CVSS: 8.1EPSS: 0%CPEs: 16EXPL: 0CVE-2017-13905
https://notcve.org/view.php?id=CVE-2017-13905
A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges. Se abordó una condición de carrera con una comprobación adicional. Este problema es corregido en tvOS versión 11.2, iOS versión 11.2, macOS High Sierra versión 10.13.2, Security Update 2017-002 Sierra y Security Update 2017-005 El Capitan, watchOS versión 4.2. • https://support.apple.com/en-us/HT208325 https://support.apple.com/en-us/HT208327 https://support.apple.com/en-us/HT208331 https://support.apple.com/en-us/HT208334 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2375
https://notcve.org/view.php?id=CVE-2017-2375
An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history are sent to iCloud. Se presentó un problema para evitar la carga del historial de llamadas de CallKit a iCloud. • https://support.apple.com/en-us/HT207482 •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43849 – DoS vulnerability
https://notcve.org/view.php?id=CVE-2021-43849
cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity `de.niklasmerz.cordova.biometric.BiometricActivity` can cause the app to crash. This vulnerability occurred because the activity didn't handle the case where it is requested with invalid or empty data which results in a crash. Any third party app can constantly call this activity with no permission. A 3rd party app/attacker using event listener can continually stop the app from working and make the victim unable to open it. • https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/commit/27434a240f97f69fd930088654590c8ba43569df https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/releases/tag/v5.0.1 https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/security/advisories/GHSA-7vfx-hfvm-rhr8 • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2021-30767
https://notcve.org/view.php?id=CVE-2021-30767
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local user may be able to modify protected parts of the file system. Se abordó un problema de lógica con la administración de estados mejorada. Este problema se ha corregido en macOS Big Sur versión 11.6.2, macOS Monterey versión 12.1, Security Update 2021-008 Catalina, iOS versión 15.2 y iPadOS versión 15.2, watchOS versión 8.3. • https://support.apple.com/en-us/HT212975 https://support.apple.com/en-us/HT212976 https://support.apple.com/en-us/HT212978 https://support.apple.com/en-us/HT212979 https://support.apple.com/en-us/HT212981 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-34425 – Server Side Request Forgery in Zoom Client for Meetings chat
https://notcve.org/view.php?id=CVE-2021-34425
The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat\'s "link preview" feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly. Zoom Client for Meetings anterior a la versión 5.7.3 (para Android, iOS, Linux, macOS y Windows) contiene una vulnerabilidad de falsificación de solicitudes del lado del servidor en la funcionalidad de "vista previa de enlaces" del chat. En las versiones anteriores a la 5.7.3, si un usuario habilitaba la función de "vista previa de enlaces" del chat, un actor malicioso podía engañar al usuario para que enviara solicitudes HTTP GET arbitrarias a URLs a las que el actor no podía acceder directamente. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-918: Server-Side Request Forgery (SSRF) •