cvelistv5 - cve-2020-27938

CVE-2020-27938 (GCVE-0-2020-27938)

Vulnerability from cvelistv5 – Published: 2021-04-02 17:36 – Updated: 2024-08-04 16:25

Summary

Severity ?

No CVSS data available.

CWE

A malicious application may be able to elevate privileges

Assigner

apple

References

URL

Tags

	https://support.apple.com/en-us/HT212011	x_refsource_MISC
	https://support.apple.com/en-us/HT212147	x_refsource_MISC

Impacted products

Vendor

Product

Version

Apple

macOS

Affected: unspecified , < 11.1 (custom)

Apple

macOS

Affected: unspecified , < 11.2 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:25:43.943Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212011"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212147"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A malicious application may be able to elevate privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-02T17:36:26",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212011"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212147"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-27938",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "11.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "11.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "A malicious application may be able to elevate privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212011",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212011"
            },
            {
              "name": "https://support.apple.com/en-us/HT212147",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212147"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2020-27938",
    "datePublished": "2021-04-02T17:36:26",
    "dateReserved": "2020-10-27T00:00:00",
    "dateUpdated": "2024-08-04T16:25:43.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.2.0\", \"matchCriteriaId\": \"D5D27F1C-453A-4DF2-A60F-C62D278DA6FE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.1.0\", \"matchCriteriaId\": \"21C0E924-5685-42A0-A78C-3330F1D2789D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges.\"}, {\"lang\": \"es\", \"value\": \"Se abord\\u00f3 un problema de l\\u00f3gica con una administraci\\u00f3n de estado mejorada.\u0026#xa0;Este problema es corregido en macOS Big Sur versi\\u00f3n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur versi\\u00f3n 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave.\u0026#xa0;Una aplicaci\\u00f3n maliciosa puede ser capaz de elevar privilegios.\"}]",
      "id": "CVE-2020-27938",
      "lastModified": "2024-11-21T05:22:05.283",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2021-04-02T18:15:16.310",
      "references": "[{\"url\": \"https://support.apple.com/en-us/HT212011\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT212147\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT212011\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT212147\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-27938\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2021-04-02T18:15:16.310\",\"lastModified\":\"2024-11-21T05:22:05.283\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de l\u00f3gica con una administraci\u00f3n de estado mejorada.\u0026#xa0;Este problema es corregido en macOS Big Sur versi\u00f3n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur versi\u00f3n 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave.\u0026#xa0;Una aplicaci\u00f3n maliciosa puede ser capaz de elevar privilegios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2.0\",\"matchCriteriaId\":\"D5D27F1C-453A-4DF2-A60F-C62D278DA6FE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.1.0\",\"matchCriteriaId\":\"21C0E924-5685-42A0-A78C-3330F1D2789D\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT212011\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212147\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212011\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212147\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2020-27938

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-27938

Aliases

CVE-2020-27938

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-27938",
    "description": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges.",
    "id": "GSD-2020-27938"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-27938"
      ],
      "details": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges.",
      "id": "GSD-2020-27938",
      "modified": "2023-12-13T01:22:11.446625Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2020-27938",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "11.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "11.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "A malicious application may be able to elevate privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT212011",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212011"
          },
          {
            "name": "https://support.apple.com/en-us/HT212147",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212147"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-27938"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212011",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212011"
            },
            {
              "name": "https://support.apple.com/en-us/HT212147",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212147"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-04-07T15:16Z",
      "publishedDate": "2021-04-02T18:15Z"
    }
  }
}

FKIE_CVE-2020-27938

Vulnerability from fkie_nvd - Published: 2021-04-02 18:15 - Updated: 2024-11-21 05:22

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/HT212011	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212147	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212011	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212147	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	*
	apple	mac_os_x	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5D27F1C-453A-4DF2-A60F-C62D278DA6FE",
              "versionEndExcluding": "11.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21C0E924-5685-42A0-A78C-3330F1D2789D",
              "versionEndExcluding": "11.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un problema de l\u00f3gica con una administraci\u00f3n de estado mejorada.\u0026#xa0;Este problema es corregido en macOS Big Sur versi\u00f3n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur versi\u00f3n 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave.\u0026#xa0;Una aplicaci\u00f3n maliciosa puede ser capaz de elevar privilegios."
    }
  ],
  "id": "CVE-2020-27938",
  "lastModified": "2024-11-21T05:22:05.283",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-02T18:15:16.310",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212011"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212147"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212147"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2021-AVI-072

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS Catalina sans le correctif de sécurité 2021-001
Apple	Safari	Safari versions antérieures à 14.0.3
Apple	macOS	macOS Big Sur versions antérieures à 11.2
Apple	macOS	macOS Mojave sans le correctif de sécurité 2021-001

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT212152 du 01 février 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212147 du 01 février 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS Catalina sans le correctif de s\u00e9curit\u00e9 2021-001",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 14.0.3",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave sans le correctif de s\u00e9curit\u00e9 2021-001",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-1778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1778"
    },
    {
      "name": "CVE-2021-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1789"
    },
    {
      "name": "CVE-2021-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1762"
    },
    {
      "name": "CVE-2021-1773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1773"
    },
    {
      "name": "CVE-2021-1761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1761"
    },
    {
      "name": "CVE-2019-20838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
    },
    {
      "name": "CVE-2021-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1775"
    },
    {
      "name": "CVE-2020-27937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27937"
    },
    {
      "name": "CVE-2021-1738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1738"
    },
    {
      "name": "CVE-2021-1777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1777"
    },
    {
      "name": "CVE-2021-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1787"
    },
    {
      "name": "CVE-2021-1766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1766"
    },
    {
      "name": "CVE-2021-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1745"
    },
    {
      "name": "CVE-2021-1736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1736"
    },
    {
      "name": "CVE-2021-1764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1764"
    },
    {
      "name": "CVE-2021-1743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1743"
    },
    {
      "name": "CVE-2021-1786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1786"
    },
    {
      "name": "CVE-2021-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1788"
    },
    {
      "name": "CVE-2021-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1737"
    },
    {
      "name": "CVE-2021-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1792"
    },
    {
      "name": "CVE-2020-29614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29614"
    },
    {
      "name": "CVE-2021-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1785"
    },
    {
      "name": "CVE-2021-1818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1818"
    },
    {
      "name": "CVE-2021-1782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1782"
    },
    {
      "name": "CVE-2021-1793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1793"
    },
    {
      "name": "CVE-2020-29633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29633"
    },
    {
      "name": "CVE-2021-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1751"
    },
    {
      "name": "CVE-2021-1797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1797"
    },
    {
      "name": "CVE-2020-29608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29608"
    },
    {
      "name": "CVE-2021-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1791"
    },
    {
      "name": "CVE-2021-1871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1871"
    },
    {
      "name": "CVE-2021-1801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1801"
    },
    {
      "name": "CVE-2021-1783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1783"
    },
    {
      "name": "CVE-2021-1870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1870"
    },
    {
      "name": "CVE-2020-27938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27938"
    },
    {
      "name": "CVE-2021-1767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1767"
    },
    {
      "name": "CVE-2021-1771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1771"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2021-1802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1802"
    },
    {
      "name": "CVE-2021-1747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1747"
    },
    {
      "name": "CVE-2021-1790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1790"
    },
    {
      "name": "CVE-2021-1765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1765"
    },
    {
      "name": "CVE-2021-1799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1799"
    },
    {
      "name": "CVE-2021-1746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1746"
    },
    {
      "name": "CVE-2021-1754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1754"
    },
    {
      "name": "CVE-2021-1772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1772"
    },
    {
      "name": "CVE-2021-1776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1776"
    },
    {
      "name": "CVE-2021-1753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1753"
    },
    {
      "name": "CVE-2021-1741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1741"
    },
    {
      "name": "CVE-2021-1750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1750"
    },
    {
      "name": "CVE-2021-1744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1744"
    },
    {
      "name": "CVE-2021-1742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1742"
    },
    {
      "name": "CVE-2021-1760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1760"
    },
    {
      "name": "CVE-2020-27904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27904"
    },
    {
      "name": "CVE-2021-1757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1757"
    },
    {
      "name": "CVE-2020-25709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25709"
    },
    {
      "name": "CVE-2020-14155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
    },
    {
      "name": "CVE-2021-1768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1768"
    },
    {
      "name": "CVE-2021-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1774"
    },
    {
      "name": "CVE-2021-1769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1769"
    },
    {
      "name": "CVE-2021-1759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1759"
    },
    {
      "name": "CVE-2021-1763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1763"
    },
    {
      "name": "CVE-2021-1779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1779"
    },
    {
      "name": "CVE-2021-1758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1758"
    },
    {
      "name": "CVE-2020-27945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27945"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-072",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212152 du 01 f\u00e9vrier 2021",
      "url": "https://support.apple.com/fr-fr/HT212152"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212147 du 01 f\u00e9vrier 2021",
      "url": "https://support.apple.com/fr-fr/HT212147"
    }
  ]
}

