8351 matches found
CVE-2021-30889
CVE-2021-30889 : Buffer overflow in WebKitGTK leading to arbitrary code execution when processing malicious web content. Affected product: WebKitGTK/WebKit. Root cause: buffer overflow in WebKitGTK components (WebCore::ImageBufferCairoImageSurfaceBackend::create). Public references in ALAS2 advis...
CVE-2021-30889
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to arbitrary code execution...
CVE-2021-30889
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to arbitrary code execution...
CVE-2021-30888
An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior...
CVE-2021-30888
An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior...
CVE-2021-30888
An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior...
CVE-2021-30887
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy...
CVE-2021-30887
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy...
CVE-2021-30886
CVE-2021-30886 is a kernel-use-after-free in Apple OS kernels (macOS, iOS/iPadOS, watchOS, tvOS) that could allow a local attacker to execute arbitrary code with kernel privileges. Apple fixes claim improved memory management in the kernel; affected products include macOS Monterey 12.0.1, iOS 15....
CVE-2021-30884
The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing history...
CVE-2021-30884
CVE-2021-30884 relates to WebKit-based rendering components (notably WebKitGTK/WebKit on embedded platforms) where an issue in CSS compositing could allow a malicious website to reveal browsing history. The root cause is described as limitations or restrictions on CSS compositing. The vulnerabili...
CVE-2021-30882
A logic issue was addressed with improved validation. This issue is fixed in watchOS 8, iOS 15 and iPadOS 15. An application with microphone permission may unexpectedly access microphone input during a FaceTime call...
CVE-2021-30883
CVE-2021-30883 is an memory-corruption vulnerability in Apple’s IOMobileFrameBuffer that can allow a malicious app to execute arbitrary code with kernel privileges. Apple patched it across iOS/iPadOS 14.8.1 and 15.0.2, macOS Big Sur 11.6.1 and Monterey 12.0.1, tvOS 15.1, and watchOS 8.1. The Appl...
CVE-2021-30882
CVE-2021-30882 is a logic-issue vulnerability in Apple's FaceTime access flow. It could allow an app with microphone permission to unexpectedly access microphone input during a FaceTime call. Affected platforms: watchOS 8, iOS 15, and iPadOS 15; fix/mitigation: patches are in those OS versions. I...
CVE-2021-30881
An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Unpacking a maliciously crafted archive may lead to arbitrary code...
CVE-2021-30875
The CVE-2021-30875 issue affects iOS/iPadOS and was reported as a lock-screen vulnerability in which a local attacker could view contacts from the lock screen due to inadequate state management. The Apple documentation for iOS 15.1 and iPadOS 15.1 describes this as a local-elevation/information-d...
CVE-2021-30875
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1. A local attacker may be able to view contacts from the lock screen...
CVE-2021-30874
CVE-2021-30874 affects Apple iOS/iPadOS 15 where an authorization issue in NetworkExtension could allow a VPN configuration to be installed by an app without user permission. Root cause cited as improved state management; fix implemented in iOS 15 / iPadOS 15. Implication: local apps may cause VP...
CVE-2021-30874
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A VPN configuration may be installed by an app without user permission...
CVE-2021-30870
A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. Previewing an html file attached to a note may unexpectedly contact remote servers...