cvelistv5 - cve-2021-1806

CVE-2021-1806 (GCVE-0-2021-1806)

Vulnerability from cvelistv5

Published

2021-04-02 18:05

Modified

2024-08-03 16:25

Severity ?

CWE

An application may be able to execute arbitrary code with kernel privileges

Summary

References

URL

Tags

product-security@apple.com	http://seclists.org/fulldisclosure/2021/Apr/54	Mailing List, Third Party Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212177	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT212327	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Apr/54	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212177	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT212327	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Apple	macOS	Version: unspecified < 11.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:25:05.718Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212177"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212327"
          },
          {
            "name": "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Apr/54"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An application may be able to execute arbitrary code with kernel privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-27T20:06:44",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212177"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212327"
        },
        {
          "name": "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Apr/54"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2021-1806",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "11.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "An application may be able to execute arbitrary code with kernel privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212177",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212177"
            },
            {
              "name": "https://support.apple.com/kb/HT212327",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT212327"
            },
            {
              "name": "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Apr/54"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2021-1806",
    "datePublished": "2021-04-02T18:05:40",
    "dateReserved": "2020-12-08T00:00:00",
    "dateUpdated": "2024-08-03T16:25:05.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-1806\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2021-04-02T19:15:20.227\",\"lastModified\":\"2024-11-21T05:45:08.857\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 una condici\u00f3n de carrera con una comprobaci\u00f3n adicional.\u0026#xa0;Este problema es corregido en macOS Big Sur versi\u00f3n 11.2.1, Supplemental Update de macOS Catalina versi\u00f3n 10.15.7, Security Update de macOS Mojave versi\u00f3n 10.14.6 2021-002.\u0026#xa0;Una aplicaci\u00f3n puede ser capaz de ejecutar c\u00f3digo arbitrario con privilegios de kernel.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.14\",\"versionEndExcluding\":\"10.14.6\",\"matchCriteriaId\":\"6DE2B03F-94EE-4E32-B366-FE31A7031403\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.15\",\"versionEndExcluding\":\"10.15.7\",\"matchCriteriaId\":\"DB8A73F8-3074-4B32-B9F6-343B6B1988C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFE26ECC-A2C2-4501-9950-510DE0E1BD86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"26108BEF-0847-4AB0-BD98-35344DFA7835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FD3467D-7679-479F-9C0B-A93F7CD0929D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4C6098E-EDBD-4A85-8282-B2E9D9333872\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*\",\"matchCriteriaId\":\"518BB47B-DD76-4E8C-9F10-7EBC1E146191\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*\",\"matchCriteriaId\":\"63940A55-D851-46EB-9668-D82BEFC1FE95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*\",\"matchCriteriaId\":\"68C7A97A-3801-44FA-96CA-10298FA39883\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D69914D-46C7-4A0E-A075-C863C1692D33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CDB4476-B521-43E4-A129-8718A8E0A8CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D072B77-BE3F-4A2E-B66A-E2C8DC3781E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4A6BF78-B772-435C-AC1A-2199027CCF9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A654B8A2-FC30-4171-B0BB-366CD7ED4B6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1F4BF7F-90D4-4668-B4E6-B06F4070F448\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1C795B9-E58D-467C-83A8-2D45C792292F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.2.1\",\"matchCriteriaId\":\"52B62D32-7B84-48DB-8E87-FB5C61958CC0\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2021/Apr/54\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212177\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212327\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Apr/54\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212177\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

fkie_cve-2021-1806

Vulnerability from fkie_nvd

Published

2021-04-02 19:15

Modified

2024-11-21 05:45

Severity ?

7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	http://seclists.org/fulldisclosure/2021/Apr/54	Mailing List, Third Party Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212177	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT212327	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Apr/54	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212177	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT212327	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	mac_os_x	*
apple	mac_os_x	*
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	macos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE2B03F-94EE-4E32-B366-FE31A7031403",
              "versionEndExcluding": "10.14.6",
              "versionStartIncluding": "10.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB8A73F8-3074-4B32-B9F6-343B6B1988C5",
              "versionEndExcluding": "10.15.7",
              "versionStartIncluding": "10.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
              "matchCriteriaId": "CFE26ECC-A2C2-4501-9950-510DE0E1BD86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
              "matchCriteriaId": "26108BEF-0847-4AB0-BD98-35344DFA7835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
              "matchCriteriaId": "0FD3467D-7679-479F-9C0B-A93F7CD0929D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
              "matchCriteriaId": "D4C6098E-EDBD-4A85-8282-B2E9D9333872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
              "matchCriteriaId": "518BB47B-DD76-4E8C-9F10-7EBC1E146191",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
              "matchCriteriaId": "63940A55-D851-46EB-9668-D82BEFC1FE95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
              "matchCriteriaId": "68C7A97A-3801-44FA-96CA-10298FA39883",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
              "matchCriteriaId": "6D69914D-46C7-4A0E-A075-C863C1692D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
              "matchCriteriaId": "9CDB4476-B521-43E4-A129-8718A8E0A8CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
              "matchCriteriaId": "9D072B77-BE3F-4A2E-B66A-E2C8DC3781E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*",
              "matchCriteriaId": "A4A6BF78-B772-435C-AC1A-2199027CCF9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
              "matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
              "matchCriteriaId": "C1C795B9-E58D-467C-83A8-2D45C792292F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52B62D32-7B84-48DB-8E87-FB5C61958CC0",
              "versionEndExcluding": "11.2.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 una condici\u00f3n de carrera con una comprobaci\u00f3n adicional.\u0026#xa0;Este problema es corregido en macOS Big Sur versi\u00f3n 11.2.1, Supplemental Update de macOS Catalina versi\u00f3n 10.15.7, Security Update de macOS Mojave versi\u00f3n 10.14.6 2021-002.\u0026#xa0;Una aplicaci\u00f3n puede ser capaz de ejecutar c\u00f3digo arbitrario con privilegios de kernel."
    }
  ],
  "id": "CVE-2021-1806",
  "lastModified": "2024-11-21T05:45:08.857",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-02T19:15:20.227",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Apr/54"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212177"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Apr/54"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212327"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2021-1806

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2021-1806

Aliases

CVE-2021-1806

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-1806",
    "description": "A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges.",
    "id": "GSD-2021-1806"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-1806"
      ],
      "details": "A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges.",
      "id": "GSD-2021-1806",
      "modified": "2023-12-13T01:23:22.301950Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2021-1806",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "11.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "An application may be able to execute arbitrary code with kernel privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT212177",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212177"
          },
          {
            "name": "https://support.apple.com/kb/HT212327",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT212327"
          },
          {
            "name": "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2021/Apr/54"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.14.6",
                "versionStartIncluding": "10.14",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.7",
                "versionStartIncluding": "10.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.2.1",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2021-1806"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212177",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212177"
            },
            {
              "name": "https://support.apple.com/kb/HT212327",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT212327"
            },
            {
              "name": "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Apr/54"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-05-04T19:35Z",
      "publishedDate": "2021-04-02T19:15Z"
    }
  }
}

ghsa-6j4c-93q9-wrhq

Vulnerability from github

Published

2022-05-24 17:46

Modified

2022-05-24 17:46

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-1806"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-02T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges.",
  "id": "GHSA-6j4c-93q9-wrhq",
  "modified": "2022-05-24T17:46:23Z",
  "published": "2022-05-24T17:46:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1806"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212177"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212327"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Apr/54"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the AppleIntelKBLGraphics kext. The issue results from the lack of proper locking when performing operations on an object. There is a security vulnerability in the Intel Graphics Driver. Please keep an eye on CNNVD or the manufacturer's announcement.

The specific flaw exists within the AppleIntelKBLGraphics kext. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave

Security Update 2021-003 Mojave addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212327.

APFS Available for: macOS Mojave Impact: A local user may be able to read arbitrary files Description: The issue was addressed with improved permissions logic. CVE-2021-1797: Thomas Tempelmann

Audio Available for: macOS Mojave Impact: An application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab

CFNetwork Available for: macOS Mojave Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1857: an anonymous researcher

CoreAudio Available for: macOS Mojave Impact: A malicious application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab

CoreGraphics Available for: macOS Mojave Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2021-1847: Xuwei Liu of Purdue University

CoreText Available for: macOS Mojave Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management. CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab

curl Available for: macOS Mojave Impact: A remote attacker may be able to cause a denial of service Description: A buffer overflow was addressed with improved input validation. CVE-2020-8285: xnynx

curl Available for: macOS Mojave Impact: An attacker may provide a fraudulent OCSP response that would appear valid Description: This issue was addressed with improved checks. CVE-2020-8286: an anonymous researcher

DiskArbitration Available for: macOS Mojave Impact: A malicious application may be able to modify protected parts of the file system Description: A permissions issue existed in DiskArbitration. CVE-2021-1784: Csaba Fitzl (@theevilbit) of Offensive Security, an anonymous researcher, and Mikko Kenttälä (@Turmio_) of SensorFu

FontParser Available for: macOS Mojave Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1881: Hou JingYi (@hjy79425575) of Qihoo 360, an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin of Trend Micro

FontParser Available for: macOS Mojave Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-27942: an anonymous researcher

Foundation Available for: macOS Mojave Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2021-1813: Cees Elzinga

ImageIO Available for: macOS Mojave Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1843: Ye Zhang of Baidu Security

Intel Graphics Driver Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1805: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

Intel Graphics Driver Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with additional validation. CVE-2021-1806: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

Intel Graphics Driver Available for: macOS Mojave Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

Kernel Available for: macOS Mojave Impact: A malicious application may be able to disclose kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1851: @0xalsr

Kernel Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

libxpc Available for: macOS Mojave Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2021-30652: James Hutchins

libxslt Available for: macOS Mojave Impact: Processing a maliciously crafted file may lead to heap corruption Description: A double free issue was addressed with improved memory management. CVE-2021-1875: Found by OSS-Fuzz

NSRemoteView Available for: macOS Mojave Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1876: Matthew Denton of Google Chrome

Preferences Available for: macOS Mojave Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

smbx Available for: macOS Mojave Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An integer overflow was addressed with improved input validation. CVE-2021-1878: Aleksandar Nikolic of Cisco Talos (talosintelligence.com)

Tailspin Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1868: Tim Michaud of Zoom Communications

tcpdump Available for: macOS Mojave Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-8037: an anonymous researcher

Time Machine Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved permissions logic. CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc

Wi-Fi Available for: macOS Mojave Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

wifivelocityd Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2020-3838: Dayton Pidhirney (@_watbulb)

Windows Server Available for: macOS Mojave Impact: A malicious application may be able to unexpectedly leak a user's credentials from secure text fields Description: An API issue in Accessibility TCC permissions was addressed with improved state management. CVE-2021-1873: an anonymous researcher

Installation note:

This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO2EACgkQZcsbuWJ6 jjBHBhAAmHYbcREaaxOXQwrb56He+ool1GyXUCGknHRnEO6Ik0nyE/GeUPuv8Y/Q /ywr188mv3ehtjFlXWpHtqwOn0KoNlAlcE+jy9r3QGTxNmBM2z30FeC0wiYYEi7s I5xWkZIcnO1jq2CMGVHHfbLhyLnkWblwWvCOWriCRzbTocEWgEqwrh/uguTVRWB4 oVo8+uHcdiS2gqS0LIMbbvP6SGkfPwVlL8Mr/e96xdditiRbZX01GkAm0l5ezYHt xrs8378fmQK3su4dHrkHpFpTmT3Yib8Jtotat8cgu6lWxLGEFR5kOye4QIjFCl/a UhnR52nlMyYlh4anbqUs7PAh2QDVa3scaRfGTdAogPfaZIAhaaiuj8qXUOsAxEhk rf0TOXmgCDfhuaA08Ys43sgUgunPLOa2+jMT4VspLZxDTkWLDrGFjlM4P5643WrT ITAKLoqq8SOhce6gd3VECvG+EK/fBWrdwzsVDzfxU3yW3kSCKxX25KcRePwJZAAu s1ZZpIZdY7rmi1DwafNSig2dncjUZJy6AhiI5w6cpQzBOQVioU8oac2JDi1X2Rn1 k/D3VQfmYas7HGqUSwx3MUx+yybktm+8Ogo+vtcRKCzUF5t13bwpyAda0mJ62c6L I/ISWomRdC4XX3AQL5EJLzO9slpOBqWsbQb0cULdt+mb4H+nLDE= =NZ77 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0591",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "macos",
        "scope": null,
        "trust": 2.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15"
      },
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.6"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.2.1"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.6"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-201"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-200"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-198"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-197"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1806"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ABC Research s.r.o.",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-201"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-200"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-198"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-197"
      }
    ],
    "trust": 2.8
  },
  "cve": "CVE-2021-1806",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CVE-2021-1806",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "VHN-376466",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.1,
            "id": "CVE-2021-1806",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 2.8,
            "userInteraction": "NONE",
            "vectorString": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.0,
            "id": "CVE-2021-1806",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "ZDI",
            "id": "CVE-2021-1806",
            "trust": 2.8,
            "value": "HIGH"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-1806",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-809",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-376466",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-1806",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-201"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-200"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-198"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-197"
      },
      {
        "db": "VULHUB",
        "id": "VHN-376466"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1806"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-809"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1806"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the AppleIntelKBLGraphics kext. The issue results from the lack of proper locking when performing operations on an object. There is a security vulnerability in the Intel Graphics Driver. Please keep an eye on CNNVD or the manufacturer\u0027s announcement. \n\nThe specific flaw exists within the AppleIntelKBLGraphics kext. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave\n\nSecurity Update 2021-003 Mojave addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212327. \n\nAPFS\nAvailable for: macOS Mojave\nImpact: A local user may be able to read arbitrary files\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1797: Thomas Tempelmann\n\nAudio\nAvailable for: macOS Mojave\nImpact: An application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork\nAvailable for: macOS Mojave\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1857: an anonymous researcher\n\nCoreAudio\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab\n\nCoreGraphics\nAvailable for: macOS Mojave\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1847: Xuwei Liu of Purdue University\n\nCoreText\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab\n\ncurl\nAvailable for: macOS Mojave\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2020-8285: xnynx\n\ncurl\nAvailable for: macOS Mojave\nImpact: An attacker may provide a fraudulent OCSP response that would\nappear valid\nDescription: This issue was addressed with improved checks. \nCVE-2020-8286: an anonymous researcher\n\nDiskArbitration\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: A permissions issue existed in DiskArbitration. \nCVE-2021-1784: Csaba Fitzl (@theevilbit) of Offensive Security, an\nanonymous researcher, and Mikko Kentt\u00e4l\u00e4 (@Turmio_) of SensorFu\n\nFontParser\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1881: Hou JingYi (@hjy79425575) of Qihoo 360, an anonymous\nresearcher, Xingwei Lin of Ant Security Light-Year Lab, and Mickey\nJin of Trend Micro\n\nFontParser\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-27942: an anonymous researcher\n\nFoundation\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to gain root privileges\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-1813: Cees Elzinga\n\nImageIO\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-1843: Ye Zhang of Baidu Security\n\nIntel Graphics Driver\nAvailable for: macOS Mojave\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1805: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nIntel Graphics Driver\nAvailable for: macOS Mojave\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2021-1806: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nIntel Graphics Driver\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nKernel\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to disclose kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1851: @0xalsr\n\nKernel\nAvailable for: macOS Mojave\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nlibxpc\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to gain root privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2021-30652: James Hutchins\n\nlibxslt\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted file may lead to heap\ncorruption\nDescription: A double free issue was addressed with improved memory\nmanagement. \nCVE-2021-1875: Found by OSS-Fuzz\n\nNSRemoteView\nAvailable for: macOS Mojave\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1876: Matthew Denton of Google Chrome\n\nPreferences\nAvailable for: macOS Mojave\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nsmbx\nAvailable for: macOS Mojave\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-1878: Aleksandar Nikolic of Cisco Talos\n(talosintelligence.com)\n\nTailspin\nAvailable for: macOS Mojave\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1868: Tim Michaud of Zoom Communications\n\ntcpdump\nAvailable for: macOS Mojave\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-8037: an anonymous researcher\n\nTime Machine\nAvailable for: macOS Mojave\nImpact: A local attacker may be able to elevate their privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications\nand Gary Nield of ECSC Group plc\n\nWi-Fi\nAvailable for: macOS Mojave\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nwifivelocityd\nAvailable for: macOS Mojave\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2020-3838: Dayton Pidhirney (@_watbulb)\n\nWindows Server\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to unexpectedly leak a\nuser\u0027s credentials from secure text fields\nDescription: An API issue in Accessibility TCC permissions was\naddressed with improved state management. \nCVE-2021-1873: an anonymous researcher\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO2EACgkQZcsbuWJ6\njjBHBhAAmHYbcREaaxOXQwrb56He+ool1GyXUCGknHRnEO6Ik0nyE/GeUPuv8Y/Q\n/ywr188mv3ehtjFlXWpHtqwOn0KoNlAlcE+jy9r3QGTxNmBM2z30FeC0wiYYEi7s\nI5xWkZIcnO1jq2CMGVHHfbLhyLnkWblwWvCOWriCRzbTocEWgEqwrh/uguTVRWB4\noVo8+uHcdiS2gqS0LIMbbvP6SGkfPwVlL8Mr/e96xdditiRbZX01GkAm0l5ezYHt\nxrs8378fmQK3su4dHrkHpFpTmT3Yib8Jtotat8cgu6lWxLGEFR5kOye4QIjFCl/a\nUhnR52nlMyYlh4anbqUs7PAh2QDVa3scaRfGTdAogPfaZIAhaaiuj8qXUOsAxEhk\nrf0TOXmgCDfhuaA08Ys43sgUgunPLOa2+jMT4VspLZxDTkWLDrGFjlM4P5643WrT\nITAKLoqq8SOhce6gd3VECvG+EK/fBWrdwzsVDzfxU3yW3kSCKxX25KcRePwJZAAu\ns1ZZpIZdY7rmi1DwafNSig2dncjUZJy6AhiI5w6cpQzBOQVioU8oac2JDi1X2Rn1\nk/D3VQfmYas7HGqUSwx3MUx+yybktm+8Ogo+vtcRKCzUF5t13bwpyAda0mJ62c6L\nI/ISWomRdC4XX3AQL5EJLzO9slpOBqWsbQb0cULdt+mb4H+nLDE=\n=NZ77\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1806"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-201"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-200"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-198"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-197"