CERTFR-2021-AVI-072

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS Catalina sans le correctif de sécurité 2021-001
Apple	Safari	Safari versions antérieures à 14.0.3
Apple	macOS	macOS Big Sur versions antérieures à 11.2
Apple	macOS	macOS Mojave sans le correctif de sécurité 2021-001

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT212152 du 01 février 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212147 du 01 février 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS Catalina sans le correctif de s\u00e9curit\u00e9 2021-001",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 14.0.3",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave sans le correctif de s\u00e9curit\u00e9 2021-001",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-1778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1778"
    },
    {
      "name": "CVE-2021-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1789"
    },
    {
      "name": "CVE-2021-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1762"
    },
    {
      "name": "CVE-2021-1773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1773"
    },
    {
      "name": "CVE-2021-1761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1761"
    },
    {
      "name": "CVE-2019-20838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
    },
    {
      "name": "CVE-2021-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1775"
    },
    {
      "name": "CVE-2020-27937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27937"
    },
    {
      "name": "CVE-2021-1738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1738"
    },
    {
      "name": "CVE-2021-1777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1777"
    },
    {
      "name": "CVE-2021-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1787"
    },
    {
      "name": "CVE-2021-1766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1766"
    },
    {
      "name": "CVE-2021-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1745"
    },
    {
      "name": "CVE-2021-1736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1736"
    },
    {
      "name": "CVE-2021-1764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1764"
    },
    {
      "name": "CVE-2021-1743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1743"
    },
    {
      "name": "CVE-2021-1786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1786"
    },
    {
      "name": "CVE-2021-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1788"
    },
    {
      "name": "CVE-2021-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1737"
    },
    {
      "name": "CVE-2021-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1792"
    },
    {
      "name": "CVE-2020-29614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29614"
    },
    {
      "name": "CVE-2021-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1785"
    },
    {
      "name": "CVE-2021-1818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1818"
    },
    {
      "name": "CVE-2021-1782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1782"
    },
    {
      "name": "CVE-2021-1793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1793"
    },
    {
      "name": "CVE-2020-29633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29633"
    },
    {
      "name": "CVE-2021-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1751"
    },
    {
      "name": "CVE-2021-1797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1797"
    },
    {
      "name": "CVE-2020-29608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29608"
    },
    {
      "name": "CVE-2021-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1791"
    },
    {
      "name": "CVE-2021-1871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1871"
    },
    {
      "name": "CVE-2021-1801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1801"
    },
    {
      "name": "CVE-2021-1783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1783"
    },
    {
      "name": "CVE-2021-1870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1870"
    },
    {
      "name": "CVE-2020-27938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27938"
    },
    {
      "name": "CVE-2021-1767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1767"
    },
    {
      "name": "CVE-2021-1771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1771"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2021-1802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1802"
    },
    {
      "name": "CVE-2021-1747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1747"
    },
    {
      "name": "CVE-2021-1790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1790"
    },
    {
      "name": "CVE-2021-1765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1765"
    },
    {
      "name": "CVE-2021-1799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1799"
    },
    {
      "name": "CVE-2021-1746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1746"
    },
    {
      "name": "CVE-2021-1754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1754"
    },
    {
      "name": "CVE-2021-1772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1772"
    },
    {
      "name": "CVE-2021-1776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1776"
    },
    {
      "name": "CVE-2021-1753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1753"
    },
    {
      "name": "CVE-2021-1741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1741"
    },
    {
      "name": "CVE-2021-1750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1750"
    },
    {
      "name": "CVE-2021-1744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1744"
    },
    {
      "name": "CVE-2021-1742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1742"
    },
    {
      "name": "CVE-2021-1760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1760"
    },
    {
      "name": "CVE-2020-27904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27904"
    },
    {
      "name": "CVE-2021-1757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1757"
    },
    {
      "name": "CVE-2020-25709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25709"
    },
    {
      "name": "CVE-2020-14155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
    },
    {
      "name": "CVE-2021-1768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1768"
    },
    {
      "name": "CVE-2021-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1774"
    },
    {
      "name": "CVE-2021-1769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1769"
    },
    {
      "name": "CVE-2021-1759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1759"
    },
    {
      "name": "CVE-2021-1763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1763"
    },
    {
      "name": "CVE-2021-1779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1779"
    },
    {
      "name": "CVE-2021-1758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1758"
    },
    {
      "name": "CVE-2020-27945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27945"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-072",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212152 du 01 f\u00e9vrier 2021",
      "url": "https://support.apple.com/fr-fr/HT212152"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212147 du 01 f\u00e9vrier 2021",
      "url": "https://support.apple.com/fr-fr/HT212147"
    }
  ]
}

VAR-202104-0178

Vulnerability from variot - Updated: 2023-12-18 11:26

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges. macOS Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple Power Management is a power management program for Apple devices of Apple Inc. in the United States. A security vulnerability exists in Apple Power Management that could allow a local application to escalate privileges on the system. The following products and versions are affected: macOS: 10.3, 10.12.4, 10.12.5, 10.12.6, 10.12.6.2, 10.13, 10.13.1, 10.13.2, 10.13.3, 10.13.4, 10.13.5, 10.13 .6, 10.14, 10.14.1, 10.14.2, 10.14.3, 10.14.4, 10.14.5, 10.14.6, 10.15, 10.15 SU1, 10.15.1, 10.15.2, 10.15.3, 10.15.4, 10.15.4 SU1, 10.15.5, 10.15.5 SU1, 10.15.6, 10.15.6 SU1, 10.15.7, 10.15.7 SU1. Information about the security content is also available at https://support.apple.com/HT212147. CVE-2021-1761: Cees Elzinga

APFS Available for: macOS Big Sur 11.0.1 Impact: A local user may be able to read arbitrary files Description: The issue was addressed with improved permissions logic. CVE-2021-1797: Thomas Tempelmann

CFNetwork Cache Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team

CoreAnimation Available for: macOS Big Sur 11.0.1 Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed with improved state management. CVE-2021-1760: @S0rryMybad of 360 Vulcan Team

CoreAudio Available for: macOS Big Sur 11.0.1 Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab

CoreGraphics Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1776: Ivan Fratric of Google Project Zero

CoreMedia Available for: macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT

CoreText Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-1772: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative

CoreText Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative

Crash Reporter Available for: macOS Catalina 10.15.7 Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2021-1802: Zhongcheng Li (@CK01) from WPS Security Response Center

FairPlay Available for: macOS Big Sur 11.0.1 Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative

FontParser Available for: macOS Catalina 10.15.7 Impact: Processing a maliciously crafted font may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1790: Peter Nguyen Vu Hoang of STAR Labs

FontParser Available for: macOS Mojave 10.14.6 Impact: Processing a maliciously crafted font may lead to arbitrary code execution Description: This issue was addressed by removing the vulnerable code. CVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro

FontParser Available for: macOS Mojave 10.14.6 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab

FontParser Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7 Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1758: Peter Nguyen of STAR Labs

ImageIO Available for: macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An access issue was addressed with improved memory management. CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab

ImageIO Available for: macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1743: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative, Xingwei Lin of Ant Security Light- Year Lab

ImageIO Available for: macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted image may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab

ImageIO Available for: macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted image may lead to a denial of service Description: An out-of-bounds read issue existed in the curl. CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab

ImageIO Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1766: Danny Rosseau of Carve Systems

ImageIO Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab

ImageIO Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1742: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1746: Mickey Jin & Qi Sun of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1754: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1774: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1777: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab

ImageIO Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1737: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1738: Lei Sun CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab

IOKit Available for: macOS Big Sur 11.0.1 Impact: An application may be able to execute arbitrary code with system privileges Description: A logic error in kext loading was addressed with improved state handling. CVE-2021-1779: Csaba Fitzl (@theevilbit) of Offensive Security

IOSkywalkFamily Available for: macOS Big Sur 11.0.1 Impact: A local attacker may be able to elevate their privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1757: Pan ZhenPeng (@Peterpan0927) of Alibaba Security, Proteas

Kernel Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue existed resulting in memory corruption. CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

Kernel Available for: macOS Big Sur 11.0.1 Impact: A remote attacker may be able to cause a denial of service Description: A use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1782: an anonymous researcher

Kernel Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple issues were addressed with improved logic. CVE-2020-29633: Jewel Lambert of Original Spin, LLC. CVE-2021-1771: Shreyas Ranganatha (@strawsnoceans)

Model I/O Available for: macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1762: Mickey Jin of Trend Micro

