CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2021-31010 – Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-31010
24 Aug 2021 — A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release.. Se ha solucionado un problema de deserialización mediante una validación mejorada. • https://support.apple.com/en-us/HT212804 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-31009
https://notcve.org/view.php?id=CVE-2021-31009
24 Aug 2021 — Multiple issues were addressed by removing HDF5. This issue is fixed in iOS 15.2 and iPadOS 15.2, macOS Monterey 12.1. Multiple issues in HDF5. Se han solucionado múltiples problemas al eliminar HDF5. Este problema se ha solucionado en iOS 15.2 y iPadOS 15.2, macOS Monterey 12.1. • https://support.apple.com/en-us/HT212976 •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-31008
https://notcve.org/view.php?id=CVE-2021-31008
24 Aug 2021 — A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 15.1, tvOS 15.1, iOS 15 and iPadOS 15, macOS Monterey 12.0.1, watchOS 8.1. Processing maliciously crafted web content may lead to code execution. Se ha solucionado un problema de confusión de tipos con un mejor manejo de la memoria. Este problema se ha solucionado en Safari 15.1, tvOS 15.1, iOS 15 y iPadOS 15, macOS Monterey 12.0.1, watchOS 8.1. • https://support.apple.com/en-us/HT212814 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-31007
https://notcve.org/view.php?id=CVE-2021-31007
24 Aug 2021 — Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. A malicious application may be able to bypass Privacy preferences. Descripción: Se ha solucionado un problema de permisos con una validación mejorada. Este problema se ha solucionado en iOS 15.1 y iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. • https://support.apple.com/en-us/HT212867 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-31006
https://notcve.org/view.php?id=CVE-2021-31006
24 Aug 2021 — Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privacy preferences. Descripción: Se ha solucionado un problema de permisos con una validación mejorada. Este problema se ha solucionado en watchOS 7.6, tvOS 14.7 y macOS Big Sur 11.5. • https://support.apple.com/en-us/HT212602 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-31005
https://notcve.org/view.php?id=CVE-2021-31005
24 Aug 2021 — Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, macOS Monterey 12.0.1. Turning off "Block all remote content" may not apply to all remote content types. Descripción: Se ha solucionado un problema de lógica con la mejora de la gestión de estados. Este problema se ha solucionado en iOS 15 y iPadOS 15, macOS Monterey 12.0.1. • https://support.apple.com/en-us/HT212814 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31004
https://notcve.org/view.php?id=CVE-2021-31004
24 Aug 2021 — A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.5. An application may be able to gain elevated privileges. Se ha solucionado una condición de carrera con un bloqueo mejorado. Este problema se ha solucionado en macOS Monterey 12.0.1, macOS Big Sur 11.5. • https://support.apple.com/en-us/HT212602 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31002
https://notcve.org/view.php?id=CVE-2021-31002
24 Aug 2021 — An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code with system privileges. Se ha solucionado una lectura fuera de los límites con una validación de entrada mejorada. Este problema se ha solucionado en macOS Monterey 12.0.1, macOS Big Sur 11.6.2. • https://support.apple.com/en-us/HT212869 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-31000
https://notcve.org/view.php?id=CVE-2021-31000
24 Aug 2021 — A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact information. Se ha solucionado un problema de permisos con una validación mejorada. Este problema se ha solucionado en iOS 15.2 y iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. • https://support.apple.com/en-us/HT212975 • CWE-276: Incorrect Default Permissions •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2021-30996 – Apple Security Advisory 2021-12-15-1
https://notcve.org/view.php?id=CVE-2021-30996
24 Aug 2021 — A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges. Se solucionó una condición de carrera con un manejo de estado mejorado. Este problema se solucionó en macOS Monterey versión 12.1, iOS versión 15.2 e iPadOS versión 15.2. • https://support.apple.com/en-us/HT212976 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •