var-202109-0817
Vulnerability from variot
A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing a maliciously crafted image may lead to a denial of service. iOS and macOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ModelIO framework. Crafted data in a USD file can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Information about the security content is also available at https://support.apple.com/HT212600.
AMD Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2021-30805: ABC Research s.r.o
AppKit Available for: macOS Catalina Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2021-30790: hjy79425575 working with Trend Micro Zero Day Initiative
Audio Available for: macOS Catalina Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30781: tr3e
Bluetooth Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30672: say2 of ENKI
CoreAudio Available for: macOS Catalina Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab
CoreAudio Available for: macOS Catalina Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A logic issue was addressed with improved validation. CVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab
CoreStorage Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: An injection issue was addressed with improved validation. CVE-2021-30777: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc
CoreText Available for: macOS Catalina Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30789: Sunglin of Knownsec 404 team, Mickey Jin (@patch1t) of Trend Micro
CoreText Available for: macOS Catalina Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30733: Sunglin from the Knownsec 404
CVMS Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video Communications
dyld Available for: macOS Catalina Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved validation. CVE-2021-30768: Linus Henze (pinauten.de)
FontParser Available for: macOS Catalina Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2021-30760: Sunglin of Knownsec 404 team
FontParser Available for: macOS Catalina Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day Initiative
FontParser Available for: macOS Catalina Impact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative
ImageIO Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30785: Mickey Jin (@patch1t) of Trend Micro, CFF of Topsec Alpha Team
Intel Graphics Driver Available for: macOS Catalina Impact: An application may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2021-30787: Anonymous working with Trend Micro Zero Day Initiative
Intel Graphics Driver Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-30765: Liu Long of Ant Security Light-Year Lab CVE-2021-30766: Liu Long of Ant Security Light-Year Lab
IOUSBHostFamily Available for: macOS Catalina Impact: An unprivileged application may be able to capture USB devices Description: This issue was addressed with improved checks. CVE-2021-30731: UTM (@UTMapp)
Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A double free issue was addressed with improved memory management. CVE-2021-30703: an anonymous researcher
Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-30793: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong Lab
LaunchServices Available for: macOS Catalina Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2021-30677: Ron Waisberg (@epsilan)
LaunchServices Available for: macOS Catalina Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improved access restrictions. CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro
Sandbox Available for: macOS Catalina Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved checks. CVE-2021-30782: Csaba Fitzl (@theevilbit) of Offensive Security
WebKit Available for: macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30799: Sergei Glazunov of Google Project Zero
Additional recognition
configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
CoreServices We would like to acknowledge Zhongcheng Li (CK01) for their assistance.
CoreText We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
Crash Reporter We would like to acknowledge Yizhuo Wang of Group of Software Security In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University for their assistance.
crontabs We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
IOKit We would like to acknowledge George Nosenko for their assistance.
