var-202108-1057
Vulnerability from variot
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. apple's iPadOS Integer overflow vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Information about the security content is also available at https://support.apple.com/HT212804. CVE-2021-30860: The Citizen Lab
CUPS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A permissions issue existed. CVE-2021-30827: an anonymous researcher Entry added September 20, 2021
CUPS Available for: macOS Big Sur Impact: A local user may be able to read arbitrary files as root Description: This issue was addressed with improved checks. CVE-2021-30828: an anonymous researcher Entry added September 20, 2021
CUPS Available for: macOS Big Sur Impact: A local user may be able to execute arbitrary files Description: A URI parsing issue was addressed with improved parsing. CVE-2021-30829: an anonymous researcher Entry added September 20, 2021
curl Available for: macOS Big Sur Impact: curl could potentially reveal sensitive internal information to the server using a clear-text network protocol Description: A buffer overflow was addressed with improved input validation. CVE-2021-22925 Entry added September 20, 2021
CVMS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro Entry added September 20, 2021
FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab Entry added September 20, 2021
Gatekeeper Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc. CVE-2021-30847: Mike Zhang of Pangu Lab Entry added September 20, 2021
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30830: Zweig of Kunlun Lab Entry added September 20, 2021
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30865: Zweig of Kunlun Lab Entry added September 20, 2021
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab Entry added September 20, 2021
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2021-30859: Apple Entry added September 20, 2021
libexpat Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1. CVE-2013-0340: an anonymous researcher Entry added September 20, 2021
Preferences Available for: macOS Big Sur Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Entry added September 20, 2021
Sandbox Available for: macOS Big Sur Impact: A user may gain access to protected parts of the file system Description: An access issue was addressed with improved access restrictions. CVE-2021-30850: an anonymous researcher Entry added September 20, 2021
SMB Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs Entry added September 20, 2021
SMB Available for: macOS Big Sur Impact: A remote attacker may be able to leak memory Description: A logic issue was addressed with improved state management. CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs Entry added September 20, 2021
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A use after free issue was addressed with improved memory management. CVE-2021-30858: an anonymous researcher
Additional recognition
APFS We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. for their assistance. Entry added September 20, 2021
App Support We would like to acknowledge @CodeColorist, an anonymous researcher for their assistance. Entry added September 20, 2021
CoreML We would like to acknowledge hjy79425575 working with Trend Micro Zero Day Initiative for their assistance. Entry added September 20, 2021
CUPS We would like to acknowledge an anonymous researcher for their assistance. Entry added September 20, 2021
Kernel We would like to acknowledge Anthony Steinhauser of Google's Safeside project for their assistance. Entry added September 20, 2021
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Entry added September 20, 2021
smbx We would like to acknowledge Zhongcheng Li (CK01) for their assistance. Entry added September 20, 2021
Installation note:
This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B +CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4 5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv 4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9 4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3 85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw= =9bjT -----END PGP SIGNATURE-----
. CVE-2021-30869: Erye Hernandez of Google Threat Analysis Group, Clément Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-21
https://security.gentoo.org/
Severity: High Title: Poppler: Arbitrary Code Execution Date: September 29, 2022 Bugs: #867958 ID: 202209-21
Synopsis
A vulnerability has been discovered in Poppler which could allow for arbitrary code execution.
Background
Poppler is a PDF rendering library based on the xpdf-3.0 code base.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/poppler < 22.09.0 >= 22.09.0
Description
Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details.
Workaround
Avoid opening untrusted PDFs.
