CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1837
https://notcve.org/view.php?id=CVE-2021-1837
A certificate validation issue was addressed. This issue is fixed in iOS 14.5 and iPadOS 14.5. An attacker in a privileged network position may be able to alter network traffic. Se abordó un problema de comprobación de certificados. Este problema se corrigió en iOS versión 14.5 e iPadOS versión 14.5. • https://support.apple.com/en-us/HT212317 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 36EXPL: 0CVE-2021-1811
https://notcve.org/view.php?id=CVE-2021-1811
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory. Se abordó un problema lógico con una administración de estado mejorada. Este problema se corrigió en iTunes versión 12.11.3 para Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud para Windows versión 12.3, macOS Big Sur versión 11.3, watchOS versión 7.4, tvOS versión 14.5, iOS versión 14.5 e iPadOS versión 14.5. • https://support.apple.com/en-us/HT212317 https://support.apple.com/en-us/HT212319 https://support.apple.com/en-us/HT212321 https://support.apple.com/en-us/HT212323 https://support.apple.com/en-us/HT212324 https://support.apple.com/en-us/HT212325 https://support.apple.com/en-us/HT212326 https://support.apple.com/en-us/HT212327 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1854
https://notcve.org/view.php?id=CVE-2021-1854
A call termination issue with was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A legacy cellular network can automatically answer an incoming call when an ongoing call ends or drops. . Se abordó un problema de terminación de llamadas con una lógica mejorada. Este problema se corrigió en iOS versión 14.5 e iPadOS versión 14.5. • https://support.apple.com/en-us/HT212317 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-1820 – webkitgtk: Memory initialization issue possibly leading to memory disclosure
https://notcve.org/view.php?id=CVE-2021-1820
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. Se abordó un problema de inicialización de la memoria con un manejo de la memoria mejorada. Este problema se corrigió en macOS Big Sur versión 11.3, iOS versión 14.5 e iPadOS versión 14.5, watchOS versión 7.4, tvOS versión 14.5. • https://support.apple.com/en-us/HT212317 https://support.apple.com/en-us/HT212323 https://support.apple.com/en-us/HT212324 https://support.apple.com/en-us/HT212325 https://access.redhat.com/security/cve/CVE-2021-1820 https://bugzilla.redhat.com/show_bug.cgi?id=1986856 • CWE-20: Improper Input Validation CWE-665: Improper Initialization •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-1826 – webkitgtk: Logic issue leading to universal cross site scripting attack
https://notcve.org/view.php?id=CVE-2021-1826
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting. Se abordó un problema lógico con restricciones mejoradas. Este problema se corrigió en macOS Big Sur versión 11.3, iOS versión 14.5 e iPadOS versión 14.5, watchOS versión 7.4, tvOS versión 14.5. • https://support.apple.com/en-us/HT212317 https://support.apple.com/en-us/HT212323 https://support.apple.com/en-us/HT212324 https://support.apple.com/en-us/HT212325 https://access.redhat.com/security/cve/CVE-2021-1826 https://bugzilla.redhat.com/show_bug.cgi?id=1986860 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •