var-202110-1622
Vulnerability from variot
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15 and iPadOS 15. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8
watchOS 8 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212819.
Accessory Manager Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory consumption issue was addressed with improved memory handling. CVE-2021-30837: an anonymous researcher
AppleMobileFileIntegrity Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to read sensitive information Description: This issue was addressed with improved checks. CVE-2021-30811: an anonymous researcher working with Compartir
bootp Available for: Apple Watch Series 3 and later Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2021-30866: Fabien Duchêne of UCLouvain (Belgium) Entry added October 25, 2021
CoreAudio Available for: Apple Watch Series 3 and later Impact: Processing a malicious audio file may result in unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab Entry added October 25, 2021
FaceTime Available for: Apple Watch Series 3 and later Impact: An application with microphone permission may unexpectedly access microphone input during a FaceTime call Description: A logic issue was addressed with improved validation. CVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime Entry added October 25, 2021
FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab Entry added October 25, 2021
FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab Entry added October 25, 2021
FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Foundation Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab Entry added October 25, 2021
ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2021-30835: Ye Zhang of Baidu Security CVE-2021-30847: Mike Zhang of Pangu Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab
libexpat Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1. CVE-2013-0340: an anonymous researcher
Preferences Available for: Apple Watch Series 3 and later Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
Preferences Available for: Apple Watch Series 3 and later Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 25, 2021
WebKit Available for: Apple Watch Series 3 and later Impact: Visiting a maliciously crafted website may reveal a user's browsing history Description: The issue was resolved with additional restrictions on CSS compositing. CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research Entry added October 25, 2021
WebKit Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to bypass HSTS Description: A logic issue was addressed with improved restrictions. CVE-2021-30823: David Gullasch of Recurity Labs Entry added October 25, 2021
WebKit Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs Entry added October 25, 2021
WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30851: Samuel Groß of Google Project Zero
Wi-Fi Available for: Apple Watch Series 3 and later Impact: An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup Description: An authorization issue was addressed with improved state management. CVE-2021-30810: an anonymous researcher
Additional recognition
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge an anonymous researcher for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4h0EACgkQeC9qKD1p rhjcPxAA0x7qg2GycQ0GJb8VqWSNGGbhKVkwocTvEtOKZmebfdCXWnJ6vycp731f Zz5AtfK1S/SIaQbLLTsZUwuVN9AweRvymsuK3EYCPBupi0hA7G0CQudQ9jFfa70+ cfqW2CLrkZB9FiD0Y6hLRaUR/WczdCeFnD87I4XziqM8JVfPi1YMZ3QndLFR+qoR DOH5cVZQg/EYNuynyIUtLpsbtLCzGiYdkuDb1xozgklY8SYLhOsGP4tbU7ACpbRs 7DEU1laGGByyGz8T3/Z9n7x1589lxDk7VSUPflnv0Fq6FYiahAvKOZQDsAjhs1sI YA4QvtjsEjRq/p/rnElrMYd91e/QuOtixFcYY360YP/FPhHGfBHS7dEko5q/6JwG mGrjm/rHMVfsqSzoLZShdDQrRKz76mW0F2bWWggQqka4GxHtDNGPpYYQJLndQqvu W0RxoYFNBFex39na/nqkVjJNAO1GRFoZy1B0PpjgKbwV3Wn4pGgHcj5ToC15oGUJ 078BFgQW4ucEj59d9hWg0di4JEgFFgph5KwO66BY0LUrHdHVpC5GGccxt1aDXC0j i2uJIlofj/mU1PUBZ0vZ1JP2tDGgEmcKzgStCtYS4ZqK01wA6kKWfF0jpsbFGnXe 57sksI5rtKpbiIiZ4/GRhIQTUNRgIOPoy9rUZnbAtWuUKXWZIrw= =mdve -----END PGP SIGNATURE-----
. CVE-2021-30851: Samuel Groß of Google Project Zero
Installation note:
This update may be obtained from the Mac App Store. Apple is aware of a report that this issue may have been actively exploited. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30846: Sergei Glazunov of Google Project Zero Entry added September 20, 2021
Additional recognition
CoreML We would like to acknowledge hjy79425575 working with Trend Micro Zero Day Initiative for their assistance. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. ========================================================================== Ubuntu Security Notice USN-5127-1 November 01, 2021
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description: - webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: libjavascriptcoregtk-4.0-18 2.34.1-0ubuntu0.21.10.1 libwebkit2gtk-4.0-37 2.34.1-0ubuntu0.21.10.1
Ubuntu 21.04: libjavascriptcoregtk-4.0-18 2.34.1-0ubuntu0.21.04.1 libwebkit2gtk-4.0-37 2.34.1-0ubuntu0.21.04.1
Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.34.1-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.34.1-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01
https://security.gentoo.org/
Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
[ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202110-1622", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "34", }, { model: "safari", scope: "lt", trust: 1, vendor: "apple", version: "15.0", }, { model: "ipados", scope: "lt", trust: 1, vendor: "apple", version: "14.8", }, { model: "tvos", scope: "lt", trust: 1, vendor: "apple", version: "15.0", }, { model: "macos", scope: "lt", trust: 1, vendor: "apple", version: "12.0.1", }, { model: "watchos", scope: "lt", trust: 1, vendor: "apple", version: "8.0", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "10.0", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "11.0", }, { model: "iphone os", scope: "lt", trust: 1, vendor: "apple", version: "14.8", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "33", }, { model: "gnu/linux", scope: null, trust: 0.8, vendor: "debian", version: null, }, { model: "tvos", scope: null, trust: 0.8, vendor: "アップル", version: null, }, { model: "ios", scope: null, trust: 0.8, vendor: "アップル", version: null, }, { model: "ipados", scope: null, trust: 0.8, vendor: "アップル", version: null, }, { model: "safari", scope: null, trust: 0.8, vendor: "アップル", version: null, }, { model: "watchos", scope: null, trust: 0.8, vendor: "アップル", version: null, }, { model: "fedora", scope: null, trust: 0.8, vendor: "fedora", version: null, }, { model: "macos", scope: null, trust: 0.8, vendor: "アップル", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-013862", }, { db: "NVD", id: "CVE-2021-30846", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apple", sources: [ { db: "PACKETSTORM", id: "164693", }, { db: "PACKETSTORM", id: "164692", }, { db: "PACKETSTORM", id: "164688", }, { db: "PACKETSTORM", id: "164242", }, { db: "PACKETSTORM", id: "164234", }, ], trust: 0.5, }, cve: "CVE-2021-30846", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2021-30846", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.8, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "VHN-390579", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2021-30846", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-30846", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-30846", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-30846", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202109-1272", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-390579", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-390579", }, { db: "JVNDB", id: "JVNDB-2021-013862", }, { db: "CNNVD", id: "CNNVD-202109-1272", }, { db: "NVD", id: "CVE-2021-30846", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15 and iPadOS 15. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-10-26-10 Additional information for\nAPPLE-SA-2021-09-20-2 watchOS 8\n\nwatchOS 8 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212819. \n\nAccessory Manager\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2021-30837: an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Apple Watch Series 3 and later\nImpact: A local attacker may be able to read sensitive information\nDescription: This issue was addressed with improved checks. \nCVE-2021-30811: an anonymous researcher working with Compartir\n\nbootp\nAvailable for: Apple Watch Series 3 and later\nImpact: A device may be passively tracked by its WiFi MAC address\nDescription: A user privacy issue was addressed by removing the\nbroadcast MAC address. \nCVE-2021-30866: Fabien Duchêne of UCLouvain (Belgium)\nEntry added October 25, 2021\n\nCoreAudio\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a malicious audio file may result in unexpected\napplication termination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab\nEntry added October 25, 2021\n\nFaceTime\nAvailable for: Apple Watch Series 3 and later\nImpact: An application with microphone permission may unexpectedly\naccess microphone input during a FaceTime call\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime\nEntry added October 25, 2021\n\nFontParser\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab\nEntry added October 25, 2021\n\nFontParser\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab\nEntry added October 25, 2021\n\nFontParser\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab\n\nFoundation\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab\nEntry added October 25, 2021\n\nImageIO\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2021-30835: Ye Zhang of Baidu Security\nCVE-2021-30847: Mike Zhang of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30857: Zweig of Kunlun Lab\n\nlibexpat\nAvailable for: Apple Watch Series 3 and later\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed by updating expat to version\n2.4.1. \nCVE-2013-0340: an anonymous researcher\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to access restricted files\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed with improved checks. \nCVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 25, 2021\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Visiting a maliciously crafted website may reveal a user's\nbrowsing history\nDescription: The issue was resolved with additional restrictions on\nCSS compositing. \nCVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research\nEntry added October 25, 2021\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in a privileged network position may be able to\nbypass HSTS\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30823: David Gullasch of Recurity Labs\nEntry added October 25, 2021\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted audio file may disclose\nrestricted memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs\nEntry added October 25, 2021\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30851: Samuel Groß of Google Project Zero\n\nWi-Fi\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in physical proximity may be able to force a user\nonto a malicious Wi-Fi network during device setup\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2021-30810: an anonymous researcher\n\nAdditional recognition\n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch > General > About\". \n\nAlternatively, on your watch, select \"My Watch > General > About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4h0EACgkQeC9qKD1p\nrhjcPxAA0x7qg2GycQ0GJb8VqWSNGGbhKVkwocTvEtOKZmebfdCXWnJ6vycp731f\nZz5AtfK1S/SIaQbLLTsZUwuVN9AweRvymsuK3EYCPBupi0hA7G0CQudQ9jFfa70+\ncfqW2CLrkZB9FiD0Y6hLRaUR/WczdCeFnD87I4XziqM8JVfPi1YMZ3QndLFR+qoR\nDOH5cVZQg/EYNuynyIUtLpsbtLCzGiYdkuDb1xozgklY8SYLhOsGP4tbU7ACpbRs\n7DEU1laGGByyGz8T3/Z9n7x1589lxDk7VSUPflnv0Fq6FYiahAvKOZQDsAjhs1sI\nYA4QvtjsEjRq/p/rnElrMYd91e/QuOtixFcYY360YP/FPhHGfBHS7dEko5q/6JwG\nmGrjm/rHMVfsqSzoLZShdDQrRKz76mW0F2bWWggQqka4GxHtDNGPpYYQJLndQqvu\nW0RxoYFNBFex39na/nqkVjJNAO1GRFoZy1B0PpjgKbwV3Wn4pGgHcj5ToC15oGUJ\n078BFgQW4ucEj59d9hWg0di4JEgFFgph5KwO66BY0LUrHdHVpC5GGccxt1aDXC0j\ni2uJIlofj/mU1PUBZ0vZ1JP2tDGgEmcKzgStCtYS4ZqK01wA6kKWfF0jpsbFGnXe\n57sksI5rtKpbiIiZ4/GRhIQTUNRgIOPoy9rUZnbAtWuUKXWZIrw=\n=mdve\n-----END PGP SIGNATURE-----\n\n\n. \nCVE-2021-30851: Samuel Groß of Google Project Zero\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store. Apple is aware of a report that this issue may have\nbeen actively exploited. Apple is aware of a report that this issue\nmay have been actively exploited. \nCVE-2021-30846: Sergei Glazunov of Google Project Zero\nEntry added September 20, 2021\n\nAdditional recognition\n\nCoreML\nWe would like to acknowledge hjy79425575 working with Trend Micro\nZero Day Initiative for their assistance. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple's update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don't Install\nwill present the option the next time you connect your iOS device. \nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. ==========================================================================\nUbuntu Security Notice USN-5127-1\nNovember 01, 2021\n\nwebkit2gtk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK. \n\nSoftware Description:\n- webkit2gtk: Web content engine library for GTK+\n\nDetails:\n\nA large number of security issues were discovered in the WebKitGTK Web and\nJavaScript engines. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n libjavascriptcoregtk-4.0-18 2.34.1-0ubuntu0.21.10.1\n libwebkit2gtk-4.0-37 2.34.1-0ubuntu0.21.10.1\n\nUbuntu 21.04:\n libjavascriptcoregtk-4.0-18 2.34.1-0ubuntu0.21.04.1\n libwebkit2gtk-4.0-37 2.34.1-0ubuntu0.21.04.1\n\nUbuntu 20.04 LTS:\n libjavascriptcoregtk-4.0-18 2.34.1-0ubuntu0.20.04.1\n libwebkit2gtk-4.0-37 2.34.1-0ubuntu0.20.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK, such as Epiphany, to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202202-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: February 01, 2022\n Bugs: #779175, #801400, #813489, #819522, #820434, #829723,\n #831739\n ID: 202202-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nBackground\n=========\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from hybrid\nHTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.34.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30848\n https://nvd.nist.gov/vuln/detail/CVE-2021-30848\n[ 2 ] CVE-2021-30888\n https://nvd.nist.gov/vuln/detail/CVE-2021-30888\n[ 3 ] CVE-2021-30682\n https://nvd.nist.gov/vuln/detail/CVE-2021-30682\n[ 4 ] CVE-2021-30889\n https://nvd.nist.gov/vuln/detail/CVE-2021-30889\n[ 5 ] CVE-2021-30666\n https://nvd.nist.gov/vuln/detail/CVE-2021-30666\n[ 6 ] CVE-2021-30665\n https://nvd.nist.gov/vuln/detail/CVE-2021-30665\n[ 7 ] CVE-2021-30890\n https://nvd.nist.gov/vuln/detail/CVE-2021-30890\n[ 8 ] CVE-2021-30661\n https://nvd.nist.gov/vuln/detail/CVE-2021-30661\n[ 9 ] WSA-2021-0005\n https://webkitgtk.org/security/WSA-2021-0005.html\n[ 10 ] CVE-2021-30761\n https://nvd.nist.gov/vuln/detail/CVE-2021-30761\n[ 11 ] CVE-2021-30897\n https://nvd.nist.gov/vuln/detail/CVE-2021-30897\n[ 12 ] CVE-2021-30823\n https://nvd.nist.gov/vuln/detail/CVE-2021-30823\n[ 13 ] CVE-2021-30734\n https://nvd.nist.gov/vuln/detail/CVE-2021-30734\n[ 14 ] CVE-2021-30934\n https://nvd.nist.gov/vuln/detail/CVE-2021-30934\n[ 15 ] CVE-2021-1871\n https://nvd.nist.gov/vuln/detail/CVE-2021-1871\n[ 16 ] CVE-2021-30762\n https://nvd.nist.gov/vuln/detail/CVE-2021-30762\n[ 17 ] WSA-2021-0006\n https://webkitgtk.org/security/WSA-2021-0006.html\n[ 18 ] CVE-2021-30797\n https://nvd.nist.gov/vuln/detail/CVE-2021-30797\n[ 19 ] CVE-2021-30936\n https://nvd.nist.gov/vuln/detail/CVE-2021-30936\n[ 20 ] CVE-2021-30663\n https://nvd.nist.gov/vuln/detail/CVE-2021-30663\n[ 21 ] CVE-2021-1825\n https://nvd.nist.gov/vuln/detail/CVE-2021-1825\n[ 22 ] CVE-2021-30951\n https://nvd.nist.gov/vuln/detail/CVE-2021-30951\n[ 23 ] CVE-2021-30952\n https://nvd.nist.gov/vuln/detail/CVE-2021-30952\n[ 24 ] CVE-2021-1788\n https://nvd.nist.gov/vuln/detail/CVE-2021-1788\n[ 25 ] CVE-2021-1820\n https://nvd.nist.gov/vuln/detail/CVE-2021-1820\n[ 26 ] CVE-2021-30953\n https://nvd.nist.gov/vuln/detail/CVE-2021-30953\n[ 27 ] CVE-2021-30749\n https://nvd.nist.gov/vuln/detail/CVE-2021-30749\n[ 28 ] CVE-2021-30849\n https://nvd.nist.gov/vuln/detail/CVE-2021-30849\n[ 29 ] CVE-2021-1826\n https://nvd.nist.gov/vuln/detail/CVE-2021-1826\n[ 30 ] CVE-2021-30836\n https://nvd.nist.gov/vuln/detail/CVE-2021-30836\n[ 31 ] CVE-2021-30954\n https://nvd.nist.gov/vuln/detail/CVE-2021-30954\n[ 32 ] CVE-2021-30984\n https://nvd.nist.gov/vuln/detail/CVE-2021-30984\n[ 33 ] CVE-2021-30851\n https://nvd.nist.gov/vuln/detail/CVE-2021-30851\n[ 34 ] CVE-2021-30758\n https://nvd.nist.gov/vuln/detail/CVE-2021-30758\n[ 35 ] CVE-2021-42762\n https://nvd.nist.gov/vuln/detail/CVE-2021-42762\n[ 36 ] CVE-2021-1844\n https://nvd.nist.gov/vuln/detail/CVE-2021-1844\n[ 37 ] CVE-2021-30689\n https://nvd.nist.gov/vuln/detail/CVE-2021-30689\n[ 38 ] CVE-2021-45482\n https://nvd.nist.gov/vuln/detail/CVE-2021-45482\n[ 39 ] CVE-2021-30858\n https://nvd.nist.gov/vuln/detail/CVE-2021-30858\n[ 40 ] CVE-2021-21779\n https://nvd.nist.gov/vuln/detail/CVE-2021-21779\n[ 41 ] WSA-2021-0004\n https://webkitgtk.org/security/WSA-2021-0004.html\n[ 42 ] CVE-2021-30846\n https://nvd.nist.gov/vuln/detail/CVE-2021-30846\n[ 43 ] CVE-2021-30744\n https://nvd.nist.gov/vuln/detail/CVE-2021-30744\n[ 44 ] CVE-2021-30809\n https://nvd.nist.gov/vuln/detail/CVE-2021-30809\n[ 45 ] CVE-2021-30884\n https://nvd.nist.gov/vuln/detail/CVE-2021-30884\n[ 46 ] CVE-2021-30720\n https://nvd.nist.gov/vuln/detail/CVE-2021-30720\n[ 47 ] CVE-2021-30799\n https://nvd.nist.gov/vuln/detail/CVE-2021-30799\n[ 48 ] CVE-2021-30795\n https://nvd.nist.gov/vuln/detail/CVE-2021-30795\n[ 49 ] CVE-2021-1817\n https://nvd.nist.gov/vuln/detail/CVE-2021-1817\n[ 50 ] CVE-2021-21775\n https://nvd.nist.gov/vuln/detail/CVE-2021-21775\n[ 51 ] CVE-2021-30887\n https://nvd.nist.gov/vuln/detail/CVE-2021-30887\n[ 52 ] CVE-2021-21806\n https://nvd.nist.gov/vuln/detail/CVE-2021-21806\n[ 53 ] CVE-2021-30818\n https://nvd.nist.gov/vuln/detail/CVE-2021-30818\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202202-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n", sources: [ { db: "NVD", id: "CVE-2021-30846", }, { db: "JVNDB", id: "JVNDB-2021-013862", }, { db: "VULHUB", id: "VHN-390579", }, { db: "VULMON", id: "CVE-2021-30846", }, { db: "PACKETSTORM", id: "164693", }, { db: "PACKETSTORM", id: "164692", }, { db: "PACKETSTORM", id: "164688", }, { db: "PACKETSTORM", id: "164242", }, { db: "PACKETSTORM", id: "164234", }, { db: "PACKETSTORM", id: "164736", }, { db: "PACKETSTORM", id: "165794", }, ], trust: 2.43, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://www.scap.org.cn/vuln/vhn-390579", trust: 0.1, type: "unknown", }, ], sources: [ { db: "VULHUB", id: "VHN-390579", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-30846", trust: 4.1, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/10/27/4", trust: 1.7, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/10/27/2", trust: 1.7, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/10/26/9", trust: 1.7, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/10/27/1", trust: 1.7, }, { db: "PACKETSTORM", id: "164736", trust: 0.8, }, { db: "PACKETSTORM", id: "164692", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-013862", trust: 0.8, }, { db: "PACKETSTORM", id: "167037", trust: 0.7, }, { db: "PACKETSTORM", id: "164242", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2021.4084", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.3631", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.3996", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.3159.2", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.3641", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2022.0382", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.3578", trust: 0.6, }, { db: "PACKETSTORM", id: "164516", trust: 0.6, }, { db: "CS-HELP", id: "SB2021092024", trust: 0.6, }, { db: "CS-HELP", id: "SB2022051140", trust: 0.6, }, { db: "CS-HELP", id: "SB2021110113", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202109-1272", trust: 0.6, }, { db: "PACKETSTORM", id: "164693", trust: 0.2, }, { db: "PACKETSTORM", id: "164688", trust: 0.2, }, { db: "PACKETSTORM", id: "164689", trust: 0.1, }, { db: "VULHUB", id: "VHN-390579", trust: 0.1, }, { db: "VULMON", id: "CVE-2021-30846", trust: 0.1, }, { db: "PACKETSTORM", id: "164234", trust: 0.1, }, { db: "PACKETSTORM", id: "165794", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-390579", }, { db: "VULMON", id: "CVE-2021-30846", }, { db: "JVNDB", id: "JVNDB-2021-013862", }, { db: "PACKETSTORM", id: "164693", }, { db: "PACKETSTORM", id: "164692", }, { db: "PACKETSTORM", id: "164688", }, { db: "PACKETSTORM", id: "164242", }, { db: "PACKETSTORM", id: "164234", }, { db: "PACKETSTORM", id: "164736", }, { db: "PACKETSTORM", id: "165794", }, { db: "CNNVD", id: "CNNVD-202109-1272", }, { db: "NVD", id: "CVE-2021-30846", }, ], }, id: "VAR-202110-1622", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-390579", }, ], trust: 0.01, }, last_update_date: "2024-11-29T19:57:26.337000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "HT212819 Apple Security update", trust: 0.8, url: "https://www.debian.org/security/2021/dsa-4995", }, { title: "Multiple Apple Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166477", }, { title: "Apple: iOS 15 and iPadOS 15", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f34e9bd3d1b055a84fc033981719f5fb", }, ], sources: [ { db: "VULMON", id: "CVE-2021-30846", }, { db: "JVNDB", id: "JVNDB-2021-013862", }, { db: "CNNVD", id: "CNNVD-202109-1272", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-390579", }, { db: "JVNDB", id: "JVNDB-2021-013862", }, { db: "NVD", id: "CVE-2021-30846", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "http://seclists.org/fulldisclosure/2021/oct/62", }, { trust: 2.5, url: "http://seclists.org/fulldisclosure/2021/oct/63", }, { trust: 2.5, url: "http://seclists.org/fulldisclosure/2021/oct/60", }, { trust: 2.5, url: "http://seclists.org/fulldisclosure/2021/oct/61", }, { trust: 2.3, url: "https://support.apple.com/en-us/ht212815", }, { trust: 2.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30846", }, { trust: 1.7, url: "https://support.apple.com/kb/ht212869", }, { trust: 1.7, url: "https://www.debian.org/security/2021/dsa-4995", }, { trust: 1.7, url: "https://www.debian.org/security/2021/dsa-4996", }, { trust: 1.7, url: "https://support.apple.com/en-us/ht212807", }, { trust: 1.7, url: "https://support.apple.com/en-us/ht212814", }, { trust: 1.7, url: "https://support.apple.com/en-us/ht212816", }, { trust: 1.7, url: "https://support.apple.com/en-us/ht212819", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2021/10/26/9", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2021/10/27/1", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2021/10/27/2", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2021/10/27/4", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/h6mgxcx7p5ahwoq6irt477ukt7is4dad/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/on5sdvvpvpcagfpw2ghyatzvzylpw2l4/", }, { trust: 0.7, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/on5sdvvpvpcagfpw2ghyatzvzylpw2l4/", }, { trust: 0.7, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/h6mgxcx7p5ahwoq6irt477ukt7is4dad/", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30849", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021110113", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/164242/apple-security-advisory-2021-09-20-6.html", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.3159.2", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.0382", }, { trust: 