Model I/O Available for: macOS Catalina 10.15.7 Impact: Processing a maliciously crafted file may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2020-29614: ZhiWei Sun (@5n1p3r0010) from Topsec Alpha Lab

Model I/O Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-1763: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative

Model I/O Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted image may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative

Model I/O Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative

Model I/O Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1753: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative

Model I/O Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative

NetFSFramework Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan

Screen Sharing Available for: macOS Big Sur 11.0.1 Impact: Multiple issues in pcre Description: Multiple issues were addressed by updating to version 8.44. CVE-2019-20838 CVE-2020-14155

SQLite Available for: macOS Catalina 10.15.7 Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating SQLite to version 3.32.3. CVE-2020-15358

Swift Available for: macOS Big Sur 11.0.1 Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved validation. CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs

WebKit Available for: macOS Big Sur 11.0.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1788: Francisco Alonso (@revskills)

WebKit Available for: macOS Big Sur 11.0.1 Impact: Maliciously crafted web content may violate iframe sandboxing policy Description: This issue was addressed with improved iframe sandbox enforcement. CVE-2021-1765: Eliya Stein of Confiant CVE-2021-1801: Eliya Stein of Confiant

WebKit Available for: macOS Big Sur 11.0.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-1789: @S0rryMybad of 360 Vulcan Team

WebKit Available for: macOS Big Sur 11.0.1 Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1871: an anonymous researcher CVE-2021-1870: an anonymous researcher

WebRTC Available for: macOS Big Sur 11.0.1 Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed with additional port validation. CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar

Additional recognition

Kernel We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of Trend Micro for their assistance.

libpthread We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance.

Mail Drafts We would like to acknowledge Jon Bottarini of HackerOne for their assistance.

Screen Sharing Server We would like to acknowledge @gorelics for their assistance.

