Lucene search

Macos Security Vulnerabilities - July

cve

CVE-2021-30957

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted audio file may lead to arbitrary code execution.

7.8CVSS

7.9AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30958

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Playing a malicious audio file may lead to arbitrary code execution.

7.8CVSS

7.6AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30959

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.

5.5CVSS

6AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30960

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.

5.5CVSS

5.9AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30961

5.5CVSS

6AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30962

A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.

5.5CVSS

5.6AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30963

5.5CVSS

6AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30964

An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences.

5.5CVSS

5.5AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30965

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to cause a denial of service to Endpoint Security clients.

6.5CVSS

6AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30966

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly be leaked to a proxy server despite PAC configurations.

7.5CVSS

6.7AI Score

0.002EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30968

A validation issue related to hard link behavior was addressed with improved sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to bypass cer...

5.5CVSS

5.5AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30969

A path handling issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk.

7.8CVSS

7.2AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30970

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy preferences.

5.5CVSS

5.4AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30971

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitr...

7.8CVSS

7.8AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30972

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-001 Catalina, macOS Big Sur 11.6.3. A malicious application may be able to bypass certain Privacy preferences.

5.5CVSS

5.6AI Score

0.0005EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30973

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted file may disclose user information.

5.5CVSS

5.5AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30975

This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restriction...

8.6CVSS

7.9AI Score

0.002EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30976

5.5CVSS

5.7AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30977

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code with kernel privileges.

7.8CVSS

7.8AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30979

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary c...

7.8CVSS

7.9AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30980

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to execute arbitrary code with kernel privileges.

7.8CVSS

7.7AI Score

0.0004EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30981

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges.

7.8CVSS

7.8AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30982

A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A remote attacker may be able to cause unexpected application termination or heap corruption.

5.9CVSS

6.1AI Score

0.006EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30984

A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

7.5CVSS

7.9AI Score

0.007EPSS

2021-08-24 07:15 PM

142

cve

CVE-2021-30986

A device configuration issue was addressed with an updated configuration. This issue is fixed in macOS Monterey 12.1. A device may be passively tracked by its Bluetooth MAC address.

5.5CVSS

5.9AI Score

0.0004EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30987

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.1. A device may be passively tracked via BSSIDs.

5.5CVSS

5.6AI Score

0.0004EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30990

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks.

5.5CVSS

5.7AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30993

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. An attacker in a privileged network position may be able to execute arbitrary code.

8.1CVSS

7.6AI Score

0.005EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30994

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs.

3.3CVSS

4.1AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30995

A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to elevate privileges.

7CVSS

6.3AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-30996

A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges.

7CVSS

7.1AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-31000

A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact information.

3.3CVSS

4.2AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-31002

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code with system privileges.

7.8CVSS

7.6AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-31004

A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.5. An application may be able to gain elevated privileges.

7CVSS

6.8AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-31005

Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, macOS Monterey 12.0.1. Turning off "Block all remote content" may not apply to all remote content types.

7.5CVSS

6.7AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-31006

Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privacy preferences.

5.5CVSS

5.6AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-31007

Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. A malicious application may be able to bypass Privacy preferences.

5.5CVSS

5.3AI Score

0.001EPSS

2021-08-24 07:15 PM

cve

CVE-2021-31008

A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 15.1, tvOS 15.1, iOS 15 and iPadOS 15, macOS Monterey 12.0.1, watchOS 8.1. Processing maliciously crafted web content may lead to code execution.

8.8CVSS

7.9AI Score

0.005EPSS

2021-08-24 07:15 PM

cve

CVE-2021-31009

Multiple issues were addressed by removing HDF5. This issue is fixed in iOS 15.2 and iPadOS 15.2, macOS Monterey 12.1. Multiple issues in HDF5.

9.8CVSS

8.6AI Score

0.003EPSS

2021-08-24 07:15 PM

cve

CVE-2021-31010

A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that ...

7.5CVSS

6.7AI Score

0.004EPSS

2021-08-24 07:15 PM

602

In Wild

cve

CVE-2021-31013

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. Processing a maliciously crafted font may result in the disclosure of process memory.

5.5CVSS

5.4AI Score

0.0005EPSS

2021-08-24 07:15 PM

cve

CVE-2021-36690

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed...

7.5CVSS

7.6AI Score

0.004EPSS

2021-08-24 02:15 PM

141

cve

CVE-2021-36976

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

6.5CVSS

6.8AI Score

0.005EPSS

2021-07-20 07:15 AM

207

cve

CVE-2021-39537

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

8.8CVSS

8.5AI Score

0.008EPSS

2021-09-20 04:15 PM

176

cve

CVE-2021-4136

vim is vulnerable to Heap-based Buffer Overflow

7.8CVSS

7.5AI Score

0.001EPSS

2021-12-19 05:15 PM

156

cve

CVE-2021-4166

vim is vulnerable to Out-of-bounds Read

7.1CVSS

7.9AI Score

0.001EPSS

2021-12-25 07:15 PM

191

cve

CVE-2021-4173

vim is vulnerable to Use After Free

7.8CVSS

7.5AI Score

0.001EPSS

2021-12-27 01:15 PM

137

cve

CVE-2021-4187

vim is vulnerable to Use After Free

7.8CVSS

7.5AI Score

0.001EPSS

2021-12-29 05:15 PM

140

cve

CVE-2021-4192

vim is vulnerable to Use After Free

7.8CVSS

8.2AI Score

0.002EPSS

2021-12-31 03:15 PM

241

cve

CVE-2021-4193

vim is vulnerable to Out-of-bounds Read

5.5CVSS

6.9AI Score

0.001EPSS

2021-12-31 04:15 PM

225

Total number of security vulnerabilities2282