CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-30797 – webkitgtk: Insufficient checks leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-30797
This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution. Este problema se abordó con una comprobación mejorada. Este problema se corrigió en iOS versión 14.7, Safari versión 14.1.2, macOS Big Sur versión 11.5, watchOS versión 7.6, tvOS versión 14.7. • https://support.apple.com/en-us/HT212601 https://support.apple.com/en-us/HT212602 https://support.apple.com/en-us/HT212604 https://support.apple.com/en-us/HT212605 https://support.apple.com/en-us/HT212606 https://access.redhat.com/security/cve/CVE-2021-30797 https://bugzilla.redhat.com/show_bug.cgi?id=1986902 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-30795 – webkitgtk: Use-after-free leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-30795
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de uso de memoria previamente liberada con una administración de memoria mejorada. Este problema se corrigió en iOS versión 14.7, Safari versión 14.1.2, macOS Big Sur versión 11.5, watchOS versión 7.6, tvOS versión 14.7. • https://support.apple.com/en-us/HT212601 https://support.apple.com/en-us/HT212602 https://support.apple.com/en-us/HT212604 https://support.apple.com/en-us/HT212605 https://support.apple.com/en-us/HT212606 https://access.redhat.com/security/cve/CVE-2021-30795 https://bugzilla.redhat.com/show_bug.cgi?id=1986900 • CWE-20: Improper Input Validation CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-30758 – webkitgtk: Type confusion leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-30758
A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de confusión de tipo con un manejo de estado mejorado. Este problema se corrigió en iOS versión 14.7, Safari versión 14.1.2, macOS Big Sur versión 11.5, watchOS versión 7.6, tvOS versión 14.7. • https://support.apple.com/en-us/HT212601 https://support.apple.com/en-us/HT212602 https://support.apple.com/en-us/HT212604 https://support.apple.com/en-us/HT212605 https://support.apple.com/en-us/HT212606 https://access.redhat.com/security/cve/CVE-2021-30758 https://bugzilla.redhat.com/show_bug.cgi?id=1986892 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-30720 – webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers
https://notcve.org/view.php?id=CVE-2021-30720
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. Se abordó un problema lógico con restricciones mejoradas. Este problema se corrigió en tvOS versión 14.6, iOS versión 14.6 e iPadOS versión 14.6, Safari versión 14.1.1, macOS Big Sur versión 11.4, watchOS versión 7.5. • https://support.apple.com/en-us/HT212528 https://support.apple.com/en-us/HT212529 https://support.apple.com/en-us/HT212532 https://support.apple.com/en-us/HT212533 https://support.apple.com/en-us/HT212534 https://access.redhat.com/security/cve/CVE-2021-30720 https://bugzilla.redhat.com/show_bug.cgi?id=1986883 • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-30744 – webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack
https://notcve.org/view.php?id=CVE-2021-30744
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. Descripción: Se abordó un problema de origen cruzado con elementos iframe con un seguimiento de los orígenes de seguridad mejorados. Este problema se corrigió en tvOS versión 14.6, iOS versión 14.6 e iPadOS versión 14.6, Safari versión 14.1.1, macOS Big Sur versión 11.4, watchOS versión 7.5. • https://support.apple.com/en-us/HT212528 https://support.apple.com/en-us/HT212529 https://support.apple.com/en-us/HT212532 https://support.apple.com/en-us/HT212533 https://support.apple.com/en-us/HT212534 https://access.redhat.com/security/cve/CVE-2021-30744 https://bugzilla.redhat.com/show_bug.cgi?id=1986888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •