CVE-2021-1811
https://notcve.org/view.php?id=CVE-2021-1811
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory. Se abordó un problema lógico con una administración de estado mejorada. Este problema se corrigió en iTunes versión 12.11.3 para Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud para Windows versión 12.3, macOS Big Sur versión 11.3, watchOS versión 7.4, tvOS versión 14.5, iOS versión 14.5 e iPadOS versión 14.5. • https://support.apple.com/en-us/HT212317 https://support.apple.com/en-us/HT212319 https://support.apple.com/en-us/HT212321 https://support.apple.com/en-us/HT212323 https://support.apple.com/en-us/HT212324 https://support.apple.com/en-us/HT212325 https://support.apple.com/en-us/HT212326 https://support.apple.com/en-us/HT212327 •
CVE-2021-1825 – webkitgtk: Input validation issue leading to cross site scripting attack
https://notcve.org/view.php?id=CVE-2021-1825
An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. Se abordó un problema de comprobación de entradas con una comprobación de entrada mejorada. Este problema se corrigió en iTunes versión 12.11.3 para Windows, iCloud para Windows versión 12.3, macOS Big Sur versión 11.3, Safari versión 14.1, watchOS versión 7.4, tvOS versión 14.5, iOS versión 14.5 e iPadOS versión 14.5. • https://support.apple.com/en-us/HT212317 https://support.apple.com/en-us/HT212318 https://support.apple.com/en-us/HT212319 https://support.apple.com/en-us/HT212321 https://support.apple.com/en-us/HT212323 https://support.apple.com/en-us/HT212324 https://support.apple.com/en-us/HT212325 https://access.redhat.com/security/cve/CVE-2021-1825 https://bugzilla.redhat.com/show_bug.cgi?id=1986858 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-7463
https://notcve.org/view.php?id=CVE-2020-7463
In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. En FreeBSD versiones 12.1-STABLE anteriores a r364644, 11.4-STABLE anteriores a r364651, 12.1-RELEASE anteriores a p9, 11.4-RELEASE anteriores a p3 y 11.3-RELEASE anteriores a p13, el manejo inapropiado en el kernel causa un bug de uso de la memoria previamente liberada mediante el envío de mensajes de usuario grandes de múltiples subprocesos en el mismo socket SCTP. La situación del uso de la memoria previamente liberada puede resultar en un comportamiento del kernel no deseado, incluyendo un pánico del kernel. • http://seclists.org/fulldisclosure/2021/Apr/49 http://seclists.org/fulldisclosure/2021/Apr/50 http://seclists.org/fulldisclosure/2021/Apr/57 http://seclists.org/fulldisclosure/2021/Apr/58 http://seclists.org/fulldisclosure/2021/Apr/59 https://security.FreeBSD.org/advisories/FreeBSD-SA-20:25.sctp.asc https://support.apple.com/kb/HT212317 https://support.apple.com/kb/HT212318 https://support.apple.com/kb/HT212319 https://support.apple.com/kb/HT212321 https://support.app • CWE-416: Use After Free •
CVE-2020-29617
https://notcve.org/view.php?id=CVE-2020-29617
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption. Se abordó una lectura fuera de límites con una comprobación de la entrada mejorada. Este problema es corregido en tvOS versión 14.3, macOS Big Sur versión 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS versión 14.3 y iPadOS versión 14.3, iCloud para Windows versión 12.0, watchOS versión 7.2. • https://support.apple.com/en-us/HT212003 https://support.apple.com/en-us/HT212005 https://support.apple.com/en-us/HT212009 https://support.apple.com/en-us/HT212011 https://support.apple.com/en-us/HT212145 • CWE-125: Out-of-bounds Read •
CVE-2020-29611 – macOS ImageIO Out-Of-Bounds Write
https://notcve.org/view.php?id=CVE-2020-29611
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en tvOS versión 14.3, macOS Big Sur versión 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS versión 14.3 y iPadOS versión 14.3, iCloud para Windows versión 12.0, watchOS versión 7.2. • https://support.apple.com/en-us/HT212003 https://support.apple.com/en-us/HT212005 https://support.apple.com/en-us/HT212009 https://support.apple.com/en-us/HT212011 https://support.apple.com/en-us/HT212145 • CWE-787: Out-of-bounds Write •