Spotlight We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
Installation note:
This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4r8cACgkQZcsbuWJ6 jjABdhAAirmXHOsGrxcCNUBGKp5vqFtTyyfgzZIqg5GE3uMS7+l08XUgh32opEHX qyAUtECbsBUZVTWYRDH1tFOIMU/BpVWZ1w4BOcg6cYTXSdDBqz57VUo71ivjsn4s MspZ+0so2nLhO2ZwnejQA1tFVH8s2DtScCzYiGjlu/bK61Nozu8E7LzHSksUn/Vp /68FMaYO8qmRkIZp68n6Avid+pfP8XAcBVuQtlttGX98JFN76u/uH9CuVk64r2Mp g2o5/Dw15OAOREOTwbcCxSoncHtUoEBSGykxJNRRnAC3zxPndHASA3uM7Ez5ubaa z9+LrMGXWnbWgOT9y1FSu6vtDDRgd37+syONU9Z2WlHs9nNpo+g2FzIl5/f6twgv 8npMDuCvwtg+I/lXEZBX/AobNq+/OXZDeRtEjeTBzy+gw4I74pkJajg3HwaxTLRV d+3hsWyQp1tRoeSMC/OErVLrpsV8FmXJyIEeZoaD2jliobz4/6km9CH6VimfPqGJ ZMQkX/m5yt3OqFXSh6i3ZWjXDRiqw2rVvLa2Ya8Me1PFmroRxj56AuelRM5+J9LG bBIsV87A+7J44q01OT0hy7JX/mg2wYcUKNglz7iNeeffbOTnDXlI+pP12gPKDkDW AT2oWHVljBg8aRBVSFB0wu5jctIWjQysbEQCnIDWiPWd4GVSOSs=agRk -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0817", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.15.6" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.14.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.14.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.14.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.15.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.15.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.15.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.15" }, { "model": "iphone os", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "14.7" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.15.7" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.14" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.14.0" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.14.6" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.15.2" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.14.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.14.2" }, { "model": "macos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "11.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.15.5" }, { "model": "macos", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "11.0" }, { "model": "apple mac os x", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null }, { "model": "macos", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null }, { "model": "ios", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null }, { "model": "macos", "scope": null, "trust": 0.7, "vendor": "apple", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-948" }, { "db": "JVNDB", "id": "JVNDB-2021-013571" }, { "db": "NVD", "id": "CVE-2021-30796" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.4:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-003:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-004:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.6:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.6:supplemental_update:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.5", "versionStartIncluding": "11.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-30796" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mickey Jin (@patch1t) of Trend Micro", "sources": [ { "db": "ZDI", "id": "ZDI-21-948" }, { "db": "CNNVD", "id": "CNNVD-202107-1650" } ], "trust": 1.3 }, "cve": "CVE-2021-30796", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-30796", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-390529", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-30796", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-30796", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-30796", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2021-30796", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-1650", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-390529", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-948" }, { "db": "VULHUB", "id": "VHN-390529" }, { "db": "JVNDB", "id": "JVNDB-2021-013571" }, { "db": "NVD", "id": "CVE-2021-30796" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1650" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing a maliciously crafted image may lead to a denial of service. iOS and macOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ModelIO framework. Crafted data in a USD file can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212600. \n\nAMD Kernel\nAvailable for: macOS Catalina\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2021-30805: ABC Research s.r.o\n\nAppKit\nAvailable for: macOS Catalina\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2021-30790: hjy79425575 working with Trend Micro Zero Day\nInitiative\n\nAudio\nAvailable for: macOS Catalina\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30781: tr3e\n\nBluetooth\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to gain root privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30672: say2 of ENKI\n\nCoreAudio\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: macOS Catalina\nImpact: Playing a malicious audio file may lead to an unexpected\napplication termination\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab\n\nCoreStorage\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to gain root privileges\nDescription: An injection issue was addressed with improved\nvalidation. \nCVE-2021-30777: Tim Michaud(@TimGMichaud) of Zoom Video\nCommunications and Gary Nield of ECSC Group plc\n\nCoreText\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30789: Sunglin of Knownsec 404 team, Mickey Jin (@patch1t)\nof Trend Micro\n\nCoreText\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30733: Sunglin from the Knownsec 404\n\nCVMS\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to gain root privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video\nCommunications\n\ndyld\nAvailable for: macOS Catalina\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30768: Linus Henze (pinauten.de)\n\nFontParser\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2021-30760: Sunglin of Knownsec 404 team\n\nFontParser\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A stack overflow was addressed with improved input\nvalidation. \nCVE-2021-30759: hjy79425575 working with Trend Micro Zero Day\nInitiative\n\nFontParser\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted tiff file may lead to a\ndenial-of-service or potentially disclose memory contents\nDescription: This issue was addressed with improved checks. \nCVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative\n\nImageIO\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-30785: Mickey Jin (@patch1t) of Trend Micro, CFF of Topsec\nAlpha Team\n\nIntel Graphics Driver\nAvailable for: macOS Catalina\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2021-30787: Anonymous working with Trend Micro Zero Day\nInitiative\n\nIntel Graphics Driver\nAvailable for: macOS Catalina\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-30765: Liu Long of Ant Security Light-Year Lab\nCVE-2021-30766: Liu Long of Ant Security Light-Year Lab\n\nIOUSBHostFamily\nAvailable for: macOS Catalina\nImpact: An unprivileged application may be able to capture USB\ndevices\nDescription: This issue was addressed with improved checks. \nCVE-2021-30731: UTM (@UTMapp)\n\nKernel\nAvailable for: macOS Catalina\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A double free issue was addressed with improved memory\nmanagement. \nCVE-2021-30703: an anonymous researcher\n\nKernel\nAvailable for: macOS Catalina\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30793: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong\nLab\n\nLaunchServices\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2021-30677: Ron Waisberg (@epsilan)\n\nLaunchServices\nAvailable for: macOS Catalina\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro\n\nSandbox\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: This issue was addressed with improved checks. \nCVE-2021-30782: Csaba Fitzl (@theevilbit) of Offensive Security\n\nWebKit\nAvailable for: macOS Catalina\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2021-30799: Sergei Glazunov of Google Project Zero\n\nAdditional recognition\n\nconfigd\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nCoreServices\nWe would like to acknowledge Zhongcheng Li (CK01) for their\nassistance. \n\nCoreText\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nCrash Reporter\nWe would like to acknowledge Yizhuo Wang of Group of Software\nSecurity In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University\nfor their assistance. \n\ncrontabs\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nIOKit\nWe would like to acknowledge George Nosenko for their assistance. \n\nSpotlight\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4r8cACgkQZcsbuWJ6\njjABdhAAirmXHOsGrxcCNUBGKp5vqFtTyyfgzZIqg5GE3uMS7+l08XUgh32opEHX\nqyAUtECbsBUZVTWYRDH1tFOIMU/BpVWZ1w4BOcg6cYTXSdDBqz57VUo71ivjsn4s\nMspZ+0so2nLhO2ZwnejQA1tFVH8s2DtScCzYiGjlu/bK61Nozu8E7LzHSksUn/Vp\n/68FMaYO8qmRkIZp68n6Avid+pfP8XAcBVuQtlttGX98JFN76u/uH9CuVk64r2Mp\ng2o5/Dw15OAOREOTwbcCxSoncHtUoEBSGykxJNRRnAC3zxPndHASA3uM7Ez5ubaa\nz9+LrMGXWnbWgOT9y1FSu6vtDDRgd37+syONU9Z2WlHs9nNpo+g2FzIl5/f6twgv\n8npMDuCvwtg+I/lXEZBX/AobNq+/OXZDeRtEjeTBzy+gw4I74pkJajg3HwaxTLRV\nd+3hsWyQp1tRoeSMC/OErVLrpsV8FmXJyIEeZoaD2jliobz4/6km9CH6VimfPqGJ\nZMQkX/m5yt3OqFXSh6i3ZWjXDRiqw2rVvLa2Ya8Me1PFmroRxj56AuelRM5+J9LG\nbBIsV87A+7J44q01OT0hy7JX/mg2wYcUKNglz7iNeeffbOTnDXlI+pP12gPKDkDW\nAT2oWHVljBg8aRBVSFB0wu5jctIWjQysbEQCnIDWiPWd4GVSOSs=agRk\n-----END PGP SIGNATURE-----\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2021-30796" }, { "db": "JVNDB", "id": "JVNDB-2021-013571" }, { "db": "ZDI", "id": "ZDI-21-948" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-390529" }, { "db": "VULMON", "id": "CVE-2021-30796" }, { "db": "PACKETSTORM", "id": "163647" }, { "db": "PACKETSTORM", "id": "163649" } ], "trust": 3.15 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-30796", "trust": 4.3 }, { "db": "ZDI", "id": "ZDI-21-948", "trust": 1.3 }, { "db": "JVNDB", "id": "JVNDB-2021-013571", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-14011", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "163647", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072231", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072219", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2485.2", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-1650", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-390529", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-30796", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163649", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-948" }, { "db": "VULHUB", "id": "VHN-390529" }, { "db": "VULMON", "id": "CVE-2021-30796" }, { "db": "JVNDB", "id": "JVNDB-2021-013571" }, { "db": "PACKETSTORM", "id": "163647" }, { "db": "PACKETSTORM", "id": "163649" }, { "db": "NVD", "id": "CVE-2021-30796" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1650" } ] }, "id": "VAR-202109-0817", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-390529" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:48:18.009000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT212602 