CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2021-30834
https://notcve.org/view.php?id=CVE-2021-30834
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution. Se abordó un problema de lógica con una administración de estado mejorada. Este problema se corrigió en iOS versión 14.8 y iPadOS versión 14.8, tvOS versión 15, iOS versión 15 y iPadOS versión 15, watchOS versión 8, Security Update 2021-007 Catalina. • https://support.apple.com/en-us/HT212807 https://support.apple.com/en-us/HT212814 https://support.apple.com/en-us/HT212815 https://support.apple.com/en-us/HT212819 https://support.apple.com/en-us/HT212871 https://support.apple.com/kb/HT212804 •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-30823 – webkitgtk: Logic issue leading to HSTS bypass
https://notcve.org/view.php?id=CVE-2021-30823
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS. Se abordó un problema de lógica con restricciones mejoradas. Este problema se corrigió en macOS Monterey versión 12.0.1, iOS versión 14.8 y iPadOS versión 14.8, tvOS versión 15, Safari versión 15, watchOS versión 8. • http://www.openwall.com/lists/oss-security/2021/12/20/6 https://support.apple.com/en-us/HT212807 https://support.apple.com/en-us/HT212815 https://support.apple.com/en-us/HT212816 https://support.apple.com/en-us/HT212819 https://support.apple.com/en-us/HT212869 https://support.apple.com/kb/HT212953 https://access.redhat.com/security/cve/CVE-2021-30823 https://bugzilla.redhat.com/show_bug.cgi?id=2034373 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2020-36486
https://notcve.org/view.php?id=CVE-2020-36486
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling. Se ha detectado que Swift File Transfer Mobile versión v1.1.2 y por debajo, contienen una vulnerabilidad de tipo cross-site scripting (XSS) por medio del parámetro "path" del manejo de excepciones "list" y "download" • https://www.vulnerability-lab.com/get_content.php?id=2205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-30807 – Apple Multiple Products Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-30807
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Se abordó un problema de corrupción de memoria con un manejo de memoria mejorado. • https://support.apple.com/en-us/HT212622 https://support.apple.com/en-us/HT212623 https://support.apple.com/en-us/HT212713 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-30820
https://notcve.org/view.php?id=CVE-2021-30820
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8. A remote attacker may be able to cause arbitrary code execution. Se abordó un problema de lógica con una administración de estados mejorada. Este problema es corregido en iOS versión 14.8 y iPadOS versión 14.8. • https://support.apple.com/en-us/HT212807 •