NVD disclosure day

Published threat advisories for December 15, 2022

CVE advisoryCRITICAL

CVE-2022-46393

Mbed TLS DTLS Heap Buffer Overflow and Over-read Vulnerability

Halo Surface Signal: 3 out of 5 — possibly public-facing.

Mbed TLS, a network security library, has a heap-based buffer overflow and over-read vulnerability in its DTLS implementation when specific configurations are enabled. This could lead to denial-of-service or potentially further compromise if reachable by an attacker. Readers should care because it affects the integrity

NVD published:

CVE advisoryKnown Exploit

CVE-2022-42856

Apple Web Content Code Execution Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A type confusion vulnerability in Apple's WebKit allows arbitrary code execution via crafted web content. This impacts Safari and operating systems, potentially leading to system compromise. The risk to organizations includes unauthorized access and data impact, with reports of active exploitation.

NVD published: • CISA KEV