CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2021-30709 – Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-30709
26 May 2021 — This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. Se abordó este problema con comprobaciones mejoradas. Este problema es corregido en macOS Big Sur versión 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS versión 14.6 y iPadOS versión 14.6. • https://support.apple.com/en-us/HT212528 •
CVSS: 8.8EPSS: 0%CPEs: 37EXPL: 0CVE-2021-30737 – Apple Security Advisory 2021-05-25-1
https://notcve.org/view.php?id=CVE-2021-30737
26 May 2021 — A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted certificate may lead to arbitrary code execution. Se abordó un problema de corrupción de la memoria en el descodificador ASN.1 mediante la eliminación del código vulnerable. Este problema se corrigió en tvOS vers... • https://support.apple.com/en-us/HT212528 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-30749 – Apple WebKit KeyframeEffect Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-30749
26 May 2021 — Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordaron múltiples problemas de corrupción de la memoria con una administración de memoria mejorada. Este problema se corrigió en tvOS versión 14.6, iOS versión 14.6 e iPadOS versión 14.6, Safari versión 14.1.1, macOS Big Sur versión 11.4,... • https://support.apple.com/en-us/HT212528 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-30698 – Apple Security Advisory 2021-05-25-1
https://notcve.org/view.php?id=CVE-2021-30698
26 May 2021 — A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service. Se abordó un problema de desviación de puntero nulo con una comprobación de entrada mejorada. Este problema es corregido en macOS Big Sur versión 11.4, Safari versión 14.1.1, iOS versión 14.6 y iPadOS versión 14.6. • https://support.apple.com/en-us/HT212528 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2021-30691 – Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-30691
26 May 2021 — An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. Se abordó un problema de divulgación de información con una administración de estado mejorada. Este problema es corregido en macOS Big Sur versión 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS ... • https://support.apple.com/en-us/HT212528 •
CVSS: 7.1EPSS: 0%CPEs: 34EXPL: 0CVE-2021-30710 – Apple Security Advisory 2021-05-25-4
https://notcve.org/view.php?id=CVE-2021-30710
26 May 2021 — A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents. Se abordó un problema de corrupción de la memoria con una administración de estado mejorada. Este problema es corregido en tvOS versión 14.6, Security Update 2021-004 Mojave, iOS versi... • https://support.apple.com/en-us/HT212528 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-36331 – libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c
https://notcve.org/view.php?id=CVE-2020-36331
21 May 2021 — A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Se encontró una lectura fuera de límites en la función ChunkAssignData. • http://seclists.org/fulldisclosure/2021/Jul/54 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-36330 – libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c
https://notcve.org/view.php?id=CVE-2020-36330
21 May 2021 — A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Se encontró una lectura fuera de límites en la función ChunkVerifyAndAssign. • http://seclists.org/fulldisclosure/2021/Jul/54 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-36329 – libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c
https://notcve.org/view.php?id=CVE-2020-36329
21 May 2021 — A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Se encontró un uso de la memoria previamente liberada debido a que un subproceso se eliminó demasiado pronto. • http://seclists.org/fulldisclosure/2021/Jul/54 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-36328 – libwebp: heap-based buffer overflow in WebPDecode*Into functions
https://notcve.org/view.php?id=CVE-2020-36328
21 May 2021 — A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Un desbordamiento del búfer en la región heap de la memoria en la función WebPDecodeRGBInto es posible debido a una verificación no válida del tamaño del búfer. • http://seclists.org/fulldisclosure/2021/Jul/54 • CWE-787: Out-of-bounds Write •