CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0CVE-2021-30746 – Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-30746
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. Se abordó una lectura fuera de límites con una comprobación de entrada mejorada. Este problema se corrigió en macOS Big Sur versión 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS versión 14.6 e iPadOS versión 14.6. • https://support.apple.com/en-us/HT212528 https://support.apple.com/en-us/HT212529 https://support.apple.com/en-us/HT212530 https://support.apple.com/en-us/HT212531 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 34EXPL: 0CVE-2021-30710
https://notcve.org/view.php?id=CVE-2021-30710
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents. Se abordó un problema de corrupción de la memoria con una administración de estado mejorada. Este problema es corregido en tvOS versión 14.6, Security Update 2021-004 Mojave, iOS versión 14.6 y iPadOS versión 14.6, Security Update 2021-003 Catalina, macOS Big Sur versión 11.4, watchOS versión 7.5. • https://support.apple.com/en-us/HT212528 https://support.apple.com/en-us/HT212529 https://support.apple.com/en-us/HT212530 https://support.apple.com/en-us/HT212531 https://support.apple.com/en-us/HT212532 https://support.apple.com/en-us/HT212533 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2021-30724 – Apple macOS CVMServer Integer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-30724
This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local attacker may be able to elevate their privileges. Este problema se abordó con comprobaciones mejoradas. Este problema se corrigió en tvOS versión 14.6, Security Update 2021-004 Mojave, iOS versión 14.6 e iPadOS versión 14.6, Security Update 2021-003 Catalina, macOS Big Sur versión 11.4, watchOS versión 7.5. • https://support.apple.com/en-us/HT212528 https://support.apple.com/en-us/HT212529 https://support.apple.com/en-us/HT212530 https://support.apple.com/en-us/HT212531 https://support.apple.com/en-us/HT212532 https://support.apple.com/en-us/HT212533 •
CVSS: 8.8EPSS: 0%CPEs: 37EXPL: 0CVE-2021-30737
https://notcve.org/view.php?id=CVE-2021-30737
A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted certificate may lead to arbitrary code execution. Se abordó un problema de corrupción de la memoria en el descodificador ASN.1 mediante la eliminación del código vulnerable. Este problema se corrigió en tvOS versión 14.6, Security Update 2021-004 Mojave, iOS versión 14.6 e iPadOS versión 14.6, iOS versión 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur versión 11.4, watchOS versión 7.5. • https://support.apple.com/en-us/HT212528 https://support.apple.com/en-us/HT212529 https://support.apple.com/en-us/HT212530 https://support.apple.com/en-us/HT212531 https://support.apple.com/en-us/HT212532 https://support.apple.com/en-us/HT212533 https://support.apple.com/en-us/HT212548 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 36EXPL: 0CVE-2021-30677
https://notcve.org/view.php?id=CVE-2021-30677
This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to break out of its sandbox. Se abordó este problema con un saneamiento del entorno mejorado. Este problema es corregido en tvOS versión 14.6, iOS versión 14.6 y iPadOS versión 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur versión 11.4, watchOS versión 7.5. • https://support.apple.com/en-us/HT212528 https://support.apple.com/en-us/HT212529 https://support.apple.com/en-us/HT212532 https://support.apple.com/en-us/HT212533 https://support.apple.com/en-us/HT212600 https://support.apple.com/en-us/HT212603 https://support.apple.com/kb/HT212602 •