12.6

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-01	CVE-2022-42832	Race Condition vulnerability in Apple Macos A race condition was addressed with improved locking. local high complexity apple CWE-362	6.4
2022-10-29	CVE-2022-42915	Double Free vulnerability in multiple products curl before 7.86.0 has a double free. network high complexity haxx fedoraproject netapp apple splunk CWE-415	8.1
2022-10-29	CVE-2022-42916	Cleartext Transmission of Sensitive Information vulnerability in multiple products In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. network low complexity haxx fedoraproject apple splunk CWE-319	7.5
2022-09-29	CVE-2022-1725	NULL Pointer Dereference vulnerability in multiple products NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. local low complexity vim apple CWE-476	5.5
2022-09-23	CVE-2022-35252	When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. network high complexity haxx netapp apple debian splunk	3.7
2022-08-05	CVE-2022-37434	Out-of-bounds Write vulnerability in multiple products zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. network low complexity zlib fedoraproject debian netapp apple stormshield CWE-787 critical	9.8
2022-07-07	CVE-2022-32205	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. network low complexity haxx fedoraproject debian netapp apple siemens splunk CWE-770	4.3
2022-07-07	CVE-2022-32207	Incorrect Default Permissions vulnerability in multiple products When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended. network low complexity haxx fedoraproject debian netapp apple splunk CWE-276 critical	9.8
2022-07-07	CVE-2022-32208	Out-of-bounds Write vulnerability in multiple products When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. network high complexity haxx fedoraproject debian netapp apple splunk CWE-787	5.9
2022-06-02	CVE-2022-1968	Use After Free vulnerability in multiple products Use After Free in GitHub repository vim/vim prior to 8.2. local low complexity vim debian apple CWE-416	7.8