var-202109-1407
Vulnerability from variot
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A sandboxed process may be able to circumvent sandbox restrictions. macOS has an unspecified vulnerability.Information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: Macos: 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19d76, 10.15.4 19E266, 10.15.4 19E287, 10.15.5 19F96, 10.15. 5 19F101, 10.15.6 19G73, 10.15.6 19G2021, 10.15.7 19H2, 10.15.7 19H4, 10.15.7 19H15, 10.15.7 19H114, 10.15.7 19H512, 10.15.7 19H524, 10.15.7 19H1030, 10.15. 7 19H1217. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-07-21-2 macOS Big Sur 11.5
macOS Big Sur 11.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212602.
AMD Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2021-30805: ABC Research s.r.o
AppKit Available for: macOS Big Sur Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2021-30790: hjy79425575 working with Trend Micro Zero Day Initiative
Audio Available for: macOS Big Sur Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30781: tr3e
AVEVideoEncoder Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30748: George Nosenko
CoreAudio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab
CoreAudio Available for: macOS Big Sur Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A logic issue was addressed with improved validation. CVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab
CoreGraphics Available for: macOS Big Sur Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A race condition was addressed with improved state handling. CVE-2021-30786: ryuzaki
CoreServices Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2021-30783: Ron Waisberg (@epsilan)
CoreStorage Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: An injection issue was addressed with improved validation. CVE-2021-30777: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc
CoreText Available for: macOS Big Sur Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30789: Mickey Jin (@patch1t) of Trend Micro, Sunglin of Knownsec 404 team
Crash Reporter Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2021-30774: Yizhuo Wang of Group of Software Security In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University
CVMS Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video Communications
dyld Available for: macOS Big Sur Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved validation. CVE-2021-30768: Linus Henze (pinauten.de)
FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2021-30760: Sunglin of Knownsec 404 team
FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative
FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day Initiative
Identity Services Available for: macOS Big Sur Impact: A malicious application may be able to access a user’s recent Contacts Description: A permissions issue was addressed with improved validation. CVE-2021-30803: Csaba Fitzl (@theevilbit) of Offensive Security
ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30779: Jzhu, Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30785: CFF of Topsec Alpha Team, Mickey Jin (@patch1t) of Trend Micro
Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2021-30787: Anonymous working with Trend Micro Zero Day Initiative
Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-30766: Liu Long of Ant Security Light-Year Lab CVE-2021-30765: Liu Long of Ant Security Light-Year Lab
IOKit Available for: macOS Big Sur Impact: A local attacker may be able to execute code on the Apple T2 Security Chip Description: Multiple issues were addressed with improved logic. CVE-2021-30784: George Nosenko
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-30793: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong Lab
Kext Management Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed with improved entitlements. CVE-2021-30778: Csaba Fitzl (@theevilbit) of Offensive Security
libxml2 Available for: macOS Big Sur Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-3518
Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to a denial of service Description: A logic issue was addressed with improved validation. CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro
Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-30792: Anonymous working with Trend Micro Zero Day Initiative
Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30791: Anonymous working with Trend Micro Zero Day Initiative
Sandbox Available for: macOS Big Sur Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved checks. CVE-2021-30782: Csaba Fitzl (@theevilbit) of Offensive Security
TCC Available for: macOS Big Sur Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2021-30798: Mickey Jin (@patch1t) of Trend Micro
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-30758: Christoph Guttandin of Media Codings
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30795: Sergei Glazunov of Google Project Zero
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to code execution Description: This issue was addressed with improved checks. CVE-2021-30797: Ivan Fratric of Google Project Zero
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30799: Sergei Glazunov of Google Project Zero
Additional recognition
configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
CoreText We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
crontabs We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
Spotlight We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
Installation note:
This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4r8YACgkQZcsbuWJ6 jjAHog//cJsC4OL9lXnFSg2S4cf/eiIPNiUv4T2I5DvDFsmeUGF0hXsfKkOgNw+9 Mp4qW/3mzVDoB5nQpyjRie/zGNsmpEKLThakL7z9mJs+lYWhBJOJEZMlZqLD/7hZ dtBG2K28Ffw7ATeivEVtIY8LbAbPbwQqDd0HpUgtnJH6SWKL+9n4ZnppR8jJWmwi ltopPIMfzwzon0CejZU+SY2Kfpb5DnerNpthH6idTkgt8btqwoscKzmcvu0Ek8bh aq/0Mv/RbyUw8WIEZuPFICX+4yPVb/WiVFRVTGOiP/97EibqLGrQceiczBPJTfe4 D2aafbG+eyVMujjVMDPs1/q3T1GEZHBmETj7Pqigar/ymSfJfwnwYdhpPyYbffY7 iwUxvH5HFDeiotlMELeqdx/2sIVtMrx8IEtnaofevOcY1BP2gmQR+G849B0Rixn1 phCMK38NMp+jrWpdgx4MwO23puMBDWyRZdWn+dygwG3cPnr9/hdTOKB1B1wgpuys 3R5DbmSkOVWmtq+bumEafkywH7bA04SX9R7+jNwtXfEE82ToMJmEvLR5/PmCiMDM N22My4OWcjOjX8AT8wA732Vi6J2qytxMbkIupa794fy9Oea2WTPlFwcw1YKhP4NO Mvs1tHLJb/hwxc1Nyi4ojPZNYKNn6Gs/E16VEQt+X33bX3vU18E= =fuQ1 -----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have been actively exploited. Entry added September 20, 2021
CUPS We would like to acknowledge an anonymous researcher for their assistance
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1407", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mac os x", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.15.6" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.15.7" }, { "model": "macos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "11.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.14.6" }, { "model": "mac os x", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "10.15" }, { "model": "mac os x", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.14.5" }, { "model": "mac os x", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "10.14" }, { "model": "macos", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "11.0" }, { "model": "apple mac os x", "scope": "eq", "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": "10.14.6" }, { "model": "apple mac os x", "scope": "eq", "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": "10.14 to 10.14.5" }, { "model": "apple mac os x", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null }, { "model": "apple mac os x", "scope": "eq", "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": "macos 11.0 that\u0027s all 11.5" }, { "model": "apple mac os x", "scope": "eq", "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": "10.15.7" }, { "model": "apple mac os x", "scope": "eq", "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": "10.15 to 10.15.6" }, { "model": "apple mac os x", "scope": "eq", "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-013621" }, { "db": "NVD", "id": "CVE-2021-30783" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.14.5", "versionStartIncluding": "10.14", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-003:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-004:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.15.6", "versionStartIncluding": "10.15", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.5", "versionStartIncluding": "11.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-30783" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple", "sources": [ { "db": "PACKETSTORM", "id": "163646" }, { "db": "PACKETSTORM", "id": "163647" }, { "db": "PACKETSTORM", "id": "163649" }, { "db": "PACKETSTORM", "id": "164249" } ], "trust": 0.4 }, "cve": "CVE-2021-30783", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.1, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-30783", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "VHN-390516", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.0, "impactScore": 4.0, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-30783", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Changed", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-30783", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-1684", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-390516", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-390516" }, { "db": "JVNDB", "id": "JVNDB-2021-013621" }, { "db": "NVD", "id": "CVE-2021-30783" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1684" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A sandboxed process may be able to circumvent sandbox restrictions. macOS has an unspecified vulnerability.Information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: Macos: 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19d76, 10.15.4 19E266, 10.15.4 19E287, 10.15.5 19F96, 10.15. 5 19F101, 10.15.6 19G73, 10.15.6 19G2021, 10.15.7 19H2, 10.15.7 19H4, 10.15.7 19H15, 10.15.7 19H114, 10.15.7 19H512, 10.15.7 19H524, 10.15.7 19H1030, 10.15. 7 19H1217. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-07-21-2 macOS Big Sur 11.5\n\nmacOS Big Sur 11.5 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212602. \n\nAMD Kernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2021-30805: ABC Research s.r.o\n\nAppKit\nAvailable for: macOS Big Sur\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2021-30790: hjy79425575 working with Trend Micro Zero Day\nInitiative\n\nAudio\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30781: tr3e\n\nAVEVideoEncoder\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30748: George Nosenko\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: Playing a malicious audio file may lead to an unexpected\napplication termination\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab\n\nCoreGraphics\nAvailable for: macOS Big Sur\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30786: ryuzaki\n\nCoreServices\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30783: Ron Waisberg (@epsilan)\n\nCoreStorage\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: An injection issue was addressed with improved\nvalidation. \nCVE-2021-30777: Tim Michaud(@TimGMichaud) of Zoom Video\nCommunications and Gary Nield of ECSC Group plc\n\nCoreText\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30789: Mickey Jin (@patch1t) of Trend Micro, Sunglin of\nKnownsec 404 team\n\nCrash Reporter\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30774: Yizhuo Wang of Group of Software Security In\nProgress (G.O.S.S.I.P) at Shanghai Jiao Tong University\n\nCVMS\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video\nCommunications\n\ndyld\nAvailable for: macOS Big Sur\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30768: Linus Henze (pinauten.de)\n\nFontParser\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2021-30760: Sunglin of Knownsec 404 team\n\nFontParser\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted tiff file may lead to a\ndenial-of-service or potentially disclose memory contents\nDescription: This issue was addressed with improved checks. \nCVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative\n\nFontParser\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A stack overflow was addressed with improved input\nvalidation. \nCVE-2021-30759: hjy79425575 working with Trend Micro Zero Day\nInitiative\n\nIdentity