Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:apple:iphone_os:15.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-21658 |
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability with 1.58.1 containing a patch. Note that the following build targets don't have usable APIs to properly mitigate the attack, and are thus still vulnerable even with a patched toolchain: macOS before version 10.10 (Yosemite) and REDOX. We recommend everyone to update to Rust 1.58.1 as soon as possible, especially people developing programs expected to run in privileged contexts (including system daemons and setuid binaries), as those have the highest risk of being affected by this. Note that adding checks in your codebase before calling remove_dir_all will not mitigate the vulnerability, as they would also be vulnerable to race conditions like remove_dir_all itself. The existing mitigation is working as intended outside of race conditions. Published: January 20, 2022; 1:15:07 PM -0500 |
V3.1: 6.3 MEDIUM V2.0: 3.3 LOW |
CVE-2021-30767 |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local user may be able to modify protected parts of the file system. Published: December 23, 2021; 3:15:09 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2021-31013 |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. Processing a maliciously crafted font may result in the disclosure of process memory. Published: August 24, 2021; 3:15:25 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-31009 |
Multiple issues were addressed by removing HDF5. This issue is fixed in iOS 15.2 and iPadOS 15.2, macOS Monterey 12.1. Multiple issues in HDF5. Published: August 24, 2021; 3:15:24 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2021-31007 |
Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. A malicious application may be able to bypass Privacy preferences. Published: August 24, 2021; 3:15:24 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-31000 |
A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact information. Published: August 24, 2021; 3:15:24 PM -0400 |
V3.1: 3.3 LOW V2.0: 4.3 MEDIUM |
CVE-2021-30998 |
A S/MIME issue existed in the handling of encrypted email. This issue was addressed with improved selection of the encryption certificate. This issue is fixed in iOS 15.2 and iPadOS 15.2. A sender's email address may be leaked when sending an S/MIME encrypted email using a certificate with more than one email address. Published: August 24, 2021; 3:15:24 PM -0400 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2021-30997 |
A S/MIME issue existed in the handling of encrypted email. This issue was addressed by not automatically loading some MIME parts. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker may be able to recover plaintext contents of an S/MIME-encrypted e-mail. Published: August 24, 2021; 3:15:24 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-30996 |
A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges. Published: August 24, 2021; 3:15:24 PM -0400 |
V3.1: 7.0 HIGH V2.0: 7.6 HIGH |
CVE-2021-30995 |
A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to elevate privileges. Published: August 24, 2021; 3:15:24 PM -0400 |
V3.1: 7.0 HIGH V2.0: 5.1 MEDIUM |
CVE-2021-30993 |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. An attacker in a privileged network position may be able to execute arbitrary code. Published: August 24, 2021; 3:15:24 PM -0400 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-30992 |
This issue was addressed with improved handling of file metadata. This issue is fixed in iOS 15.2 and iPadOS 15.2. A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata. Published: August 24, 2021; 3:15:23 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 1.9 LOW |
CVE-2021-30991 |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges. Published: August 24, 2021; 3:15:23 PM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2021-30988 |
Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to identify what other applications a user has installed. Published: August 24, 2021; 3:15:23 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-30985 |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges. Published: August 24, 2021; 3:15:23 PM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2021-30984 |
A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. Published: August 24, 2021; 3:15:23 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.1 MEDIUM |
CVE-2021-30983 |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges. Published: August 24, 2021; 3:15:23 PM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2021-30980 |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to execute arbitrary code with kernel privileges. Published: August 24, 2021; 3:15:23 PM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2021-30979 |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. Published: August 24, 2021; 3:15:23 PM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-30973 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted file may disclose user information. Published: August 24, 2021; 3:15:23 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |