CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-1879 – Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-1879
This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.. Este problema es abordado con una administración del tiempo de vida de objetos mejorada. • https://support.apple.com/en-us/HT212256 https://support.apple.com/en-us/HT212257 https://support.apple.com/en-us/HT212258 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1801 – webkitgtk: IFrame sandboxing policy violation
https://notcve.org/view.php?id=CVE-2021-1801
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. Este problema es abordado con una aplicación del sandbox de iframe mejorado. Este problema es corregido en macOS Big Sur versión 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS versión 7.3, tvOS versión 14.4, iOS versión 14.4 y iPadOS versión 14.4. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU https://security.gentoo.org/glsa/202104-03 https://support.apple.com/en-us/HT212146 https://support.apple.com/en-us/HT212147 https://support.apple.com/en-us/HT212148 https://support.apple.com/en-us/HT212149 https://access.redhat.com/security/cve/CVE-2021-1801&# • CWE-863: Incorrect Authorization •
CVSS: 3.3EPSS: 0%CPEs: 22EXPL: 0CVE-2020-29623 – webkitgtk: User may be unable to fully delete browsing history
https://notcve.org/view.php?id=CVE-2020-29623
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. "Clear History and Website Data" no borró el historial. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU https://security.gentoo.org/glsa/202104-03 https://support.apple.com/en-us/HT212003 https://support.apple.com/en-us/HT212005 https://support.apple.com/en-us/HT212011 https://access.redhat.com/security/cve/CVE-2020-29623 https://bugzilla.redhat.com/show_bug.cgi&# • CWE-459: Incomplete Cleanup •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-1799 – webkitgtk: Access to restricted ports on arbitrary servers via port redirection
https://notcve.org/view.php?id=CVE-2021-1799
A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. Se abordó un problema de redirección de puertos con una comprobación de puertos adicional. Este problema es corregido en macOS Big Sur versión 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS versión 14.4, watchOS versión 7.3, iOS versión 14.4 y iPadOS versión 14.4, Safari versión 14.0.3. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU https://security.gentoo.org/glsa/202104-03 https://support.apple.com/en-us/HT212146 https://support.apple.com/en-us/HT212147 https://support.apple.com/en-us/HT212148 https://support.apple.com/en-us/HT212149 https://support.apple.com/en-us/HT212152 https:/&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2020-7463
https://notcve.org/view.php?id=CVE-2020-7463
In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. En FreeBSD versiones 12.1-STABLE anteriores a r364644, 11.4-STABLE anteriores a r364651, 12.1-RELEASE anteriores a p9, 11.4-RELEASE anteriores a p3 y 11.3-RELEASE anteriores a p13, el manejo inapropiado en el kernel causa un bug de uso de la memoria previamente liberada mediante el envío de mensajes de usuario grandes de múltiples subprocesos en el mismo socket SCTP. La situación del uso de la memoria previamente liberada puede resultar en un comportamiento del kernel no deseado, incluyendo un pánico del kernel. • http://seclists.org/fulldisclosure/2021/Apr/49 http://seclists.org/fulldisclosure/2021/Apr/50 http://seclists.org/fulldisclosure/2021/Apr/57 http://seclists.org/fulldisclosure/2021/Apr/58 http://seclists.org/fulldisclosure/2021/Apr/59 https://security.FreeBSD.org/advisories/FreeBSD-SA-20:25.sctp.asc https://support.apple.com/kb/HT212317 https://support.apple.com/kb/HT212318 https://support.apple.com/kb/HT212319 https://support.apple.com/kb/HT212321 https://support.app • CWE-416: Use After Free •