CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-30895
https://notcve.org/view.php?id=CVE-2021-30895
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A malicious application may be able to access information about a user's contacts. Se abordó un problema lógico con restricciones mejoradas. Este problema se corrigió en iOS versión 15.0.2 y iPadOS versión 15.0.2, tvOS versión 15.1, watchOS versión 8.1, macOS Monterey versión 12.0.1. • https://support.apple.com/en-us/HT212846 https://support.apple.com/en-us/HT212869 https://support.apple.com/en-us/HT212874 https://support.apple.com/en-us/HT212876 https://support.apple.com/kb/HT212867 https://support.apple.com/kb/HT212979 •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-30892
https://notcve.org/view.php?id=CVE-2021-30892
An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to modify protected parts of the file system. Se abordó un problema de permisos heredados con restricciones adicionales. Este problema se corrigió en macOS Monterey versión 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur versión 11.6.1. • https://support.apple.com/en-us/HT212869 https://support.apple.com/en-us/HT212871 https://support.apple.com/en-us/HT212872 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2021-30890 – webkitgtk: Logic issue leading to universal cross-site scripting
https://notcve.org/view.php?id=CVE-2021-30890
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting. Se abordó un problema lógico con una administración de estado mejorada. Este problema se corrigió en macOS Monterey versión 12.0.1, iOS versión 15.1 y iPadOS versión 15.1, watchOS versión 8.1, tvOS versión 15.1. • http://www.openwall.com/lists/oss-security/2021/12/20/6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V https://support.apple.com/en-us/HT212867 https://support.apple.com/en-us/HT212869 https://support.apple.com/en-us/HT212874 https://support.apple.com/en-us/HT212876 https://www.debian.org/security/20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-30889 – webkitgtk: Buffer overflow leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-30889
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de desbordamiento del búfer con un manejo de memoria mejorada. Este problema se corrigió en macOS Monterey versión 12.0.1, iOS versión 15.1 y iPadOS versión 15.1, watchOS versión 8.1, tvOS versión 15.1. • http://www.openwall.com/lists/oss-security/2021/12/20/6 https://support.apple.com/en-us/HT212867 https://support.apple.com/en-us/HT212869 https://support.apple.com/en-us/HT212874 https://support.apple.com/en-us/HT212876 https://access.redhat.com/security/cve/CVE-2021-30889 https://bugzilla.redhat.com/show_bug.cgi?id=2034386 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-30888 – webkitgtk: Information leak via Content Security Policy reports
https://notcve.org/view.php?id=CVE-2021-30888
An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior . Se abordó un problema de filtrado de información. Este problema se corrigió en iOS versión 15.1 y iPadOS versión 15.1, macOS Monterey versión 12.0.1, iOS versión 14.8.1 y iPadOS versión 14.8.1, tvOS versión 15.1, watchOS versión 8.1. • http://www.openwall.com/lists/oss-security/2021/12/20/6 https://support.apple.com/en-us/HT212867 https://support.apple.com/en-us/HT212868 https://support.apple.com/en-us/HT212869 https://support.apple.com/en-us/HT212874 https://support.apple.com/en-us/HT212876 https://access.redhat.com/security/cve/CVE-2021-30888 https://bugzilla.redhat.com/show_bug.cgi?id=2034383 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •