Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-1765 (GCVE-0-2021-1765)
Vulnerability from cvelistv5 – Published: 2021-04-02 17:54 – Updated: 2024-08-03 16:25
VLAI?
EPSS
Summary
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.
Severity ?
No CVSS data available.
CWE
- Maliciously crafted web content may violate iframe sandboxing policy
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:25:05.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"name": "FEDORA-2021-864dc37032",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"name": "FEDORA-2021-619711d709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"
},
{
"name": "GLSA-202104-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202104-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Maliciously crafted web content may violate iframe sandboxing policy",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-01T01:06:27.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"name": "FEDORA-2021-864dc37032",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"name": "FEDORA-2021-619711d709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"
},
{
"name": "GLSA-202104-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202104-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-1765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Maliciously crafted web content may violate iframe sandboxing policy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212147",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212147"
},
{
"name": "FEDORA-2021-864dc37032",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"name": "FEDORA-2021-619711d709",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"
},
{
"name": "GLSA-202104-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202104-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2021-1765",
"datePublished": "2021-04-02T17:54:07.000Z",
"dateReserved": "2020-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:25:05.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2021-AVI-072
Vulnerability from certfr_avis - Published: 2021-02-02 - Updated: 2021-02-02
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Catalina sans le correctif de s\u00e9curit\u00e9 2021-001",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 14.0.3",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Mojave sans le correctif de s\u00e9curit\u00e9 2021-001",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1778",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1778"
},
{
"name": "CVE-2021-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1789"
},
{
"name": "CVE-2021-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1762"
},
{
"name": "CVE-2021-1773",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1773"
},
{
"name": "CVE-2021-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1761"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2021-1775",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1775"
},
{
"name": "CVE-2020-27937",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27937"
},
{
"name": "CVE-2021-1738",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1738"
},
{
"name": "CVE-2021-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1777"
},
{
"name": "CVE-2021-1787",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1787"
},
{
"name": "CVE-2021-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1766"
},
{
"name": "CVE-2021-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1745"
},
{
"name": "CVE-2021-1736",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1736"
},
{
"name": "CVE-2021-1764",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1764"
},
{
"name": "CVE-2021-1743",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1743"
},
{
"name": "CVE-2021-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1786"
},
{
"name": "CVE-2021-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1788"
},
{
"name": "CVE-2021-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1737"
},
{
"name": "CVE-2021-1792",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1792"
},
{
"name": "CVE-2020-29614",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29614"
},
{
"name": "CVE-2021-1785",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1785"
},
{
"name": "CVE-2021-1818",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1818"
},
{
"name": "CVE-2021-1782",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1782"
},
{
"name": "CVE-2021-1793",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1793"
},
{
"name": "CVE-2020-29633",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29633"
},
{
"name": "CVE-2021-1751",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1751"
},
{
"name": "CVE-2021-1797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1797"
},
{
"name": "CVE-2020-29608",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29608"
},
{
"name": "CVE-2021-1791",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1791"
},
{
"name": "CVE-2021-1871",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1871"
},
{
"name": "CVE-2021-1801",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1801"
},
{
"name": "CVE-2021-1783",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1783"
},
{
"name": "CVE-2021-1870",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1870"
},
{
"name": "CVE-2020-27938",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27938"
},
{
"name": "CVE-2021-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1767"
},
{
"name": "CVE-2021-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1771"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2021-1802",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1802"
},
{
"name": "CVE-2021-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1747"
},
{
"name": "CVE-2021-1790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1790"
},
{
"name": "CVE-2021-1765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1765"
},
{
"name": "CVE-2021-1799",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1799"
},
{
"name": "CVE-2021-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1746"
},
{
"name": "CVE-2021-1754",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1754"
},
{
"name": "CVE-2021-1772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1772"
},
{
"name": "CVE-2021-1776",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1776"
},
{
"name": "CVE-2021-1753",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1753"
},
{
"name": "CVE-2021-1741",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1741"
},
{
"name": "CVE-2021-1750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1750"
},
{
"name": "CVE-2021-1744",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1744"
},
{
"name": "CVE-2021-1742",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1742"
},
{
"name": "CVE-2021-1760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1760"
},
{
"name": "CVE-2020-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27904"
},
{
"name": "CVE-2021-1757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1757"
},
{
"name": "CVE-2020-25709",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25709"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2021-1768",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1768"
},
{
"name": "CVE-2021-1774",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1774"
},
{
"name": "CVE-2021-1769",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1769"
},
{
"name": "CVE-2021-1759",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1759"
},
{
"name": "CVE-2021-1763",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1763"
},
{
"name": "CVE-2021-1779",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1779"
},
{
"name": "CVE-2021-1758",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1758"
},
{
"name": "CVE-2020-27945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27945"
}
],
"initial_release_date": "2021-02-02T00:00:00",
"last_revision_date": "2021-02-02T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-072",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212152 du 01 f\u00e9vrier 2021",
"url": "https://support.apple.com/fr-fr/HT212152"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212147 du 01 f\u00e9vrier 2021",
"url": "https://support.apple.com/fr-fr/HT212147"
}
]
}
GSD-2021-1765
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-1765",
"description": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.",
"id": "GSD-2021-1765",
"references": [
"https://www.suse.com/security/cve/CVE-2021-1765.html",
"https://www.debian.org/security/2021/dsa-4877",
"https://access.redhat.com/errata/RHSA-2021:4381",
"https://ubuntu.com/security/CVE-2021-1765",
"https://advisories.mageia.org/CVE-2021-1765.html",
"https://security.archlinux.org/CVE-2021-1765",
"https://linux.oracle.com/cve/CVE-2021-1765.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-1765"
],
"details": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.",
"id": "GSD-2021-1765",
"modified": "2023-12-13T01:23:22.376557Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-1765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Maliciously crafted web content may violate iframe sandboxing policy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212147",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212147"
},
{
"name": "FEDORA-2021-864dc37032",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"name": "FEDORA-2021-619711d709",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"
},
{
"name": "GLSA-202104-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202104-03"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.14.6",
"versionStartIncluding": "10.14",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.15.7",
"versionStartIncluding": "10.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2",
"versionStartIncluding": "11.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.30.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-1765"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212147",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"name": "FEDORA-2021-864dc37032",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"name": "FEDORA-2021-619711d709",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"
},
{
"name": "GLSA-202104-03",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202104-03"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-06-02T13:17Z",
"publishedDate": "2021-04-02T18:15Z"
}
}
}
GHSA-872W-FG9Q-JGJX
Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-05-24 17:46
VLAI?
Details
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.
{
"affected": [],
"aliases": [
"CVE-2021-1765"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-02T18:15:00Z",
"severity": "MODERATE"
},
"details": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.",
"id": "GHSA-872w-fg9q-jgjx",
"modified": "2022-05-24T17:46:18Z",
"published": "2022-05-24T17:46:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1765"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202104-03"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212147"
}
],
"schema_version": "1.4.0",
"severity": []
}
FKIE_CVE-2021-1765
Vulnerability from fkie_nvd - Published: 2021-04-02 18:15 - Updated: 2024-11-21 05:45
Severity ?
Summary
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | macos | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| webkitgtk | webkitgtk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE2B03F-94EE-4E32-B366-FE31A7031403",
"versionEndExcluding": "10.14.6",
"versionStartIncluding": "10.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8A73F8-3074-4B32-B9F6-343B6B1988C5",
"versionEndExcluding": "10.15.7",
"versionStartIncluding": "10.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
"matchCriteriaId": "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
"matchCriteriaId": "A369D48B-6A0A-47AE-9513-D5E2E6F30931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
"matchCriteriaId": "510F8317-94DA-498E-927A-83D5F41AF54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
"matchCriteriaId": "0D5D1970-6D2A-42CA-A203-42023D71730D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
"matchCriteriaId": "C68AE52B-5139-40A4-AE9A-E752DBF07D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
"matchCriteriaId": "0FD3467D-7679-479F-9C0B-A93F7CD0929D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
"matchCriteriaId": "D4C6098E-EDBD-4A85-8282-B2E9D9333872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
"matchCriteriaId": "518BB47B-DD76-4E8C-9F10-7EBC1E146191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
"matchCriteriaId": "63940A55-D851-46EB-9668-D82BEFC1FE95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
"matchCriteriaId": "68C7A97A-3801-44FA-96CA-10298FA39883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
"matchCriteriaId": "6D69914D-46C7-4A0E-A075-C863C1692D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
"matchCriteriaId": "9CDB4476-B521-43E4-A129-8718A8E0A8CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*",
"matchCriteriaId": "2C88BD98-46F5-447F-963A-FB9B167E31BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*",
"matchCriteriaId": "C7A0615B-D958-4BBF-B53F-AA839A0FE845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
"matchCriteriaId": "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
"matchCriteriaId": "C1C795B9-E58D-467C-83A8-2D45C792292F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0973F4-D921-4060-9384-43D176F26967",
"versionEndExcluding": "11.2",
"versionStartIncluding": "11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77FB95B4-8279-4DB9-B98F-DCFB2A212668",
"versionEndExcluding": "2.30.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy."
},
{
"lang": "es",
"value": "Este problema es abordado con una aplicaci\u00f3n del sandbox de iframe mejorada.\u0026#xa0;Este problema es corregido en macOS Big Sur versi\u00f3n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave.\u0026#xa0;El contenido web dise\u00f1ado maliciosamente puede violar la pol\u00edtica de sandboxing de iframe."
}
],
"id": "CVE-2021-1765",
"lastModified": "2024-11-21T05:45:03.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-02T18:15:20.387",
"references": [
{
"source": "product-security@apple.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"
},
{
"source": "product-security@apple.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202104-03"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202104-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212147"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-1765
Vulnerability from osv_almalinux
Published
2021-11-09 09:15
Modified
2021-11-12 10:21
Summary
Moderate: GNOME security, bug fix, and enhancement update
Details
GNOME is the default desktop environment of AlmaLinux.
The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300)
Security Fix(es):
-
webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)
-
LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)
-
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918)
-
webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)
-
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788)
-
webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)
-
webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)
-
webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)
-
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)
-
webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870)
-
webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871)
-
webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)
-
webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)
-
webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)
-
webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)
-
webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)
-
webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)
-
webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)
-
webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)
-
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734)
-
webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)
-
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749)
-
webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)
-
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795)
-
webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)
-
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799)
-
webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)
-
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241)
-
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "LibRaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.19.5-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "LibRaw-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.19.5-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "accountsservice"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.55-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "accountsservice-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.55-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "accountsservice-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.55-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gdm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:40.0-15.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-autoar"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.3-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-calculator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-classic-session"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-control-center"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.2-28.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-control-center-filesystem"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.2-28.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-online-accounts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-online-accounts-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-session"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.1-13.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-session-kiosk-session"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.1-13.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-session-wayland-session"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.1-13.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-session-xsession"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.1-13.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-settings-daemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.0-16.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.2-40.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-apps-menu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-auto-move-windows"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-dash-to-dock"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-desktop-icons"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-disable-screenshield"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-drive-menu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-gesture-inhibitor"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-horizontal-workspaces"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-launch-new-instance"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-native-window-placement"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-no-hot-corner"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-panel-favorites"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-places-menu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-screenshot-window-sizer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-systemMonitor"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-top-icons"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-updates-dialog"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-user-theme"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-window-grouper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-window-list"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-windowsNavigator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-workspace-indicator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-software"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.36.1-10.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-software-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.36.1-10.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gsettings-desktop-schemas"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.0-6.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gsettings-desktop-schemas-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.0-6.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk-update-icon-cache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.30-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.30-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.30-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk3-immodule-xim"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.30-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mutter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.2-60.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mutter-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.2-60.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "vino"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.0-11.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.32.3-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.32.3-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.32.3-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.32.3-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "GNOME is the default desktop environment of AlmaLinux.\n\nThe following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300)\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)\n\n* LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918)\n\n* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788)\n\n* webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)\n\n* webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)\n\n* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)\n\n* webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870)\n\n* webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871)\n\n* webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)\n\n* webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)\n\n* webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)\n\n* webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)\n\n* webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)\n\n* webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)\n\n* webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)\n\n* webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734)\n\n* webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749)\n\n* webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795)\n\n* webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799)\n\n* webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)\n\n* gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241)\n\n* gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2021:4381",
"modified": "2021-11-12T10:21:01Z",
"published": "2021-11-09T09:15:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2021-4381.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-13558"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-24870"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-27918"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-29623"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-36241"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1765"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1788"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1789"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1799"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1801"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1844"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1870"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1871"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-21775"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-21779"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-21806"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-28650"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30663"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30665"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30682"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30689"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30720"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30734"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30744"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30749"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30758"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30795"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30797"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30799"
}
],
"related": [
"CVE-2020-13558",
"CVE-2020-24870",
"CVE-2020-27918",
"CVE-2021-1765",
"CVE-2021-1788",
"CVE-2021-1789",
"CVE-2021-1799",
"CVE-2021-1801",
"CVE-2021-1844",
"CVE-2021-1870",
"CVE-2021-1871",
"CVE-2021-21775",
"CVE-2021-21779",
"CVE-2021-21806",
"CVE-2021-30663",
"CVE-2021-30665",
"CVE-2021-30682",
"CVE-2021-30689",
"CVE-2021-30720",
"CVE-2021-30734",
"CVE-2021-30744",
"CVE-2021-30749",
"CVE-2021-30758",
"CVE-2021-30795",
"CVE-2021-30797",
"CVE-2021-30799",
"CVE-2020-29623",
"CVE-2020-36241",
"CVE-2020-36241",
"CVE-2021-28650"
],
"summary": "Moderate: GNOME security, bug fix, and enhancement update"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…