CVE-2021-30903
https://notcve.org/view.php?id=CVE-2021-30903
This issue was addressed with improved checks. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1. A local attacker may be able to cause unexpected application termination or arbitrary code execution. Este problema se abordó con comprobaciones mejoradas. Este problema se corrigió en iOS versión 14.8.1 y iPadOS versión 14.8.1, iOS versión 15.1 y iPadOS versión 15.1, macOS Monterey versión 12.0.1. • https://support.apple.com/en-us/HT212867 https://support.apple.com/en-us/HT212868 https://support.apple.com/en-us/HT212869 https://support.apple.com/kb/HT212871 https://support.apple.com/kb/HT212872 https://support.apple.com/kb/HT212874 https://support.apple.com/kb/HT212876 •
CVE-2021-30897 – webkitgtk: Cross-origin data exfiltration via resource timing API
https://notcve.org/view.php?id=CVE-2021-30897
An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin. Existía un problema en la especificación de la API de sincronización de recursos. • https://support.apple.com/en-us/HT212869 https://support.apple.com/kb/HT212814 https://support.apple.com/kb/HT212815 https://access.redhat.com/security/cve/CVE-2021-30897 https://bugzilla.redhat.com/show_bug.cgi?id=2038907 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-30890 – webkitgtk: Logic issue leading to universal cross-site scripting
https://notcve.org/view.php?id=CVE-2021-30890
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting. Se abordó un problema lógico con una administración de estado mejorada. Este problema se corrigió en macOS Monterey versión 12.0.1, iOS versión 15.1 y iPadOS versión 15.1, watchOS versión 8.1, tvOS versión 15.1. • http://www.openwall.com/lists/oss-security/2021/12/20/6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V https://support.apple.com/en-us/HT212867 https://support.apple.com/en-us/HT212869 https://support.apple.com/en-us/HT212874 https://support.apple.com/en-us/HT212876 https://www.debian.org/security/20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-30889 – webkitgtk: Buffer overflow leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-30889
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de desbordamiento del búfer con un manejo de memoria mejorada. Este problema se corrigió en macOS Monterey versión 12.0.1, iOS versión 15.1 y iPadOS versión 15.1, watchOS versión 8.1, tvOS versión 15.1. • http://www.openwall.com/lists/oss-security/2021/12/20/6 https://support.apple.com/en-us/HT212867 https://support.apple.com/en-us/HT212869 https://support.apple.com/en-us/HT212874 https://support.apple.com/en-us/HT212876 https://access.redhat.com/security/cve/CVE-2021-30889 https://bugzilla.redhat.com/show_bug.cgi?id=2034386 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-30888 – webkitgtk: Information leak via Content Security Policy reports
https://notcve.org/view.php?id=CVE-2021-30888
An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior . Se abordó un problema de filtrado de información. Este problema se corrigió en iOS versión 15.1 y iPadOS versión 15.1, macOS Monterey versión 12.0.1, iOS versión 14.8.1 y iPadOS versión 14.8.1, tvOS versión 15.1, watchOS versión 8.1. • http://www.openwall.com/lists/oss-security/2021/12/20/6 https://support.apple.com/en-us/HT212867 https://support.apple.com/en-us/HT212868 https://support.apple.com/en-us/HT212869 https://support.apple.com/en-us/HT212874 https://support.apple.com/en-us/HT212876 https://access.redhat.com/security/cve/CVE-2021-30888 https://bugzilla.redhat.com/show_bug.cgi?id=2034383 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •