CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1801 – webkitgtk: IFrame sandboxing policy violation
https://notcve.org/view.php?id=CVE-2021-1801
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. Este problema es abordado con una aplicación del sandbox de iframe mejorado. Este problema es corregido en macOS Big Sur versión 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS versión 7.3, tvOS versión 14.4, iOS versión 14.4 y iPadOS versión 14.4. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU https://security.gentoo.org/glsa/202104-03 https://support.apple.com/en-us/HT212146 https://support.apple.com/en-us/HT212147 https://support.apple.com/en-us/HT212148 https://support.apple.com/en-us/HT212149 https://access.redhat.com/security/cve/CVE-2021-1801&# • CWE-863: Incorrect Authorization •
CVSS: 3.3EPSS: 0%CPEs: 22EXPL: 0CVE-2020-29623 – webkitgtk: User may be unable to fully delete browsing history
https://notcve.org/view.php?id=CVE-2020-29623
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. "Clear History and Website Data" no borró el historial. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU https://security.gentoo.org/glsa/202104-03 https://support.apple.com/en-us/HT212003 https://support.apple.com/en-us/HT212005 https://support.apple.com/en-us/HT212011 https://access.redhat.com/security/cve/CVE-2020-29623 https://bugzilla.redhat.com/show_bug.cgi&# • CWE-459: Incomplete Cleanup •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2020-7463
https://notcve.org/view.php?id=CVE-2020-7463
In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. En FreeBSD versiones 12.1-STABLE anteriores a r364644, 11.4-STABLE anteriores a r364651, 12.1-RELEASE anteriores a p9, 11.4-RELEASE anteriores a p3 y 11.3-RELEASE anteriores a p13, el manejo inapropiado en el kernel causa un bug de uso de la memoria previamente liberada mediante el envío de mensajes de usuario grandes de múltiples subprocesos en el mismo socket SCTP. La situación del uso de la memoria previamente liberada puede resultar en un comportamiento del kernel no deseado, incluyendo un pánico del kernel. • http://seclists.org/fulldisclosure/2021/Apr/49 http://seclists.org/fulldisclosure/2021/Apr/50 http://seclists.org/fulldisclosure/2021/Apr/57 http://seclists.org/fulldisclosure/2021/Apr/58 http://seclists.org/fulldisclosure/2021/Apr/59 https://security.FreeBSD.org/advisories/FreeBSD-SA-20:25.sctp.asc https://support.apple.com/kb/HT212317 https://support.apple.com/kb/HT212318 https://support.apple.com/kb/HT212319 https://support.apple.com/kb/HT212321 https://support.app • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1844 – webkitgtk: Memory corruption issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-1844
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de corrupción de memoria con una comprobación mejorada. Este problema es corregido en iOS versión 14.4.1 y iPadOS versión 14.4.1, Safari versión 14.0.3 (versiones v.14610.4.3.1.7 y 15610.4.3.1.7), watchOS versión 7.3.2, macOS Big Sur versión 11.2.3. • http://seclists.org/fulldisclosure/2021/Apr/55 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU https://support.apple.com/en-us/HT212220 https://support.apple.com/en-us/HT212221 https://support.apple.com/en-us/HT212222 https://support.apple.com/en-us/HT212223 https://support.apple.com/kb/HT212323 https://www.debian.org/security/2021/dsa-4923 https://access.redhat.com/security/cve/CVE-2021-1844 https://b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 85%CPEs: 21EXPL: 12CVE-2021-21300 – malicious repositories can execute remote code while cloning
https://notcve.org/view.php?id=CVE-2021-21300
Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. • https://github.com/AlkenePan/CVE-2021-21300 https://github.com/Maskhe/CVE-2021-21300 https://github.com/1uanWu/CVE-2021-21300 https://github.com/Roboterh/CVE-2021-21300 https://github.com/Saboor-Hakimi-23/CVE-2021-21300 https://github.com/Kirill89/CVE-2021-21300 https://github.com/erranfenech/CVE-2021-21300 https://github.com/fengzhouc/CVE-2021-21300 https://github.com/danshuizhangyu/CVE-2021-21300 https://github.com/Faisal78123/CVE-2021-21300 http://packetstormsecurity. • CWE-59: Improper Link Resolution Before File Access ('Link Following') •