Resolution
All Poppler users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/poppler-22.09.0"
References
[ 1 ] CVE-2021-30860 https://nvd.nist.gov/vuln/detail/CVE-2021-30860 [ 2 ] CVE-2022-38784 https://nvd.nist.gov/vuln/detail/CVE-2022-38784
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202209-21
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-1057", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mac os x", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "10.15" }, { "model": "mac os x", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "10.15.7" }, { "model": "poppler", "scope": "lt", "trust": 1.0, "vendor": "freedesktop", "version": "22.09.0" }, { "model": "macos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "11.6" }, { "model": "ipados", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "14.8" }, { "model": "iphone os", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "12.5.5" }, { "model": "iphone os", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "xpdf", "scope": "lt", "trust": 1.0, "vendor": "xpdfreader", "version": "4.04" }, { "model": "iphone os", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "14.8" }, { "model": "watchos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "7.6.2" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.15.7" }, { "model": "ipados", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null }, { "model": "xpdf", "scope": null, "trust": 0.8, "vendor": "glyph cog", "version": null }, { "model": "macos", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null }, { "model": "poppler", "scope": null, "trust": 0.8, "vendor": "freedesktop", "version": null }, { "model": "ios", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null }, { "model": "apple mac os x", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null }, { "model": "watchos", "scope": "eq", "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": "7.6.2" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-021228" }, { "db": "NVD", "id": "CVE-2021-30860" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.15.7", "versionStartIncluding": "10.15", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.6.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.8", "versionStartIncluding": "13.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.5.5", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.04", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "22.09.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-30860" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple", "sources": [ { "db": "PACKETSTORM", "id": "164249" }, { "db": "PACKETSTORM", "id": "164246" }, { "db": "PACKETSTORM", "id": "164197" }, { "db": "PACKETSTORM", "id": "164196" }, { "db": "PACKETSTORM", "id": "164194" }, { "db": "PACKETSTORM", "id": "164277" } ], "trust": 0.6 }, "cve": "CVE-2021-30860", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-30860", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-390593", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-30860", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-30860", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202108-2136", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-390593", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-30860", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-390593" }, { "db": "VULMON", "id": "CVE-2021-30860" }, { "db": "JVNDB", "id": "JVNDB-2021-021228" }, { "db": "CNNVD", "id": "CNNVD-202108-2136" }, { "db": "NVD", "id": "CVE-2021-30860" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. apple\u0027s iPadOS Integer overflow vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212804. \nCVE-2021-30860: The Citizen Lab\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A permissions issue existed. \nCVE-2021-30827: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read arbitrary files as root\nDescription: This issue was addressed with improved checks. \nCVE-2021-30828: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local user may be able to execute arbitrary files\nDescription: A URI parsing issue was addressed with improved parsing. \nCVE-2021-30829: an anonymous researcher\nEntry added September 20, 2021\n\ncurl\nAvailable for: macOS Big Sur\nImpact: curl could potentially reveal sensitive internal information\nto the server using a clear-text network protocol\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2021-22925\nEntry added September 20, 2021\n\nCVMS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro\nEntry added September 20, 2021\n\nFontParser\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab\nEntry added September 20, 2021\n\nGatekeeper\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved checks. \nCVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc. \nCVE-2021-30847: Mike Zhang of Pangu Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30830: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30865: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30857: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-30859: Apple\nEntry added September 20, 2021\n\nlibexpat\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed