CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0CVE-2021-30792 – Apple macOS ModelIO ABC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-30792
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted image may lead to arbitrary code execution. Se abordó una escritura fuera de límites con una comprobación de entrada mejorada. Este problema se corrigió en iOS versión 14.7, macOS Big Sur versión 11.5. • https://support.apple.com/en-us/HT212601 https://support.apple.com/en-us/HT212602 https://support.apple.com/kb/HT212600 https://support.apple.com/kb/HT212603 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-30583
https://notcve.org/view.php?id=CVE-2021-30583
Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una aplicación insuficiente de políticas en image handling en iOS en Google Chrome en iOS anterior a versión 92.0.4515.107, permitía a un atacante remoto filtrar datos cross-origin por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html https://crbug.com/1179290 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-30802
https://notcve.org/view.php?id=CVE-2021-30802
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de uso de memoria previamente liberada con una administración de memoria mejorada. Este problema se corrigió en iOS versión 14.7 y tvOS versión 14.7. • https://support.apple.com/en-us/HT212601 https://support.apple.com/en-us/HT212604 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-30797 – webkitgtk: Insufficient checks leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-30797
This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution. Este problema se abordó con una comprobación mejorada. Este problema se corrigió en iOS versión 14.7, Safari versión 14.1.2, macOS Big Sur versión 11.5, watchOS versión 7.6, tvOS versión 14.7. • https://support.apple.com/en-us/HT212601 https://support.apple.com/en-us/HT212602 https://support.apple.com/en-us/HT212604 https://support.apple.com/en-us/HT212605 https://support.apple.com/en-us/HT212606 https://access.redhat.com/security/cve/CVE-2021-30797 https://bugzilla.redhat.com/show_bug.cgi?id=1986902 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-30795 – webkitgtk: Use-after-free leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-30795
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de uso de memoria previamente liberada con una administración de memoria mejorada. Este problema se corrigió en iOS versión 14.7, Safari versión 14.1.2, macOS Big Sur versión 11.5, watchOS versión 7.6, tvOS versión 14.7. • https://support.apple.com/en-us/HT212601 https://support.apple.com/en-us/HT212602 https://support.apple.com/en-us/HT212604 https://support.apple.com/en-us/HT212605 https://support.apple.com/en-us/HT212606 https://access.redhat.com/security/cve/CVE-2021-30795 https://bugzilla.redhat.com/show_bug.cgi?id=1986900 • CWE-20: Improper Input Validation CWE-416: Use After Free •