CVSS: 3.3EPSS: 0%CPEs: 22EXPL: 0CVE-2020-29623 – webkitgtk: User may be unable to fully delete browsing history
https://notcve.org/view.php?id=CVE-2020-29623
28 Mar 2021 — "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. "Clear History and Website Data" no borró el historial. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ • CWE-459: Incomplete Cleanup •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1801 – webkitgtk: IFrame sandboxing policy violation
https://notcve.org/view.php?id=CVE-2021-1801
28 Mar 2021 — This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. Este problema es abordado con una aplicación del sandbox de iframe mejorado. Este problema es corregido en macOS Big Sur versión 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchO... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2020-7463
https://notcve.org/view.php?id=CVE-2020-7463
26 Mar 2021 — In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. En FreeBSD versiones 12.1-STABLE anteriores a r364644, 11.4-STABLE anteriores a r364651, 12.1-RELEASE anteriores a p9, 11.4-RELEASE a... • http://seclists.org/fulldisclosure/2021/Apr/49 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1844 – webkitgtk: Memory corruption issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-1844
09 Mar 2021 — A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de corrupción de memoria con una comprobación mejorada. Este problema es corregido en iOS versión 14.4.1 y iPadOS versión 14.4.1, Safari versión 14.0.3 (versiones v.14610.4.3.1.7 y 15610.4.3.1.7),... • http://seclists.org/fulldisclosure/2021/Apr/55 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 2%CPEs: 38EXPL: 2CVE-2021-23841 – Null pointer deref in X509_issuer_and_serial_hash()
https://notcve.org/view.php?id=CVE-2021-23841
16 Feb 2021 — The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never di... • https://github.com/Trinadh465/external_boringssl_openssl_1.1.0g_CVE-2021-23841 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2020-29624 – Apple CoreText libFontParser.dylib Stack Corruption
https://notcve.org/view.php?id=CVE-2020-29624
05 Feb 2021 — A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution. Se presentó un problema de corrupción de memoria en un procesamiento de archivos de fuentes. • https://support.apple.com/en-us/HT212003 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-1793
https://notcve.org/view.php?id=CVE-2021-1793
02 Feb 2021 — This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. Este problema es abordado con una comprobación de la entrada mejorada. Este problema es corregido en macOS Big Sur versión 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS versión 7.3, tvOS... • https://support.apple.com/en-us/HT212146 •
CVSS: 8.8EPSS: 3%CPEs: 26EXPL: 0CVE-2021-1789 – Apple Multiple Products Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2021-1789
02 Feb 2021 — A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de confusión de tipos con un manejo del estado mejorado. Este problema es corregido en macOS Big Sur versión 11.2, Security Update 2021-001 Catalina, Security Up... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2021-1785
https://notcve.org/view.php?id=CVE-2021-1785
02 Feb 2021 — An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. Se abordó una lectura fuera de límites con una comprobación de la entrada mejorada. Este problema es corregido en macOS Big Sur versión 11.2, Security Update 2021-001 Catalina, Security Update 2021-001... • https://support.apple.com/en-us/HT212146 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 23EXPL: 0CVE-2021-1791 – Apple iOS FairplayIOKit Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1791
02 Feb 2021 — An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory. Se presentó un problema de lectura fuera de límites que conllevó a una divulgación de la memoria del kernel. • https://support.apple.com/en-us/HT212146 • CWE-125: Out-of-bounds Read •