      },
      {
        "db": "VULHUB",
        "id": "VHN-376466"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1806"
      },
      {
        "db": "PACKETSTORM",
        "id": "162362"
      },
      {
        "db": "PACKETSTORM",
        "id": "161398"
      }
    ],
    "trust": 3.78
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-1806",
        "trust": 4.8
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-200",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "162362",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "161398",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-11438",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-201",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-11422",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-11420",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-198",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-11419",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-197",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1417",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0467",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-809",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-376466",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1806",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-201"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-200"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-198"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-197"
      },
      {
        "db": "VULHUB",
        "id": "VHN-376466"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1806"
      },
      {
        "db": "PACKETSTORM",
        "id": "162362"
      },
      {
        "db": "PACKETSTORM",
        "id": "161398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-809"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1806"
      }
    ]
  },
  "id": "VAR-202104-0591",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376466"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:52:06.869000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple has issued an update to correct this vulnerability.",
        "trust": 2.8,
        "url": "https://support.apple.com/HT212177"
      },
      {
        "title": "Apple: macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7ddd0bfc954a0c128a5cda953ad458f8"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-201"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-200"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-198"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-197"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1806"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376466"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1806"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://support.apple.com/ht212177"
      },
      {
        "trust": 2.4,
        "url": "https://support.apple.com/en-us/ht212177"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht212327"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2021/apr/54"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1806"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161398/apple-security-advisory-2021-02-09-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-macos-two-vulnerabilities-34539"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162362/apple-security-advisory-2021-04-26-4.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0467"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1417"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht212327"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1805"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/362.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht212177"
      },
      {
        "trust": 0.1,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-200/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1860"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1857"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1813"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1876"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1739"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1851"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1878"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1828"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1809"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1875"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8037"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1784"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1847"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1843"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27942"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212327."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1811"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1873"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1868"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212177."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3156"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-201"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-200"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-198"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-197"
      },
      {
        "db": "VULHUB",
        "id": "VHN-376466"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1806"
      },
      {
        "db": "PACKETSTORM",
        "id": "162362"
      },
      {
        "db": "PACKETSTORM",
        "id": "161398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-809"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1806"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-21-201"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-200"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-198"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-197"
      },
      {
        "db": "VULHUB",
        "id": "VHN-376466"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1806"
      },
      {
        "db": "PACKETSTORM",
        "id": "162362"
      },
      {
        "db": "PACKETSTORM",
        "id": "161398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-809"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1806"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-201"
      },
      {
        "date": "2021-02-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-200"
      },
      {
        "date": "2021-02-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-198"
      },
      {
        "date": "2021-02-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-197"
      },
      {
        "date": "2021-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-376466"
      },
      {
        "date": "2021-04-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1806"
      },
      {
        "date": "2021-04-28T15:00:23",
        "db": "PACKETSTORM",
        "id": "162362"
      },
      {
        "date": "2021-02-12T17:29:14",
        "db": "PACKETSTORM",
        "id": "161398"
      },
      {
        "date": "2021-02-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-809"
      },
      {
        "date": "2021-04-02T19:15:20.227000",
        "db": "NVD",
        "id": "CVE-2021-1806"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-201"
      },
      {
        "date": "2021-02-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-200"
      },
      {
        "date": "2021-02-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-198"
      },
      {
        "date": "2021-02-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-197"
      },
      {
        "date": "2021-05-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-376466"
      },
      {
        "date": "2021-05-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1806"
      },
      {
        "date": "2021-11-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-809"
      },
      {
        "date": "2024-11-21T05:45:08.857000",
        "db": "NVD",
        "id": "CVE-2021-1806"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-809"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple macOS process_token_BindQueryStoreRegisterToMemoryList Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-200"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-198"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "competition condition problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-809"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2021-AVI-314