WebRTC We would like to acknowledge Philipp Hancke for their assistance.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgrkACgkQZcsbuWJ6 jjATvhAAmcspGY8ZHJcSUGr9mysz5iT9oGkZcvFa8kcJsFAvFb9Wjz0M2eovBXQc D9bD7LrUpodiqkSobB4bEevpD9P8E/T/eRSBxjomKLv5DKHPT4eh/K2EU6R6ubVi GGNlT9DJrIxcTJIB2y/yfs8msV2w2/gZDLKJZP4Zh6t8G1sjI17iEaxpOph67aq2 X0d+P7+7q1mUBa47JEQ+HIUNlfHtBL825cnmHD2Vn1WELQLKZfXBl+nPM9l9naRc 3vYIvR7xJ5c4bqFx7N9xwGdQ5TRIoDijqADwggGwOZEiVZ7PWifj/iCLUz4Ks4hr oGVE1UxN1oSX63D44ZQyfiyIWIiMtDV9V4J6mUoUnZ6RTTMoRRAF9DcSVF5/wmHk odYnMeouHc543ZyVBtdtwJ/tbuBvTOjzpNn0+UgiyRL9wG/xxQq+gB4vwgSEviek bBhyvdxLVWW0ULwFeN5rI5bCQBkv6BB9OSyhD6sMRrp59NAgBBS2nstZG1RAt7XL 2KZ1GpoNcuDRLj7ElxAfeJuPM1dFVTK48SH56M1FElz/QowZVOXyKgUoaeVTUyAC 3WOACmFAosFIclCbr8z8yGynX2bsCGBNKv4pKoHlyZCyFHCQw9L6uR2gRkOp86+M iqHtE2L1WUZvUMCIKxfdixILEfoacSVCxr3+v4SSDOcEbSDYEIA= =mUkG -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0178",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.2.0"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.1.0"
      },
      {
        "model": "apple mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "apple mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "11.2.0"
      },
      {
        "model": "apple mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "11.1.0"
      },
      {
        "model": "apple mac os x",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-017317"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27938"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-27938"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "161245"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-123"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-27938",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2020-27938",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-372049",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-27938",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-27938",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-123",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-372049",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-27938",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372049"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-27938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-017317"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27938"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-123"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges. macOS Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple Power Management is a power management program for Apple devices of Apple Inc. in the United States. A security vulnerability exists in Apple Power Management that could allow a local application to escalate privileges on the system. The following products and versions are affected: macOS: 10.3, 10.12.4, 10.12.5, 10.12.6, 10.12.6.2, 10.13, 10.13.1, 10.13.2, 10.13.3, 10.13.4, 10.13.5, 10.13 .6, 10.14, 10.14.1, 10.14.2, 10.14.3, 10.14.4, 10.14.5, 10.14.6, 10.15, 10.15 SU1, 10.15.1, 10.15.2, 10.15.3, 10.15.4, 10.15.4 SU1, 10.15.5, 10.15.5 SU1, 10.15.6, 10.15.6 SU1, 10.15.7, 10.15.7 SU1. Information\nabout the security content is also available at\nhttps://support.apple.com/HT212147. \nCVE-2021-1761: Cees Elzinga\n\nAPFS\nAvailable for: macOS Big Sur 11.0.1\nImpact: A local user may be able to read arbitrary files\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1797: Thomas Tempelmann\n\nCFNetwork Cache\nAvailable for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team\n\nCoreAnimation\nAvailable for: macOS Big Sur 11.0.1\nImpact: A malicious application could execute arbitrary code leading\nto compromise of user information\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-1760: @S0rryMybad of 360 Vulcan Team\n\nCoreAudio\nAvailable for: macOS Big Sur 11.0.1\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab\n\nCoreGraphics\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1776: Ivan Fratric of Google Project Zero\n\nCoreMedia\nAvailable for: macOS Big Sur 11.0.1\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT\n\nCoreText\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A stack overflow was addressed with improved input\nvalidation. \nCVE-2021-1772: Mickey Jin of Trend Micro working with Trend Micro\u2019s\nZero Day Initiative\n\nCoreText\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1792: Mickey Jin \u0026 Junzhi Lu of Trend Micro working with\nTrend Micro\u2019s Zero Day Initiative\n\nCrash Reporter\nAvailable for: macOS Catalina 10.15.7\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2021-1802: Zhongcheng Li (@CK01) from WPS Security Response\nCenter\n\nFairPlay\nAvailable for: macOS Big Sur 11.0.1\nImpact: A malicious application may be able to disclose kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. \nCVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun \u0026 Mickey Jin of Trend\nMicro working with Trend Micro\u2019s Zero Day Initiative\n\nFontParser\nAvailable for: macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted font may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1790: Peter Nguyen Vu Hoang of STAR Labs\n\nFontParser\nAvailable for: macOS Mojave 10.14.6\nImpact: Processing a maliciously crafted font may lead to arbitrary\ncode execution\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro\n\nFontParser\nAvailable for: macOS Mojave 10.14.6\nImpact: A remote attacker may be able to leak memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab\n\nFontParser\nAvailable for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1758: Peter Nguyen of STAR Labs\n\nImageIO\nAvailable for: macOS Big Sur 11.0.1\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An access issue was addressed with improved memory\nmanagement. \nCVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab\n\nImageIO\nAvailable for: macOS Big Sur 11.0.1\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1743: Mickey Jin \u0026 Junzhi Lu of Trend Micro working with\nTrend Micro\u2019s Zero Day Initiative, Xingwei Lin of Ant Security Light-\nYear Lab\n\nImageIO\nAvailable for: macOS Big Sur 11.0.1\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab\n\nImageIO\nAvailable for: macOS Big Sur 11.0.1\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: An out-of-bounds read issue existed in the curl. \nCVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab\n\nImageIO\nAvailable for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1766: Danny Rosseau of Carve Systems\n\nImageIO\nAvailable