Vulnerabilities > Apple > Macos > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-05-26 CVE-2022-22674 Out-of-bounds Read vulnerability in Apple mac OS X and Macos
An out-of-bounds read issue existed that led to the disclosure of kernel memory.
local
low complexity
apple CWE-125
5.5
5.5
2022-05-26 CVE-2022-22676 Unspecified vulnerability in Apple Macos 12.0.0/12.0.1/12.1
An event handler validation issue in the XPC Services API was addressed by removing the service.
local
low complexity
apple
5.5
5.5
2022-05-26 CVE-2022-26688 Link Following vulnerability in Apple mac OS X and Macos
An issue in the handling of symlinks was addressed with improved validation.
local
low complexity
apple CWE-59
4.4
4.4
2022-05-26 CVE-2022-26690 Race Condition vulnerability in Apple Macos
Description: A race condition was addressed with additional validation.
local
high complexity
apple CWE-362
4.7
4.7
2022-05-26 CVE-2022-26691 Incorrect Comparison vulnerability in multiple products
A logic issue was addressed with improved state management. 		6.7
6.7
2022-05-12 CVE-2022-1674 NULL Pointer Dereference vulnerability in multiple products
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938.
local
low complexity
vim fedoraproject apple CWE-476
5.5
5.5
2022-05-11 CVE-2022-1622 Out-of-bounds Read vulnerability in multiple products
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file.
local
low complexity
libtiff fedoraproject netapp apple CWE-125
5.5
5.5
2022-04-21 CVE-2022-1420 Use of Out-of-range Pointer Offset vulnerability in multiple products
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
local
low complexity
vim fedoraproject apple CWE-823
5.5
5.5
2022-04-12 CVE-2022-29046 Cross-site Scripting vulnerability in multiple products
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins apple CWE-79
5.4
5.4
2022-04-12 CVE-2022-29048 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.
network
low complexity
jenkins apple CWE-352
4.3
4.3