Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-30884: About the security content of iOS 15 and iPadOS 15

The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user’s browsing history.

CVE
#web#ios

Related news

CVE-2021-1821: About the security content of watchOS 7.6

A logic issue was addressed with improved state management. This issue is fixed in watchOS 7.6, macOS Big Sur 11.5. Visiting a maliciously crafted webpage may lead to a system denial of service.

CVE-2021-30816: About the security content of iOS 15 and iPadOS 15

The issue was addressed with improved permissions logic. This issue is fixed in iOS 15 and iPadOS 15. An attacker with physical access to a device may be able to see private contact information.

CVE-2021-30808: About the security content of watchOS 8

This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A malicious application may be able to modify protected parts of the file system.

CVE-2021-30823: About the security content of watchOS 8

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS.

CVE-2020-9897: About the security content of iOS 14.2 and iPadOS 14.2

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary code execution.

CVE-2021-30838: About the security content of iOS 15 and iPadOS 15

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to execute arbitrary code with system privileges on devices with an Apple Neural Engine.

CVE-2021-37414: Vulnerability: Improper Authorization Handling

Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication.

CVE-2021-37414: Vulnerability: Improper Authorization Handling

Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior allows anyone to get a valid user's APIKEY without authentication.

CVE-2021-1874: About the security content of iOS 14.5 and iPadOS 14.5

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to execute arbitrary code with kernel privileges.

CVE-2021-1882: About the security content of iOS 14.5 and iPadOS 14.5

A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to gain elevated privileges.

CVE-2021-30682: About the security content of macOS Big Sur 11.4

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information.

CVE-2021-1812: About the security content of iOS 14.5 and iPadOS 14.5

A logic issue was addressed with improved validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to execute arbitrary code with system privileges.

CVE-2021-1849: About the security content of iOS 14.5 and iPadOS 14.5

An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to bypass Privacy preferences.

CVE-2021-1872: About the security content of iOS 14.5 and iPadOS 14.5

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. Muting a CallKit call while ringing may not result in mute being enabled.

CVE-2021-30660: About the security content of iOS 14.5 and iPadOS 14.5

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to disclose kernel memory.

CVE-2021-1867: About the security content of iOS 14.5 and iPadOS 14.5

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, macOS Big Sur 11.3. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2021-30802: About the security content of tvOS 14.7

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2021-30866: About the security content of iOS 15 and iPadOS 15

A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A device may be passively tracked by its WiFi MAC address.

CVE-2021-30870: About the security content of iOS 15 and iPadOS 15

A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. Previewing an html file attached to a note may unexpectedly contact remote servers.

CVE-2021-30854: About the security content of iOS 15 and iPadOS 15

A logic issue was addressed with improved state management. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A sandboxed process may be able to circumvent sandbox restrictions.

CVE-2021-30858: About the security content of iOS 14.8 and iPadOS 14.8

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVE-2021-30874: About the security content of iOS 15 and iPadOS 15

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A VPN configuration may be installed by an app without user permission.

CVE-2021-30882: About the security content of iOS 15 and iPadOS 15

A logic issue was addressed with improved validation. This issue is fixed in watchOS 8, iOS 15 and iPadOS 15. An application with microphone permission may unexpectedly access microphone input during a FaceTime call.

CVE-2021-30918: About the security content of iOS 14.8.1 and iPadOS 14.8.1

A Lock Screen issue was addressed with improved state management. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.0.1 and iPadOS 15.0.1. A user may be able to view restricted content from the Lock Screen.

CVE-2021-30875: About the security content of iOS 15.1 and iPadOS 15.1

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1. A local attacker may be able to view contacts from the lock screen.

CVE-2021-30867: About the security content of iOS 15 and iPadOS 15

The issue was addressed with improved authentication. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to access photo metadata without needing permission to access photos.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907