for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab\n\nImageIO\nAvailable for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-1742: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1746: Mickey Jin \u0026 Qi Sun of Trend Micro, Xingwei Lin of Ant\nSecurity Light-Year Lab\nCVE-2021-1754: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1774: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1777: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab\n\nImageIO\nAvailable for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1737: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1738: Lei Sun\nCVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab\n\nIOKit\nAvailable for: macOS Big Sur 11.0.1\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A logic error in kext loading was addressed with\nimproved state handling. \nCVE-2021-1779: Csaba Fitzl (@theevilbit) of Offensive Security\n\nIOSkywalkFamily\nAvailable for: macOS Big Sur 11.0.1\nImpact: A local attacker may be able to elevate their privileges\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1757: Pan ZhenPeng (@Peterpan0927) of Alibaba Security,\nProteas\n\nKernel\nAvailable for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue existed resulting in memory corruption. \nCVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nKernel\nAvailable for: macOS Big Sur 11.0.1\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A use after free issue was addressed with improved\nmemory management. \nApple is aware of a report that this issue may have been actively\nexploited. \nCVE-2021-1782: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple issues were addressed with improved logic. \nCVE-2020-29633: Jewel Lambert of Original Spin, LLC. \nCVE-2021-1771: Shreyas Ranganatha (@strawsnoceans)\n\nModel I/O\nAvailable for: macOS Big Sur 11.0.1\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1762: Mickey Jin of Trend Micro\n\nModel I/O\nAvailable for: macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted file may lead to heap\ncorruption\nDescription: This issue was addressed with improved checks. \nCVE-2020-29614: ZhiWei Sun (@5n1p3r0010) from Topsec Alpha Lab\n\nModel I/O\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-1763: Mickey Jin of Trend Micro working with Trend Micro\u2019s\nZero Day Initiative\n\nModel I/O\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: This issue was addressed with improved checks. \nCVE-2021-1767: Mickey Jin \u0026 Junzhi Lu of Trend Micro working with\nTrend Micro\u2019s Zero Day Initiative\n\nModel I/O\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1745: Mickey Jin \u0026 Junzhi Lu of Trend Micro working with\nTrend Micro\u2019s Zero Day Initiative\n\nModel I/O\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1753: Mickey Jin of Trend Micro working with Trend Micro\u2019s\nZero Day Initiative\n\nModel I/O\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1768: Mickey Jin \u0026 Junzhi Lu of Trend Micro working with\nTrend Micro\u2019s Zero Day Initiative\n\nNetFSFramework\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan\n\nScreen Sharing\nAvailable for: macOS Big Sur 11.0.1\nImpact: Multiple issues in pcre\nDescription: Multiple issues were addressed by updating to version\n8.44. \nCVE-2019-20838\nCVE-2020-14155\n\nSQLite\nAvailable for: macOS Catalina 10.15.7\nImpact: Multiple issues in SQLite\nDescription: Multiple issues were addressed by updating SQLite to\nversion 3.32.3. \nCVE-2020-15358\n\nSwift\nAvailable for: macOS Big Sur 11.0.1\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs\n\nWebKit\nAvailable for: macOS Big Sur 11.0.1\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1788: Francisco Alonso (@revskills)\n\nWebKit\nAvailable for: macOS Big Sur 11.0.1\nImpact: Maliciously crafted web content may violate iframe sandboxing\npolicy\nDescription: This issue was addressed with improved iframe sandbox\nenforcement. \nCVE-2021-1765: Eliya Stein of Confiant\nCVE-2021-1801: Eliya Stein of Confiant\n\nWebKit\nAvailable for: macOS Big Sur 11.0.1\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-1789: @S0rryMybad of 360 Vulcan Team\n\nWebKit\nAvailable for: macOS Big Sur 11.0.1\nImpact: A remote attacker may be able to cause arbitrary code\nexecution. Apple is aware of a report that this issue may have been\nactively exploited. \nCVE-2021-1871: an anonymous researcher\nCVE-2021-1870: an anonymous researcher\n\nWebRTC\nAvailable for: macOS Big Sur 11.0.1\nImpact: A malicious website may be able to access restricted ports on\narbitrary servers\nDescription: A port redirection issue was addressed with additional\nport validation. \nCVE-2021-1799: Gregory Vishnepolsky \u0026 Ben Seri of Armis Security, and\nSamy Kamkar\n\nAdditional recognition\n\nKernel\nWe would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin \u0026 Jesse\nChange of Trend Micro for their assistance. \n\nlibpthread\nWe would like to acknowledge CodeColorist of Ant-Financial Light-Year\nLabs for their assistance. \n\nLogin Window\nWe would like to acknowledge Jose Moises Romero-Villanueva of\nCrySolve for their assistance. \n\nMail Drafts\nWe would like to acknowledge Jon Bottarini of HackerOne for their\nassistance. \n\nScreen Sharing Server\nWe would like to acknowledge @gorelics for their assistance. \n\nWebRTC\nWe would like to acknowledge Philipp Hancke for their assistance. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgrkACgkQZcsbuWJ6\njjATvhAAmcspGY8ZHJcSUGr9mysz5iT9oGkZcvFa8kcJsFAvFb9Wjz0M2eovBXQc\nD9bD7LrUpodiqkSobB4bEevpD9P8E/T/eRSBxjomKLv5DKHPT4eh/K2EU6R6ubVi\nGGNlT9DJrIxcTJIB2y/yfs8msV2w2/gZDLKJZP4Zh6t8G1sjI17iEaxpOph67aq2\nX0d+P7+7q1mUBa47JEQ+HIUNlfHtBL825cnmHD2Vn1WELQLKZfXBl+nPM9l9naRc\n3vYIvR7xJ5c4bqFx7N9xwGdQ5TRIoDijqADwggGwOZEiVZ7PWifj/iCLUz4Ks4hr\noGVE1UxN1oSX63D44ZQyfiyIWIiMtDV9V4J6mUoUnZ6RTTMoRRAF9DcSVF5/wmHk\nodYnMeouHc543ZyVBtdtwJ/tbuBvTOjzpNn0+UgiyRL9wG/xxQq+gB4vwgSEviek\nbBhyvdxLVWW0ULwFeN5rI5bCQBkv6BB9OSyhD6sMRrp59NAgBBS2nstZG1RAt7XL\n2KZ1GpoNcuDRLj7ElxAfeJuPM1dFVTK48SH56M1FElz/QowZVOXyKgUoaeVTUyAC\n3WOACmFAosFIclCbr8z8yGynX2bsCGBNKv4pKoHlyZCyFHCQw9L6uR2gRkOp86+M\niqHtE2L1WUZvUMCIKxfdixILEfoacSVCxr3+v4SSDOcEbSDYEIA=\n=mUkG\n-----END PGP SIGNATURE-----\n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-27938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-017317"
      },
      {
        "db": "VULHUB",
        "id": "VHN-372049"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-27938"
      },
      {
        "db": "PACKETSTORM",
        "id": "161245"
      }
    ],
    "trust": 1.89
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-372049",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372049"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-27938",
        "trust": 3.5
      },
      {
        "db": "PACKETSTORM",
        "id": "161245",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95288122",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-017317",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0349",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-123",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-372049",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-27938",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372049"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-27938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-017317"
      },
      {
        "db": "PACKETSTORM",
        "id": "161245"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27938"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-123"
      }
    ]
  },
  "id": "VAR-202104-0178",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372049"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:26:55.341000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT212011 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht212011"
      },
      {
        "title": "Apple Power Management Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=140335"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-017317"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-123"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-269",
        "trust": 1.1
      },
      {
        "problemtype": "Improper authority management (CWE-269) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372049"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-017317"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27938"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212011"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212147"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27938"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95288122/index.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-34452"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161245/apple-security-advisory-2021-02-01-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0349/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/269.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://seclists.org/fulldisclosure/2021/feb/14"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1742"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1757"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1753"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1751"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27945"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1744"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212147."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29633"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1737"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1754"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27904"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29608"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1745"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1743"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1758"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27937"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29614"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1746"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1747"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1741"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372049"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-27938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-017317"
      },
      {
        "db": "PACKETSTORM",
        "id": "161245"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27938"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-123"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-372049"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-27938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-017317"
      },
      {
        "db": "PACKETSTORM",
        "id": "161245"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27938"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-123"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-372049"
      },
      {
        "date": "2021-04-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-27938"
      },
      {
        "date": "2022-09-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-017317"
      },
      {
        "date": "2021-02-02T16:06:51",
        "db": "PACKETSTORM",
        "id": "161245"
      },
      {
        "date": "2021-04-02T18:15:16.310000",
        "db": "NVD",
        "id": "CVE-2020-27938"
      },
      {
        "date": "2021-02-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-123"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-04-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-372049"
      },
      {
        "date": "2021-04-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-27938"
      },
      {
        "date": "2022-09-07T06:54:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-017317"
      },
      {
        "date": "2021-04-07T15:16:00.217000",
        "db": "NVD",
        "id": "CVE-2020-27938"
      },
      {
        "date": "2021-04-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-123"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-123"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "macOS\u00a0 Vulnerability in privilege management in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-017317"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-123"
      }
    ],
    "trust": 0.6
  }
}

GHSA-V3Q2-56H4-5753

Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-05-24 17:46

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-27938"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-02T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges.",
  "id": "GHSA-v3q2-56h4-5753",
  "modified": "2022-05-24T17:46:10Z",
  "published": "2022-05-24T17:46:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27938"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212011"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212147"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-27938 (GCVE-0-2020-27938)

GSD-2020-27938

FKIE_CVE-2020-27938

CERTFR-2021-AVI-072

Solution

CERTFR-2021-AVI-072

Solution

VAR-202104-0178

GHSA-V3Q2-56H4-5753

Tags

Sightings

Nomenclature