Services\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to access a user\u2019s recent\nContacts\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2021-30803: Csaba Fitzl (@theevilbit) of Offensive Security\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30779: Jzhu, Ye Zhang(@co0py_Cat) of Baidu Security\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-30785: CFF of Topsec Alpha Team, Mickey Jin (@patch1t) of\nTrend Micro\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2021-30787: Anonymous working with Trend Micro Zero Day\nInitiative\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-30766: Liu Long of Ant Security Light-Year Lab\nCVE-2021-30765: Liu Long of Ant Security Light-Year Lab\n\nIOKit\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to execute code on the Apple T2\nSecurity Chip\nDescription: Multiple issues were addressed with improved logic. \nCVE-2021-30784: George Nosenko\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30793: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong\nLab\n\nKext Management\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: This issue was addressed with improved entitlements. \nCVE-2021-30778: Csaba Fitzl (@theevilbit) of Offensive Security\n\nlibxml2\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: This issue was addressed with improved checks. \nCVE-2021-3518\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-30792: Anonymous working with Trend Micro Zero Day\nInitiative\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may disclose user\ninformation\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30791: Anonymous working with Trend Micro Zero Day\nInitiative\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: This issue was addressed with improved checks. \nCVE-2021-30782: Csaba Fitzl (@theevilbit) of Offensive Security\n\nTCC\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30798: Mickey Jin (@patch1t) of Trend Micro\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-30758: Christoph Guttandin of Media Codings\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30795: Sergei Glazunov of Google Project Zero\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30797: Ivan Fratric of Google Project Zero\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2021-30799: Sergei Glazunov of Google Project Zero\n\nAdditional recognition\n\nconfigd\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nCoreText\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\ncrontabs\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nSpotlight\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4r8YACgkQZcsbuWJ6\njjAHog//cJsC4OL9lXnFSg2S4cf/eiIPNiUv4T2I5DvDFsmeUGF0hXsfKkOgNw+9\nMp4qW/3mzVDoB5nQpyjRie/zGNsmpEKLThakL7z9mJs+lYWhBJOJEZMlZqLD/7hZ\ndtBG2K28Ffw7ATeivEVtIY8LbAbPbwQqDd0HpUgtnJH6SWKL+9n4ZnppR8jJWmwi\nltopPIMfzwzon0CejZU+SY2Kfpb5DnerNpthH6idTkgt8btqwoscKzmcvu0Ek8bh\naq/0Mv/RbyUw8WIEZuPFICX+4yPVb/WiVFRVTGOiP/97EibqLGrQceiczBPJTfe4\nD2aafbG+eyVMujjVMDPs1/q3T1GEZHBmETj7Pqigar/ymSfJfwnwYdhpPyYbffY7\niwUxvH5HFDeiotlMELeqdx/2sIVtMrx8IEtnaofevOcY1BP2gmQR+G849B0Rixn1\nphCMK38NMp+jrWpdgx4MwO23puMBDWyRZdWn+dygwG3cPnr9/hdTOKB1B1wgpuys\n3R5DbmSkOVWmtq+bumEafkywH7bA04SX9R7+jNwtXfEE82ToMJmEvLR5/PmCiMDM\nN22My4OWcjOjX8AT8wA732Vi6J2qytxMbkIupa794fy9Oea2WTPlFwcw1YKhP4NO\nMvs1tHLJb/hwxc1Nyi4ojPZNYKNn6Gs/E16VEQt+X33bX3vU18E=\n=fuQ1\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may have\nbeen actively exploited. \nEntry added September 20, 2021\n\nCUPS\nWe would like to acknowledge an anonymous researcher for their\nassistance", "sources": [ { "db": "NVD", "id": "CVE-2021-30783" }, { "db": "JVNDB", "id": "JVNDB-2021-013621" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-390516" }, { "db": "VULMON", "id": "CVE-2021-30783" }, { "db": "PACKETSTORM", "id": "163646" }, { "db": "PACKETSTORM", "id": "163647" }, { "db": "PACKETSTORM", "id": "163649" }, { "db": "PACKETSTORM", "id": "164249" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-30783", "trust": 3.8 }, { "db": "JVNDB", "id": "JVNDB-2021-013621", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202107-1684", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "163646", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164249", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072219", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072231", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2490", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3102.2", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-390516", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-30783", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163647", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163649", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-390516" }, { "db": "VULMON", "id": "CVE-2021-30783" }, { "db": "JVNDB", "id": "JVNDB-2021-013621" }, { "db": "PACKETSTORM", "id": "163646" }, { "db": "PACKETSTORM", "id": "163647" }, { "db": "PACKETSTORM", "id": "163649" }, { "db": "PACKETSTORM", "id": "164249" }, { "db": "NVD", "id": "CVE-2021-30783" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1684" } ] }, "id": "VAR-202109-1407", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-390516" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:19:03.431000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT212603 Apple\u00a0 Security update", "trust": 0.8, "url": "https://support.apple.com/en-us/ht212600" }, { "title": "MacOS Fixes for permissions and access control issues vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=157290" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-013621" }, { "db": "CNNVD", "id": "CNNVD-202107-1684" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "others (CWE-Other) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-013621" }, { "db": "NVD", "id": "CVE-2021-30783" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://seclists.org/fulldisclosure/2021/sep/40" }, { "trust": 2.3, "url": "https://support.apple.com/en-us/ht212602" }, { "trust": 1.7, "url": "https://support.apple.com/kb/ht212805" }, { "trust": 1.7, "url": "https://support.apple.com/en-us/ht212600" }, { "trust": 1.7, "url": "https://support.apple.com/en-us/ht212603" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30783" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212805" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072219" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164249/apple-security-advisory-2021-09-20-8.