CVE-2021-30894
https://notcve.org/view.php?id=CVE-2021-30894
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de corrupción de memoria con una comprobación de entradas mejorada. Este problema se corrigió en iOS versión 15.1 y iPadOS versión 15.1, tvOS versión 15.1. • https://support.apple.com/en-us/HT212867 https://support.apple.com/en-us/HT212876 • CWE-787: Out-of-bounds Write •
CVE-2021-30890 – webkitgtk: Logic issue leading to universal cross-site scripting
https://notcve.org/view.php?id=CVE-2021-30890
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting. Se abordó un problema lógico con una administración de estado mejorada. Este problema se corrigió en macOS Monterey versión 12.0.1, iOS versión 15.1 y iPadOS versión 15.1, watchOS versión 8.1, tvOS versión 15.1. • http://www.openwall.com/lists/oss-security/2021/12/20/6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V https://support.apple.com/en-us/HT212867 https://support.apple.com/en-us/HT212869 https://support.apple.com/en-us/HT212874 https://support.apple.com/en-us/HT212876 https://www.debian.org/security/20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-30889 – webkitgtk: Buffer overflow leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-30889
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de desbordamiento del búfer con un manejo de memoria mejorada. Este problema se corrigió en macOS Monterey versión 12.0.1, iOS versión 15.1 y iPadOS versión 15.1, watchOS versión 8.1, tvOS versión 15.1. • http://www.openwall.com/lists/oss-security/2021/12/20/6 https://support.apple.com/en-us/HT212867 https://support.apple.com/en-us/HT212869 https://support.apple.com/en-us/HT212874 https://support.apple.com/en-us/HT212876 https://access.redhat.com/security/cve/CVE-2021-30889 https://bugzilla.redhat.com/show_bug.cgi?id=2034386 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-30888 – webkitgtk: Information leak via Content Security Policy reports
https://notcve.org/view.php?id=CVE-2021-30888
An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior . Se abordó un problema de filtrado de información. Este problema se corrigió en iOS versión 15.1 y iPadOS versión 15.1, macOS Monterey versión 12.0.1, iOS versión 14.8.1 y iPadOS versión 14.8.1, tvOS versión 15.1, watchOS versión 8.1. • http://www.openwall.com/lists/oss-security/2021/12/20/6 https://support.apple.com/en-us/HT212867 https://support.apple.com/en-us/HT212868 https://support.apple.com/en-us/HT212869 https://support.apple.com/en-us/HT212874 https://support.apple.com/en-us/HT212876 https://access.redhat.com/security/cve/CVE-2021-30888 https://bugzilla.redhat.com/show_bug.cgi?id=2034383 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2021-30887 – webkitgtk: Logic issue leading to Content Security Policy bypass
https://notcve.org/view.php?id=CVE-2021-30887
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. Se abordó un problema lógico con restricciones mejoradas. Este problema se corrigió en macOS Monterey versión 12.0.1, iOS versión 15.1 y iPadOS versión 15.1, watchOS versión 8.1, tvOS versión 15.1. • http://www.openwall.com/lists/oss-security/2021/12/20/6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V https://support.apple.com/en-us/HT212867 https://support.apple.com/en-us/HT212869 https://support.apple.com/en-us/HT212874 https://support.apple.com/en-us/HT212876 https://www.debian.org/security/20 •