CVSS: 5.5EPSS: 0%CPEs: 36EXPL: 1CVE-2021-1883
https://notcve.org/view.php?id=CVE-2021-1883
This issue was addressed with improved checks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted server messages may lead to heap corruption. Este problema es abordado con comprobaciones mejoradas. Este problema se corrigió en Security Update 2021-004 Mojave, iOS versión 14.5 e iPadOS versión 14.5, watchOS versión 7.4, Security Update 2021-003 Catalina, tvOS versión 14.5, macOS Big Sur versión 11.3. • https://github.com/gabe-k/CVE-2021-1883 https://support.apple.com/en-us/HT212317 https://support.apple.com/en-us/HT212323 https://support.apple.com/en-us/HT212324 https://support.apple.com/en-us/HT212325 https://support.apple.com/en-us/HT212530 https://support.apple.com/en-us/HT212531 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2021-30685 – Apple macOS AudioToolboxCore AAC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-30685
This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Parsing a maliciously crafted audio file may lead to disclosure of user information. Se abordó este problema con comprobaciones mejoradas. Este problema es corregido en tvOS versión 14.6, iOS versión 14.6 y iPadOS versión 14.6, Security Update 2021-003 Catalina, macOS Big Sur versión 11.4, watchOS versión 7.5. • https://support.apple.com/en-us/HT212528 https://support.apple.com/en-us/HT212529 https://support.apple.com/en-us/HT212530 https://support.apple.com/en-us/HT212532 https://support.apple.com/en-us/HT212533 •
CVSS: 5.9EPSS: 1%CPEs: 34EXPL: 0CVE-2021-1884
https://notcve.org/view.php?id=CVE-2021-1884
A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service. Se abordó una condición de carrera con un bloqueo mejorado. Este problema es corregido en Security Update 2021-004 Mojave, iOS versión 14.5 y iPadOS versión 14.5, watchOS versión 7.4, Security Update 2021-003 Catalina, tvOS versión 14.5, macOS Big Sur versión 11.3. • https://support.apple.com/en-us/HT212317 https://support.apple.com/en-us/HT212323 https://support.apple.com/en-us/HT212324 https://support.apple.com/en-us/HT212325 https://support.apple.com/en-us/HT212530 https://support.apple.com/en-us/HT212531 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-30661 – Apple Multiple Products WebKit Storage Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2021-30661
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Se abordó un problema de uso de la memoria previamente liberada con una administración de la memoria mejorada. • https://support.apple.com/en-us/HT212317 https://support.apple.com/en-us/HT212318 https://support.apple.com/en-us/HT212323 https://support.apple.com/en-us/HT212324 https://support.apple.com/en-us/HT212325 https://support.apple.com/en-us/HT212341 https://access.redhat.com/security/cve/CVE-2021-30661 https://bugzilla.redhat.com/show_bug.cgi?id=1986870 • CWE-20: Improper Input Validation CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-30663 – Apple Multiple Products WebKit Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-30663
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un desbordamiento de enteros con una comprobación de entrada mejorada. Este problema es corregido en iOS versión 14.5.1 y iPadOS versión 14.5.1, tvOS versión 14.6, iOS versión 12.5.3, Safari versión 14.1.1, macOS Big Sur versión 11.3.1. • https://support.apple.com/en-us/HT212335 https://support.apple.com/en-us/HT212336 https://support.apple.com/en-us/HT212341 https://support.apple.com/en-us/HT212532 https://support.apple.com/en-us/HT212534 https://access.redhat.com/security/cve/CVE-2021-30663 https://bugzilla.redhat.com/show_bug.cgi?id=1986872 • CWE-190: Integer Overflow or Wraparound •