CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2021-30701 – Apple macOS vImage PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-30701
26 May 2021 — This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to arbitrary code execution. Se abordó este problema con comprobaciones mejoradas. Este problema es corregido en tvOS versión 14.6, iOS versión 14.6 y iPadOS versión 14.6, Security Update 2021-003 Catalina, macOS Big Sur versión 11.4, watchOS versión 7.5. • https://support.apple.com/en-us/HT212528 •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2021-30693 – Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-30693
26 May 2021 — A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to arbitrary code execution. Se abordó un problema de comprobación con una lógica mejorada. Este problema es corregido en macOS Big Sur versión 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS versión 14.6 y iPadOS versión 14.6. • https://support.apple.com/en-us/HT212528 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-30682 – webkitgtk: Logic issue leading to leak of sensitive user information
https://notcve.org/view.php?id=CVE-2021-30682
26 May 2021 — A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. Se abordó un problema lógico con restricciones mejoradas. Este problema es corregido en tvOS versión 14.6, iOS versión 14.6 y iPadOS versión 14.6, Safari versión 14.1.1, macOS Big Sur versión 11.4, watchOS versión 7.5. • https://github.com/threatnix/csp-playground • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2021-30708 – Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-30708
26 May 2021 — An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. Se abordó una lectura fuera de límites con una comprobación de entrada mejorada. Este problema es corregido en macOS Big Sur versión 11.4, Security Update 2021-003 Catalina, Security Update... • https://support.apple.com/en-us/HT212528 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 36EXPL: 0CVE-2021-30677 – Apple Security Advisory 2021-05-25-1
https://notcve.org/view.php?id=CVE-2021-30677
26 May 2021 — This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to break out of its sandbox. Se abordó este problema con un saneamiento del entorno mejorado. Este problema es corregido en tvOS versión 14.6, iOS versión 14.6 y iPadOS versión 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave,... • https://support.apple.com/en-us/HT212528 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-30707 – Apple macOS AudioToolboxCore RF64 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-30707
26 May 2021 — This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted audio file may lead to arbitrary code execution. Se abordó este problema con comprobaciones mejoradas. Este problema es corregido en macOS Big Sur versión 11.4, tvOS versión 14.6, watchOS versión 7.5, iOS versión 14.6 y iPadOS versión 14.6. • https://support.apple.com/en-us/HT212528 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 1CVE-2021-30736 – Apple Security Advisory 2021-05-25-1
https://notcve.org/view.php?id=CVE-2021-30736
26 May 2021 — A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An application may be able to execute arbitrary code with kernel privileges. Se abordó Un desbordamiento de búfer con una mejora de la comprobación de tamaño. Este problema se corrigió en macOS Big Sur versión 11.4, tvOS versión 14.6, watchOS versión 7.5, iOS versión 14.6 e iPadOS versión 14.6. • https://packetstorm.news/files/id/163501 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-30744 – webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack
https://notcve.org/view.php?id=CVE-2021-30744
26 May 2021 — Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. Descripción: Se abordó un problema de origen cruzado con elementos iframe con un seguimiento de los orígenes de seguridad mejorados. Este problema se corrigió en tvOS versión 14.6, iOS versión 14.6 e iPad... • https://support.apple.com/en-us/HT212528 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2021-30697 – Apple Security Advisory 2021-05-25-4
https://notcve.org/view.php?id=CVE-2021-30697
26 May 2021 — A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local user may be able to leak sensitive user information. Se abordó un problema lógico con una administración de estado mejorada. Este problema es corregido en tvOS versión 14.6, Security Update 2021-004 Mojave, iOS versión 14.6 y iPadOS versión 14.6, Security Update 2021-003 Catalina, m... • https://support.apple.com/en-us/HT212528 •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-36331 – libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c
https://notcve.org/view.php?id=CVE-2020-36331
21 May 2021 — A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Se encontró una lectura fuera de límites en la función ChunkAssignData. • http://seclists.org/fulldisclosure/2021/Jul/54 • CWE-125: Out-of-bounds Read •