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-35970" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163646/apple-security-advisory-2021-07-21-2.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072231" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2490" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3102.2" }, { "trust": 0.4, "url": "https://support.apple.com/downloads/" }, { "trust": 0.4, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.4, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30781" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30777" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30790" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30788" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30787" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30766" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30765" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30780" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30759" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30782" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30760" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30768" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30776" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30789" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30775" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30785" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30793" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30733" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30672" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30805" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30703" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30677" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30796" }, { "trust": 0.1, "url": "http://seclists.org/fulldisclosure/2021/jul/56" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30791" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30772" }, { "trust": 0.1, "url": "https://support.apple.com/ht212602." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30786" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30748" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30779" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30774" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30784" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30778" }, { "trust": 0.1, "url": "https://support.apple.com/ht212600." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30731" }, { "trust": 0.1, "url": "https://support.apple.com/ht212603." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30830" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30832" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29622" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30828" }, { "trust": 0.1, "url": "https://support.apple.com/ht212805." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0340" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30841" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30855" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30843" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30844" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30859" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30829" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30857" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30713" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30850" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30865" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30827" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30847" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30842" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30860" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30835" } ], "sources": [ { "db": "VULHUB", "id": "VHN-390516" }, { "db": "VULMON", "id": "CVE-2021-30783" }, { "db": "JVNDB", "id": "JVNDB-2021-013621" }, { "db": "PACKETSTORM", "id": "163646" }, { "db": "PACKETSTORM", "id": "163647" }, { "db": "PACKETSTORM", "id": "163649" }, { "db": "PACKETSTORM", "id": "164249" }, { "db": "NVD", "id": "CVE-2021-30783" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1684" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-390516" }, { "db": "VULMON", "id": "CVE-2021-30783" }, { "db": "JVNDB", "id": "JVNDB-2021-013621" }, { "db": "PACKETSTORM", "id": "163646" }, { "db": "PACKETSTORM", "id": "163647" }, { "db": "PACKETSTORM", "id": "163649" }, { "db": "PACKETSTORM", "id": "164249" }, { "db": "NVD", "id": "CVE-2021-30783" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1684" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-09-08T00:00:00", "db": "VULHUB", "id": "VHN-390516" }, { "date": "2022-09-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-013621" }, { "date": "2021-07-23T15:30:22", "db": "PACKETSTORM", "id": "163646" }, { "date": "2021-07-23T15:30:33", "db": "PACKETSTORM", "id": "163647" }, { "date": "2021-07-23T15:31:52", "db": "PACKETSTORM", "id": "163649" }, { "date": "2021-09-22T16:35:10", "db": "PACKETSTORM", "id": "164249" }, { "date": "2021-09-08T14:15:11.137000", "db": "NVD", "id": "CVE-2021-30783" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-1684" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-12T00:00:00", "db": "VULHUB", "id": "VHN-390516" }, { "date": "2022-09-16T09:15:00", "db": "JVNDB", "id": "JVNDB-2021-013621" }, { "date": "2022-07-12T17:42:04.277000", "db": "NVD", "id": "CVE-2021-30783" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-1684" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-1684" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "macOS\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-013621" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1684" } ], "trust": 1.2 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.