by updating expat to version\n2.4.1. \nCVE-2013-0340: an anonymous researcher\nEntry added September 20, 2021\n\nPreferences\nAvailable for: macOS Big Sur\nImpact: An application may be able to access restricted files\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nEntry added September 20, 2021\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: A user may gain access to protected parts of the file system\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2021-30850: an anonymous researcher\nEntry added September 20, 2021\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs\nEntry added September 20, 2021\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to leak memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs\nEntry added September 20, 2021\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. \nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30858: an anonymous researcher\n\nAdditional recognition\n\nAPFS\nWe would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. \nfor their assistance. \nEntry added September 20, 2021\n\nApp Support\nWe would like to acknowledge @CodeColorist, an anonymous researcher\nfor their assistance. \nEntry added September 20, 2021\n\nCoreML\nWe would like to acknowledge hjy79425575 working with Trend Micro\nZero Day Initiative for their assistance. \nEntry added September 20, 2021\n\nCUPS\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added September 20, 2021\n\nKernel\nWe would like to acknowledge Anthony Steinhauser of Google\u0027s Safeside\nproject for their assistance. \nEntry added September 20, 2021\n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \nEntry added September 20, 2021\n\nsmbx\nWe would like to acknowledge Zhongcheng Li (CK01) for their\nassistance. \nEntry added September 20, 2021\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p\nrhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY\neJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B\n+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4\n5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv\n4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD\nt6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn\nbwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu\nR7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC\nNlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9\n4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3\n85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=\n=9bjT\n-----END PGP SIGNATURE-----\n\n\n\n. \nCVE-2021-30869: Erye Hernandez of Google Threat Analysis Group,\nCl\u00e9ment Lecigne of Google Threat Analysis Group, and Ian Beer of\nGoogle Project Zero\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202209-21\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Poppler: Arbitrary Code Execution\n Date: September 29, 2022\n Bugs: #867958\n ID: 202209-21\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nA vulnerability has been discovered in Poppler which could allow for\narbitrary code execution. \n\nBackground\n=========\nPoppler is a PDF rendering library based on the xpdf-3.0 code base. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-text/poppler \u003c 22.09.0 \u003e= 22.09.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Poppler. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n=========\nAvoid opening untrusted PDFs. \n\nResolution\n=========\nAll Poppler users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-text/poppler-22.09.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30860\n https://nvd.nist.gov/vuln/detail/CVE-2021-30860\n[ 2 ] CVE-2022-38784\n https://nvd.nist.gov/vuln/detail/CVE-2022-38784\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-21\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n", "sources": [ { "db": "NVD", "id": "CVE-2021-30860" }, { "db": "JVNDB", "id": "JVNDB-2021-021228" }, { "db": "VULHUB", "id": "VHN-390593" }, { "db": "VULMON", "id": "CVE-2021-30860" }, { "db": "PACKETSTORM", "id": "164249" }, { "db": "PACKETSTORM", "id": "164246" }, { "db": "PACKETSTORM", "id": "164197" }, { "db": "PACKETSTORM", "id": "164196" }, { "db": "PACKETSTORM", "id": "164194" }, { "db": "PACKETSTORM", "id": "164277" }, { "db": "PACKETSTORM", "id": "168573" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-30860", "trust": 4.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2022/09/02/11", "trust": 2.6 }, { "db": "PACKETSTORM", "id": "168573", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-021228", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "164249", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164197", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164277", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.3102", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3099.