CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2021-30691 – Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-30691
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. Se abordó un problema de divulgación de información con una administración de estado mejorada. Este problema es corregido en macOS Big Sur versión 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS versión 14.6 y iPadOS versión 14.6. • https://support.apple.com/en-us/HT212528 https://support.apple.com/en-us/HT212529 https://support.apple.com/en-us/HT212530 https://support.apple.com/en-us/HT212531 •
CVSS: 5.9EPSS: 1%CPEs: 34EXPL: 0CVE-2021-1884
https://notcve.org/view.php?id=CVE-2021-1884
A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service. Se abordó una condición de carrera con un bloqueo mejorado. Este problema es corregido en Security Update 2021-004 Mojave, iOS versión 14.5 y iPadOS versión 14.5, watchOS versión 7.4, Security Update 2021-003 Catalina, tvOS versión 14.5, macOS Big Sur versión 11.3. • https://support.apple.com/en-us/HT212317 https://support.apple.com/en-us/HT212323 https://support.apple.com/en-us/HT212324 https://support.apple.com/en-us/HT212325 https://support.apple.com/en-us/HT212530 https://support.apple.com/en-us/HT212531 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-36331 – libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c
https://notcve.org/view.php?id=CVE-2020-36331
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Se encontró una lectura fuera de límites en la función ChunkAssignData. • http://seclists.org/fulldisclosure/2021/Jul/54 https://bugzilla.redhat.com/show_bug.cgi?id=1956856 https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html https://security.netapp.com/advisory/ntap-20211112-0001 https://support.apple.com/kb/HT212601 https://www.debian.org/security/2021/dsa-4930 https://access.redhat.com/security/cve/CVE-2020-36331 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-36330 – libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c
https://notcve.org/view.php?id=CVE-2020-36330
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Se encontró una lectura fuera de límites en la función ChunkVerifyAndAssign. • http://seclists.org/fulldisclosure/2021/Jul/54 https://bugzilla.redhat.com/show_bug.cgi?id=1956853 https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html https://security.netapp.com/advisory/ntap-20211104-0004 https://support.apple.com/kb/HT212601 https://www.debian.org/security/2021/dsa-4930 https://access.redhat.com/security/cve/CVE-2020-36330 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-36329 – libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c
https://notcve.org/view.php?id=CVE-2020-36329
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Se encontró un uso de la memoria previamente liberada debido a que un subproceso se eliminó demasiado pronto. • http://seclists.org/fulldisclosure/2021/Jul/54 https://bugzilla.redhat.com/show_bug.cgi?id=1956843 https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html https://security.netapp.com/advisory/ntap-20211112-0001 https://support.apple.com/kb/HT212601 https://www.debian.org/security/2021/dsa-4930 https://access.redhat.com/security/cve/CVE-2020-36329 • CWE-416: Use After Free •