and iPadOS 15.7

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.

CVE-2022-32872: About the security content of iOS 15.7 and iPadOS 15.7

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.

CVE-2022-32917: About the security content of macOS Big Sur 11.7

The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

CVE-2022-32917: About the security content of macOS Big Sur 11.7

The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

CVE-2022-32872: About the security content of iOS 15.7 and iPadOS 15.7

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.

CVE-2022-32917: About the security content of macOS Big Sur 11.7

The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

CVE-2022-32872: About the security content of iOS 15.7 and iPadOS 15.7

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.

CVE-2022-32912: About the security content of Safari 16

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-32872: About the security content of iOS 15.7 and iPadOS 15.7

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.

Threat Source newsletter (Sept. 15, 2022) — Why there is no one-stop-shop solution for protecting passwords

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  Public schools in the United States already rely on our teachers for so much — they have to be educators, occasional parental figures, nurses, safety officers, law enforcement and much more. Slowly, they’re having to add “IT admin” to their list of roles.  Educational institutions have increasingly become a target for ransomware attacks, an issue already highlighted this year by a major cyber attack on the combined Los Angeles school district in California that schools are still recovering from.  Teachers there reported that during the week of the attack, they couldn’t enter attendance, lost lesson plans and presentations, and had to scrap homework plans. Technology has become ever-present in classrooms, so any minimal disruption in a school’s network or software can throw pretty much everything off.  The last thing teachers need to worry about now is defending against a well-funded threat act...

Apple Security Advisory 2022-09-12-5

Apple Security Advisory 2022-09-12-5 - Safari 16 addresses buffer overflow, code execution, out of bounds read, and spoofing vulnerabilities.

Apple Security Advisory 2022-09-12-5

Apple Security Advisory 2022-09-12-5 - Safari 16 addresses buffer overflow, code execution, out of bounds read, and spoofing vulnerabilities.

Apple Security Advisory 2022-09-12-5

Apple Security Advisory 2022-09-12-5 - Safari 16 addresses buffer overflow, code execution, out of bounds read, and spoofing vulnerabilities.

Apple Security Advisory 2022-09-12-5

Apple Security Advisory 2022-09-12-5 - Safari 16 addresses buffer overflow, code execution, out of bounds read, and spoofing vulnerabilities.

Apple Security Advisory 2022-09-12-4

Apple Security Advisory 2022-09-12-4 - macOS Monterey 12.6 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 2022-09-12-4

Apple Security Advisory 2022-09-12-4 - macOS Monterey 12.6 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 2022-09-12-4

Apple Security Advisory 2022-09-12-4 - macOS Monterey 12.6 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 2022-09-12-4

Apple Security Advisory 2022-09-12-4 - macOS Monterey 12.6 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 2022-09-12-4

Apple Security Advisory 2022-09-12-4 - macOS Monterey 12.6 addresses bypass and code execution vulnerabilities.

Important update! iPhones, Macs, and more vulnerable to zero-day bug

Categories: Exploits and vulnerabilities Categories: News Apple has patched an actively-exploited flaw that affects a host of devices and software, including iPhones, Macs, iPads, and iPod touch. (Read more...) The post Important update! iPhones, Macs, and more vulnerable to zero-day bug appeared first on Malwarebytes Labs.

Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw

Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild. The issue, assigned the identifier CVE-2022-32917, is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges. "Apple is aware of a report that this issue may

Urgent update for macOS and iOS! Two actively exploited zero-days fixed

Categories: Exploits and vulnerabilities Categories: News Tags: macOS Tags: iOS Tags: CVE-2022-32894 Tags: CVE-2022-32893 Tags: kernel privileges Tags: WebKit Tags: actively exploited Tags: watering hole Tags: exploit kit Apple has released emergency security updates to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. (Read more...) The post Urgent update for macOS and iOS! Two actively exploited zero-days fixed appeared first on Malwarebytes Labs.

CVE-2022-22673: About the security content of iOS 15.5 and iPadOS 15.5

This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.

Apple Security Advisory 2022-05-16-1

Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

CVE-2022-1622: tif_lzw.c: fix potential out-of-bounds error when trying to read in the same... (b4e79bfa) · Commits · libtiff / libtiff · GitLab

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2021-36690: SQLite Forum: Segmentation fault in idxGetTableInfo

** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907