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3212", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021091321", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021092317", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202108-2136", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-390593", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-30860", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "164246", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "164196", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "164194", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-390593" }, { "db": "VULMON", "id": "CVE-2021-30860" }, { "db": "JVNDB", "id": "JVNDB-2021-021228" }, { "db": "PACKETSTORM", "id": "164249" }, { "db": "PACKETSTORM", "id": "164246" }, { "db": "PACKETSTORM", "id": "164197" }, { "db": "PACKETSTORM", "id": "164196" }, { "db": "PACKETSTORM", "id": "164194" }, { "db": "PACKETSTORM", "id": "164277" }, { "db": "PACKETSTORM", "id": "168573" }, { "db": "CNNVD", "id": "CNNVD-202108-2136" }, { "db": "NVD", "id": "CVE-2021-30860" } ] }, "id": "VAR-202108-1057", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-390593" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T19:18:34.526000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT212807 Apple\u00a0 Security update", "trust": 0.8, "url": "https://www.freedesktop.org/wiki/" }, { "title": "Apple macOS Big Sur Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=162839" }, { "title": "Table of Contents\nTools\nEducational\nSimilar Lists\nContributing", "trust": 0.1, "url": "https://github.com/ex0dus-0x/awesome-rust-security " }, { "title": "CVE-2021-30860", "trust": 0.1, "url": "https://github.com/levilutz/cve-2021-30860 " }, { "title": "Gex is an iOS 14.7 jailbreak using CVE-2021-30807 IOMFB \u0026 CVE-2021-30860 exploit(s)", "trust": 0.1, "url": "https://github.com/30440r/gex " }, { "title": "ELEGANTBOUNCER", "trust": 0.1, "url": "https://github.com/msuiche/elegant-bouncer " }, { "title": "https://github.com/octane23/CASE-STUDY-1", "trust": 0.1, "url": "https://github.com/octane23/case-study-1 " }, { "title": "https://github.com/houjingyi233/macOS-iOS-system-security", "trust": 0.1, "url": "https://github.com/houjingyi233/macos-ios-system-security " }, { "title": "https://github.com/houjingyi233/macos-ios-exploit-writeup", "trust": 0.1, "url": "https://github.com/houjingyi233/macos-ios-exploit-writeup " }, { "title": "CVE-T4PDF\nTable of contents\nList of CVEs\nList of Techniques", "trust": 0.1, "url": "https://github.com/0xcybery/cve-t4pdf " }, { "title": "PoC in GitHub", "trust": 0.1, "url": "https://github.com/soosmile/poc " }, { "title": "Known Exploited Vulnerabilities Detector", "trust": 0.1, "url": "https://github.com/ostorlab/kev " }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2021/12/17/cyber_spying_firms_facebook_meta/" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2021/09/13/apple_ios_macos_security_fixes/" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2022/04/20/google_zero_days/" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2022/02/11/apple_emergency_webkit/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-30860" }, { "db": "JVNDB", "id": "JVNDB-2021-021228" }, { "db": "CNNVD", "id": "CNNVD-202108-2136" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-190", "trust": 1.1 }, { "problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-390593" }, { "db": "JVNDB", "id": "JVNDB-2021-021228" }, { "db": "NVD", "id": "CVE-2021-30860" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.7, "url": "https://security.gentoo.org/glsa/202209-21" }, { "trust": 2.6, "url": "http://seclists.org/fulldisclosure/2021/sep/25" }, { "trust": 2.6, "url": "http://seclists.org/fulldisclosure/2021/sep/26" }, { "trust": 2.6, "url": "http://seclists.org/fulldisclosure/2021/sep/27" }, { "trust": 2.6, "url": "http://seclists.org/fulldisclosure/2021/sep/28" }, { "trust": 2.6, "url": "http://seclists.org/fulldisclosure/2021/sep/38" }, { "trust": 2.6, "url": "http://seclists.org/fulldisclosure/2021/sep/39" }, { "trust": 2.6, "url": "http://seclists.org/fulldisclosure/2021/sep/40" }, { "trust": 2.6, "url": "http://seclists.org/fulldisclosure/2021/sep/50" }, { "trust": 2.6, "url": "http://www.openwall.com/lists/oss-security/2022/09/02/11" }, { "trust": 2.4, "url": "https://support.apple.com/en-us/ht212805" }, { "trust": 1.9, "url": "https://support.apple.com/en-us/ht212807" }, { "trust": 1.8, "url": "https://support.apple.com/kb/ht212824" }, { "trust": 1.8, "url": "https://support.apple.com/en-us/ht212804" }, { "trust": 1.8, "url": "https://support.apple.com/en-us/ht212806" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30860" }, { "trust": 0.8, "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "trust": 0.6, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.6, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021092317" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168573/gentoo-linux-security-advisory-202209-21.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164249/apple-security-advisory-2021-09-20-8.