0.6, url: "https://access.redhat.com/security/cve/cve-2021-30846", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021092024", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/webkitgtk-wpe-webkit-multiple-vulnerabilities-36750", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/167037/red-hat-security-advisory-2022-1777-01.html", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/164516/webkit-pointercapturecontroller-processpendingpointercapture-heap-use-after-free.html", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.3996", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.3578", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022051140", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.3631", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/164736/ubuntu-security-notice-usn-5127-1.html", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.3641", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.4084", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/164692/apple-security-advisory-2021-10-26-10.html", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-36461", }, { trust: 0.5, url: "https://support.apple.com/kb/ht201222", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30851", }, { trust: 0.5, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2013-0340", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30841", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30843", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30818", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30809", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30857", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30823", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30842", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30854", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30837", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30810", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30847", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30836", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30835", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30855", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30848", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30852", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30808", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30884", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30834", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30831", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30866", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30814", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30840", }, { trust: 0.2, url: "https://support.apple.com/kb/ht204641", }, { trust: 0.2, url: "https://support.apple.com/ht212819.", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30811", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30858", }, { trust: 0.1, url: "http://seclists.org/fulldisclosure/2021/sep/37", }, { trust: 0.1, url: "https://support.apple.com/kb/ht212814", }, { trust: 0.1, url: "https://support.apple.com/ht212815.", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30850", }, { trust: 0.1, url: "https://support.apple.com/ht212816.", }, { trust: 0.1, url: "https://www.apple.com/itunes/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30820", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30859", }, { trust: 0.1, url: "https://support.apple.com/ht212807.", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30860", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.1-0ubuntu0.21.04.1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.1-0ubuntu0.21.10.1", }, { trust: 0.1, url: "https://ubuntu.com/security/notices/usn-5127-1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.1-0ubuntu0.20.04.1", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-1844", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30984", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30744", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30953", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-1820", }, { trust: 0.1, url: "https://security.gentoo.org/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30952", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30887", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30762", }, { trust: 0.1, url: "https://webkitgtk.org/security/wsa-2021-0005.html", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30682", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30897", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30936", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30663", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30954", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30890", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-1817", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-42762", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30758", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30799", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-21779", }, { trust: 0.1, url: "https://security.gentoo.org/glsa/202202-01", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-45482", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-1871", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30665", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30795", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-1825", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30661", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30666", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30734", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30797", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-21775", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-1826", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30749", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30689", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30951", }, { trust: 0.1, url: "https://webkitgtk.org/security/wsa-2021-0004.html", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30889", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30761", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30888", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30934", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30720", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-1788", }, { trust: 0.1, url: "https://creativecommons.org/licenses/by-sa/2.5", }, { trust: 0.1, url: "https://webkitgtk.org/security/wsa-2021-0006.html", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-21806", }, { trust: 0.1, url: "https://bugs.gentoo.org.", }, ], sources: [ { db: "VULHUB", id: "VHN-390579", }, { db: "VULMON", id: "CVE-2021-30846", }, { db: "JVNDB", id: "JVNDB-2021-013862", }, { db: "PACKETSTORM", id: "164693", }, { db: "PACKETSTORM", id: "164692", }, { db: "PACKETSTORM", id: "164688", }, { db: "PACKETSTORM", id: "164242", }, { db: "PACKETSTORM", id: "164234", }, { db: "PACKETSTORM", id: "164736", }, { db: "PACKETSTORM", id: "165794", }, { db: "CNNVD", id: "CNNVD-202109-1272", }, { db: "NVD", id: "CVE-2021-30846", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-390579", }, { db: "VULMON", id: "CVE-2021-30846", }, { db: "JVNDB", id: "JVNDB-2021-013862", }, { db: "PACKETSTORM", id: "164693", }, { db: "PACKETSTORM", id: "164692", }, { db: "PACKETSTORM", id: "164688", }, { db: "PACKETSTORM", id: "164242", }, { db: "PACKETSTORM", id: "164234", }, { db: "PACKETSTORM", id: "164736", }, { db: "PACKETSTORM", id: "165794", }, { db: "CNNVD", id: "CNNVD-202109-1272", }, { db: "NVD", id: "CVE-2021-30846", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-10-19T00:00:00", db: "VULHUB", id: "VHN-390579", }, { date: "2022-09-29T00:00:00", db: "JVNDB", id: "JVNDB-2021-013862", }, { date: "2021-10-28T14:58:57", db: "PACKETSTORM", id: "164693", }, { date: "2021-10-28T14:58:43", db: "PACKETSTORM", id: "164692", }, { date: "2021-10-28T14:55:07", db: "PACKETSTORM", id: "164688", }, { date: "2021-09-22T16:30:10", db: "PACKETSTORM", id: "164242", }, { date: "2021-09-22T16:22:32", db: "PACKETSTORM", id: "164234", }, { date: "2021-11-02T15:22:56", db: "PACKETSTORM", id: "164736", }, { date: "2022-02-01T17:03:05", db: "PACKETSTORM", id: "165794", }, { date: "2021-09-20T00:00:00", db: "CNNVD", id: "CNNVD-202109-1272", }, { date: "2021-10-19T14:15:09.617000", db: "NVD", id: "CVE-2021-30846", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-11-23T00:00:00", db: "VULHUB", id: "VHN-390579", }, { date: "2022-09-29T02:23:00", db: "JVNDB", id: "JVNDB-2021-013862", }, { date: "2022-05-12T00:00:00", db: "CNNVD", id: "CNNVD-202109-1272", }, { date: "2023-11-07T03:33:31.383000", db: "NVD", id: "CVE-2021-30846", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202109-1272", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural Apple Out-of-bounds write vulnerabilities in the product", sources: [ { db: "JVNDB", id: "JVNDB-2021-013862", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202109-1272", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
This schema specifies the format of a comment related to a security advisory.
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.