Apple\u00a0 Security update", "trust": 0.8, "url": "https://support.apple.com/en-us/ht212600" }, { "title": "Apple has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://support.apple.com/en-us/ht212602" }, { "title": "Apple macOS Big Sur Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=158811" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-948" }, { "db": "JVNDB", "id": "JVNDB-2021-013571" }, { "db": "CNNVD", "id": "CNNVD-202107-1650" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-013571" }, { "db": "NVD", "id": "CVE-2021-30796" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://support.apple.com/en-us/ht212602" }, { "trust": 1.7, "url": "https://support.apple.com/en-us/ht212600" }, { "trust": 1.7, "url": "https://support.apple.com/en-us/ht212601" }, { "trust": 1.7, "url": "https://support.apple.com/en-us/ht212603" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30796" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163647/apple-security-advisory-2021-07-21-3.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072219" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-35970" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2485.2" }, { "trust": 0.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-948/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072231" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30781" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30777" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30793" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30733" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30790" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30788" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30787" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30766" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30765" }, { "trust": 0.2, "url": "https://support.apple.com/downloads/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30672" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30805" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30780" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30759" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30703" }, { "trust": 0.2, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30782" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30760" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30677" }, { "trust": 0.2, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30783" }, { "trust": 0.1, "url": "http://seclists.org/fulldisclosure/2021/jul/56" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30768" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30776" }, { "trust": 0.1, "url": "https://support.apple.com/ht212600." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30789" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30731" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30775" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30785" }, { "trust": 0.1, "url": "https://support.apple.com/ht212603." } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-948" }, { "db": "VULHUB", "id": "VHN-390529" }, { "db": "VULMON", "id": "CVE-2021-30796" }, { "db": "JVNDB", "id": "JVNDB-2021-013571" }, { "db": "PACKETSTORM", "id": "163647" }, { "db": "PACKETSTORM", "id": "163649" }, { "db": "NVD", "id": "CVE-2021-30796" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1650" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-21-948" }, { "db": "VULHUB", "id": "VHN-390529" }, { "db": "VULMON", "id": "CVE-2021-30796" }, { "db": "JVNDB", "id": "JVNDB-2021-013571" }, { "db": "PACKETSTORM", "id": "163647" }, { "db": "PACKETSTORM", "id": "163649" }, { "db": "NVD", "id": "CVE-2021-30796" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1650" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-08-05T00:00:00", "db": "ZDI", "id": "ZDI-21-948" }, { "date": "2021-09-08T00:00:00", "db": "VULHUB", "id": "VHN-390529" }, { "date": "2022-09-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-013571" }, { "date": "2021-07-23T15:30:33", "db": "PACKETSTORM", "id": "163647" }, { "date": "2021-07-23T15:31:52", "db": "PACKETSTORM", "id": "163649" }, { "date": "2021-09-08T14:15:11.660000", "db": "NVD", "id": "CVE-2021-30796" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-1650" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-08-05T00:00:00", "db": "ZDI", "id": "ZDI-21-948" }, { "date": "2021-09-16T00:00:00", "db": "VULHUB", "id": "VHN-390529" }, { "date": "2022-09-16T03:25:00", "db": "JVNDB", "id": "JVNDB-2021-013571" }, { "date": "2021-09-16T14:47:03.117000", "db": "NVD", "id": "CVE-2021-30796" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-09-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-1650" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-1650" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "iOS\u00a0 and \u00a0macOS\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-013571" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.