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apple-macos-two-vulnerabilities-36384" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3102" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164277/apple-security-advisory-2021-09-23-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3212" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3099.2" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164197/apple-security-advisory-2021-09-13-4.html" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212824" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021091321" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30830" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30832" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30828" }, { "trust": 0.2, "url": "https://support.apple.com/ht212805." }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0340" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30841" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30855" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30843" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30844" }, { "trust": 0.2, "url": "https://support.apple.com/downloads/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30859" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30829" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30857" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30850" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30865" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30827" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30847" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30842" }, { "trust": 0.2, "url": "https://support.apple.com/ht212804." }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/190.html" }, { "trust": 0.1, "url": "https://github.com/ex0dus-0x/awesome-rust-security" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29622" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30783" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30713" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30835" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30853" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30845" }, { "trust": 0.1, "url": "https://support.apple.com/ht212807." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30869" }, { "trust": 0.1, "url": "https://www.apple.com/itunes/" }, { "trust": 0.1, "url": "https://support.apple.com/ht212824." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38784" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." } ], "sources": [ { "db": "VULHUB", "id": "VHN-390593" }, { "db": "VULMON", "id": "CVE-2021-30860" }, { "db": "JVNDB", "id": "JVNDB-2021-021228" }, { "db": "PACKETSTORM", "id": "164249" }, { "db": "PACKETSTORM", "id": "164246" }, { "db": "PACKETSTORM", "id": "164197" }, { "db": "PACKETSTORM", "id": "164196" }, { "db": "PACKETSTORM", "id": "164194" }, { "db": "PACKETSTORM", "id": "164277" }, { "db": "PACKETSTORM", "id": "168573" }, { "db": "CNNVD", "id": "CNNVD-202108-2136" }, { "db": "NVD", "id": "CVE-2021-30860" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-390593" }, { "db": "VULMON", "id": "CVE-2021-30860" }, { "db": "JVNDB", "id": "JVNDB-2021-021228" }, { "db": "PACKETSTORM", "id": "164249" }, { "db": "PACKETSTORM", "id": "164246" }, { "db": "PACKETSTORM", "id": "164197" }, { "db": "PACKETSTORM", "id": "164196" }, { "db": "PACKETSTORM", "id": "164194" }, { "db": "PACKETSTORM", "id": "164277" }, { "db": "PACKETSTORM", "id": "168573" }, { "db": "CNNVD", "id": "CNNVD-202108-2136" }, { "db": "NVD", "id": "CVE-2021-30860" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-08-24T00:00:00", "db": "VULHUB", "id": "VHN-390593" }, { "date": "2021-08-24T00:00:00", "db": "VULMON", "id": "CVE-2021-30860" }, { "date": "2024-07-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-021228" }, { "date": "2021-09-22T16:35:10", "db": "PACKETSTORM", "id": "164249" }, { "date": "2021-09-22T16:33:18", "db": "PACKETSTORM", "id": "164246" }, { "date": "2021-09-19T18:11:11", "db": "PACKETSTORM", "id": "164197" }, { "date": "2021-09-19T14:22:22", "db": "PACKETSTORM", "id": "164196" }, { "date": "2021-09-18T13:22:22", "db": "PACKETSTORM", "id": "164194" }, { "date": "2021-09-24T15:40:03", "db": "PACKETSTORM", "id": "164277" }, { "date": "2022-09-30T14:56:06", "db": "PACKETSTORM", "id": "168573" }, { "date": "2021-08-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202108-2136" }, { "date": "2021-08-24T19:15:14.370000", "db": "NVD", "id": "CVE-2021-30860" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-30T00:00:00", "db": "VULHUB", "id": "VHN-390593" }, { "date": "2024-02-02T00:00:00", "db": "VULMON", "id": "CVE-2021-30860" }, { "date": "2024-07-19T07:32:00", "db": "JVNDB", "id": "JVNDB-2021-021228" }, { "date": "2022-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202108-2136" }, { "date": "2024-02-02T03:08:54.213000", "db": "NVD", "id": "CVE-2021-30860" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202108-2136" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "apple\u0027s \u00a0iPadOS\u00a0 Integer overflow vulnerability in products from multiple vendors", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-021228" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "overflow, code execution", "sources": [ { "db": "PACKETSTORM", "id": "164249" }, { "db": "PACKETSTORM", "id": "164246" }, { "db": "PACKETSTORM", "id": "164197" }, { "db": "PACKETSTORM", "id": "164196" }, { "db": "PACKETSTORM", "id": "164194" }, { "db": "PACKETSTORM", "id": "164277" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.