CVE-2021-30708 – Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-30708
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. Se abordó una lectura fuera de límites con una comprobación de entrada mejorada. Este problema es corregido en macOS Big Sur versión 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS versión 14.6 y iPadOS versión 14.6. • https://support.apple.com/en-us/HT212528 https://support.apple.com/en-us/HT212529 https://support.apple.com/en-us/HT212530 https://support.apple.com/en-us/HT212531 • CWE-125: Out-of-bounds Read •
CVE-2021-30700
https://notcve.org/view.php?id=CVE-2021-30700
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to disclosure of user information. Se abordó este problema con comprobaciones mejoradas. Este problema es corregido en macOS Big Sur versión 11.4, tvOS versión 14.6, watchOS versión 7.5, iOS versión 14.6 y iPadOS versión 14.6. • https://support.apple.com/en-us/HT212528 https://support.apple.com/en-us/HT212529 https://support.apple.com/en-us/HT212532 https://support.apple.com/en-us/HT212533 •
CVE-2021-30689 – webkitgtk: Logic issue leading to universal cross site scripting attack
https://notcve.org/view.php?id=CVE-2021-30689
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. Se abordó un problema lógico con una administración de estado mejorada. Este problema es corregido en tvOS versión 14.6, iOS versión 14.6 y iPadOS versión 14.6, Safari versión 14.1.1, macOS Big Sur versión 11.4, watchOS versión 7.5. • https://support.apple.com/en-us/HT212528 https://support.apple.com/en-us/HT212529 https://support.apple.com/en-us/HT212532 https://support.apple.com/en-us/HT212533 https://support.apple.com/en-us/HT212534 https://access.redhat.com/security/cve/CVE-2021-30689 https://bugzilla.redhat.com/show_bug.cgi?id=1986881 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-30667
https://notcve.org/view.php?id=CVE-2021-30667
A logic issue was addressed with improved validation. This issue is fixed in iOS 14.6 and iPadOS 14.6. An attacker in WiFi range may be able to force a client to use a less secure authentication mechanism. Se abordó un problema lógico con una comprobación mejorada. Este problema es corregido en iOS versión 14.6 y iPadOS versión 14.6. • https://support.apple.com/en-us/HT212528 • CWE-287: Improper Authentication •
CVE-2021-30677
https://notcve.org/view.php?id=CVE-2021-30677
This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to break out of its sandbox. Se abordó este problema con un saneamiento del entorno mejorado. Este problema es corregido en tvOS versión 14.6, iOS versión 14.6 y iPadOS versión 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur versión 11.4, watchOS versión 7.5. • https://support.apple.com/en-us/HT212528 https://support.apple.com/en-us/HT212529 https://support.apple.com/en-us/HT212532 https://support.apple.com/en-us/HT212533 https://support.apple.com/en-us/HT212600 https://support.apple.com/en-us/HT212603 https://support.apple.com/kb/HT212602 •