Total
1381 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-1885 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
CVE-2021-30664 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution. | |||||
CVE-2021-1820 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. | |||||
CVE-2021-1739 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system. | |||||
CVE-2021-1881 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted font file may lead to arbitrary code execution. | |||||
CVE-2021-1825 | 1 Apple | 8 Icloud, Ipados, Iphone Os and 5 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. | |||||
CVE-2017-13880 | 1 Apple | 2 Iphone Os, Watchos | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 11.2, watchOS 4.2. An application may be able to execute arbitrary code with kernel privilege. | |||||
CVE-2021-30659 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
A validation issue was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. A malicious application may be able to leak sensitive user information. | |||||
CVE-2022-21658 | 3 Apple, Fedoraproject, Rust-lang | 7 Ipados, Iphone Os, Macos and 4 more | 2024-02-04 | 3.3 LOW | 6.3 MEDIUM |
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability with 1.58.1 containing a patch. Note that the following build targets don't have usable APIs to properly mitigate the attack, and are thus still vulnerable even with a patched toolchain: macOS before version 10.10 (Yosemite) and REDOX. We recommend everyone to update to Rust 1.58.1 as soon as possible, especially people developing programs expected to run in privileged contexts (including system daemons and setuid binaries), as those have the highest risk of being affected by this. Note that adding checks in your codebase before calling remove_dir_all will not mitigate the vulnerability, as they would also be vulnerable to race conditions like remove_dir_all itself. The existing mitigation is working as intended outside of race conditions. | |||||
CVE-2021-1740 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system. | |||||
CVE-2021-1807 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4. A local user may be able to write arbitrary files. | |||||
CVE-2021-30841 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution. | |||||
CVE-2021-1846 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
Processing a maliciously crafted audio file may disclose restricted memory. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds read was addressed with improved input validation. | |||||
CVE-2021-1808 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory. | |||||
CVE-2021-1817 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2021-30685 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Parsing a maliciously crafted audio file may lead to disclosure of user information. | |||||
CVE-2021-1843 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
This issue was addressed with improved checks. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
CVE-2021-1882 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to gain elevated privileges. | |||||
CVE-2021-30767 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local user may be able to modify protected parts of the file system. | |||||
CVE-2018-4302 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution. |