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	Safari	Safari versions antérieures à 14.1
Apple	macOS	macOS Mojave sans le correctif de sécurité 2021-003
Apple	N/A	tvOS versions antérieures à 14.5
Apple	macOS	macOS Big Sur versions antérieures à 11.3
Apple	N/A	iTunes versions antérieures à 12.11.3 sur Windows
Apple	N/A	watchOS versions antérieures à 7.4
Apple	N/A	iCloud pour Windows versions antérieures à 12.3
Apple	N/A	iOS et iPadOS versions antérieures à 14.5
Apple	macOS	macOS Catalina sans le correctif de sécurité 2021-002
Apple	N/A	Xcode versions antérieures à 12.5

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT212325 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212327 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212317 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212318 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212324 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212326 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212319 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212323 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212320 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212321 du 26 avril 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 14.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave sans le correctif de s\u00e9curit\u00e9 2021-003",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 14.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.3",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.11.3 sur Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 7.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 12.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 14.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina sans le correctif de s\u00e9curit\u00e9 2021-002",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode versions ant\u00e9rieures \u00e0 12.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-1815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1815"
    },
    {
      "name": "CVE-2021-1835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1835"
    },
    {
      "name": "CVE-2021-1853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1853"
    },
    {
      "name": "CVE-2021-1784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1784"
    },
    {
      "name": "CVE-2020-3838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3838"
    },
    {
      "name": "CVE-2021-1855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1855"
    },
    {
      "name": "CVE-2021-1831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1831"
    },
    {
      "name": "CVE-2021-1839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1839"
    },
    {
      "name": "CVE-2021-1857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1857"
    },
    {
      "name": "CVE-2021-1847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1847"
    },
    {
      "name": "CVE-2021-1877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1877"
    },
    {
      "name": "CVE-2021-1829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1829"
    },
    {
      "name": "CVE-2021-1854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1854"
    },
    {
      "name": "CVE-2021-1861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1861"
    },
    {
      "name": "CVE-2021-1830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1830"
    },
    {
      "name": "CVE-2020-8285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
    },
    {
      "name": "CVE-2021-30657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30657"
    },
    {
      "name": "CVE-2021-1828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1828"
    },
    {
      "name": "CVE-2021-1811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1811"
    },
    {
      "name": "CVE-2021-1844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1844"
    },
    {
      "name": "CVE-2021-1820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1820"
    },
    {
      "name": "CVE-2020-8037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8037"
    },
    {
      "name": "CVE-2021-30655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30655"
    },
    {
      "name": "CVE-2020-8286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
    },
    {
      "name": "CVE-2021-1810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1810"
    },
    {
      "name": "CVE-2021-1880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1880"
    },
    {
      "name": "CVE-2021-1884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1884"
    },
    {
      "name": "CVE-2021-1852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1852"
    },
    {
      "name": "CVE-2021-1813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1813"
    },
    {
      "name": "CVE-2021-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1837"
    },
    {
      "name": "CVE-2021-1875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1875"
    },
    {
      "name": "CVE-2021-1860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1860"
    },
    {
      "name": "CVE-2021-1826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1826"
    },
    {
      "name": "CVE-2021-1797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1797"
    },
    {
      "name": "CVE-2021-1851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1851"
    },
    {
      "name": "CVE-2021-1817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1817"
    },
    {
      "name": "CVE-2021-21300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21300"
    },
    {
      "name": "CVE-2021-1814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1814"
    },
    {
      "name": "CVE-2021-1865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1865"
    },
    {
      "name": "CVE-2021-1825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1825"
    },
    {
      "name": "CVE-2021-1822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1822"
    },
    {
      "name": "CVE-2021-30661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30661"
    },
    {
      "name": "CVE-2021-1872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1872"
    },
    {
      "name": "CVE-2021-1816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1816"
    },
    {
      "name": "CVE-2021-1843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1843"
    },
    {
      "name": "CVE-2021-1868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1868"
    },
    {
      "name": "CVE-2021-30658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30658"
    },
    {
      "name": "CVE-2021-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1836"
    },
    {
      "name": "CVE-2021-1739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1739"
    },
    {
      "name": "CVE-2021-1864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1864"
    },
    {
      "name": "CVE-2021-1840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1840"
    },
    {
      "name": "CVE-2021-1874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1874"
    },
    {
      "name": "CVE-2021-1808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1808"
    },
    {
      "name": "CVE-2021-1832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1832"
    },
    {
      "name": "CVE-2021-1882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1882"
    },
    {
      "name": "CVE-2021-1883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1883"
    },
    {
      "name": "CVE-2021-1881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1881"
    },
    {
      "name": "CVE-2021-1876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1876"
    },
    {
      "name": "CVE-2021-1878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1878"
    },
    {
      "name": "CVE-2021-1809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1809"
    },
    {
      "name": "CVE-2021-30656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30656"
    },
    {
      "name": "CVE-2021-1873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1873"
    },
    {
      "name": "CVE-2021-1846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1846"
    },
    {
      "name": "CVE-2021-1885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1885"
    },
    {
      "name": "CVE-2021-1841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1841"
    },
    {
      "name": "CVE-2021-1740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1740"
    },
    {
      "name": "CVE-2021-30653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30653"
    },
    {
      "name": "CVE-2021-1867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1867"
    },
    {
      "name": "CVE-2021-1806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1806"
    },
    {
      "name": "CVE-2021-1858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1858"
    },
    {
      "name": "CVE-2021-1859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1859"
    },
    {
      "name": "CVE-2021-30660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30660"
    },
    {
      "name": "CVE-2021-30652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30652"
    },
    {
      "name": "CVE-2021-1848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1848"
    },
    {
      "name": "CVE-2020-7463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7463"
    },
    {
      "name": "CVE-2020-27942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27942"
    },
    {
      "name": "CVE-2021-1824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1824"
    },
    {
      "name": "CVE-2021-1834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1834"
    },
    {
      "name": "CVE-2021-1849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1849"
    },
    {
      "name": "CVE-2021-1805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1805"
    },
    {
      "name": "CVE-2021-1807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1807"
    },
    {
      "name": "CVE-2021-30659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30659"
    }
  ],
  "initial_release_date": "2021-04-27T00:00:00",
  "last_revision_date": "2021-04-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-314",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-04-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212325 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212325"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212327 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212327"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212317 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212317"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212318 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212318"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212324 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212324"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212326 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212326"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212319 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212319"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212323 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212323"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212320 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212320"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212321 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212321"
    }
  ]
}

CERTFR-2021-AVI-098

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Apple macOS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS Catalina versions antérieures à 10.15.7
Apple	macOS	macOS Big Sur versions antérieures à 11.2
Apple	macOS	macOS Mojave versions antérieures à 10.14.6

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT212177 du 09 février 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212177 du 09 février 2021	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.7",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave versions ant\u00e9rieures \u00e0 10.14.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-3156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
    },
    {
      "name": "CVE-2021-1806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1806"
    },
    {
      "name": "CVE-2021-1805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1805"
    }
  ],
  "initial_release_date": "2021-02-10T00:00:00",
  "last_revision_date": "2021-02-10T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212177 du 09 f\u00e9vrier 2021",
      "url": "https://support.apple.com/fr-fr/HT212177"
    }
  ],
  "reference": "CERTFR-2021-AVI-098",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple macOS. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\net une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple macOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212177 du 09 f\u00e9vrier 2021",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-1806 (GCVE-0-2021-1806)

Vulnerability from cvelistv5

fkie_cve-2021-1806

Vulnerability from fkie_nvd

gsd-2021-1806

Vulnerability from gsd

ghsa-6j4c-93q9-wrhq

Vulnerability from github

var-202104-0591

Vulnerability from variot

CERTFR-2021-AVI-314

Vulnerability from certfr_avis

Solution

CERTFR-2021-AVI-098

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature