Vulnerability-Lookup

CVE-2021-30663 (GCVE-0-2021-30663)

Vulnerability from cvelistv5 – Published: 2021-09-08 14:49 – Updated: 2025-10-21 23:25

Summary

An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Processing maliciously crafted web content may lead to arbitrary code execution

Assigner

apple

References

URL

Tags

	https://support.apple.com/en-us/HT212532	x_refsource_MISC
	https://support.apple.com/en-us/HT212534	x_refsource_MISC
	https://support.apple.com/en-us/HT212341	x_refsource_MISC
	https://support.apple.com/en-us/HT212335	x_refsource_MISC
	https://support.apple.com/en-us/HT212336	x_refsource_MISC

Impacted products

Vendor

Product

Version

Apple

macOS

Affected: unspecified , < 11.3 (custom)

Apple	macOS	Affected: unspecified , < 14.5 (custom)
Apple	macOS	Affected: unspecified , < 12.5 (custom)
Apple	macOS	Affected: unspecified , < 14.6 (custom)
Apple	macOS	Affected: unspecified , < 14.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:40:32.148Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212532"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212534"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212341"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212335"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212336"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-30663",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T16:23:07.360860Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30663"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:25:34.065Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30663"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00.000Z",
            "value": "CVE-2021-30663 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "12.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to arbitrary code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-08T14:49:41.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212532"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212534"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212341"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212335"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212336"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2021-30663",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "11.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "14.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "12.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "14.6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "14.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Processing maliciously crafted web content may lead to arbitrary code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212532",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212532"
            },
            {
              "name": "https://support.apple.com/en-us/HT212534",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212534"
            },
            {
              "name": "https://support.apple.com/en-us/HT212341",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212341"
            },
            {
              "name": "https://support.apple.com/en-us/HT212335",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212335"
            },
            {
              "name": "https://support.apple.com/en-us/HT212336",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212336"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2021-30663",
    "datePublished": "2021-09-08T14:49:41.000Z",
    "dateReserved": "2021-04-13T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:25:34.065Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2021-30663",
      "cwes": "[\"CWE-20\", \"CWE-190\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-11-17",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2021-30663",
      "product": "Multiple Products",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.",
      "vendorProject": "Apple",
      "vulnerabilityName": "Apple Multiple Products WebKit Integer Overflow Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/en-us/HT212532\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT212534\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT212341\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT212335\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT212336\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T22:40:32.148Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-30663\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T16:23:07.360860Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30663\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-11-03T00:00:00.000Z\", \"value\": \"CVE-2021-30663 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30663\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190 Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-03T13:57:58.013Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"11.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"14.5\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"12.5\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"14.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"14.1\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/HT212532\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://support.apple.com/en-us/HT212534\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://support.apple.com/en-us/HT212341\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://support.apple.com/en-us/HT212335\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://support.apple.com/en-us/HT212336\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Processing maliciously crafted web content may lead to arbitrary code execution\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2021-09-08T14:49:41.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"11.3\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"macOS\"}, {\"version\": {\"version_data\": [{\"version_value\": \"14.5\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"macOS\"}, {\"version\": {\"version_data\": [{\"version_value\": \"12.5\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"macOS\"}, {\"version\": {\"version_data\": [{\"version_value\": \"14.6\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"macOS\"}, {\"version\": {\"version_data\": [{\"version_value\": \"14.1\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"macOS\"}]}, \"vendor_name\": \"Apple\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://support.apple.com/en-us/HT212532\", \"name\": \"https://support.apple.com/en-us/HT212532\", \"refsource\": \"MISC\"}, {\"url\": \"https://support.apple.com/en-us/HT212534\", \"name\": \"https://support.apple.com/en-us/HT212534\", \"refsource\": \"MISC\"}, {\"url\": \"https://support.apple.com/en-us/HT212341\", \"name\": \"https://support.apple.com/en-us/HT212341\", \"refsource\": \"MISC\"}, {\"url\": \"https://support.apple.com/en-us/HT212335\", \"name\": \"https://support.apple.com/en-us/HT212335\", \"refsource\": \"MISC\"}, {\"url\": \"https://support.apple.com/en-us/HT212336\", \"name\": \"https://support.apple.com/en-us/HT212336\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Processing maliciously crafted web content may lead to arbitrary code execution\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-30663\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"product-security@apple.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-30663\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:25:34.065Z\", \"dateReserved\": \"2021-04-13T00:00:00.000Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2021-09-08T14:49:41.000Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2021-30663

Vulnerability from fkie_nvd - Published: 2021-09-08 15:15 - Updated: 2025-10-23 14:55

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/HT212335	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212336	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212341	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212532	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212534	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212335	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212336	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212341	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212532	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212534	Release Notes, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30663	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
apple	safari	*
apple	ipados	*
apple	iphone_os	*
apple	iphone_os	*
apple	macos	*
apple	tvos	*

JSON

To clipboard

{
  "cisaActionDue": "2021-11-17",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Apple Multiple Products WebKit Integer Overflow Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFDA8CE0-8F2C-4FA7-91F8-A720F56EBC5D",
              "versionEndExcluding": "14.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35BD9C02-08C2-45A2-BC2C-A19111C293F3",
              "versionEndExcluding": "14.5.1",
              "versionStartIncluding": "14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "443BF1FD-EC67-437D-A9CA-EEB3EF25B701",
              "versionEndExcluding": "12.5.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBBD83AD-8615-422B-AE3E-39D4AB86D8FC",
              "versionEndExcluding": "14.5.1",
              "versionStartIncluding": "14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14B2F397-655E-44C5-B9A3-8C4435675F42",
              "versionEndExcluding": "11.3.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9076D8C8-70CD-4DE5-8BAE-8CA6A5BEDDB3",
              "versionEndExcluding": "14.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un desbordamiento de enteros con una comprobaci\u00f3n de entrada mejorada. Este problema es corregido en iOS versi\u00f3n 14.5.1 y iPadOS versi\u00f3n 14.5.1, tvOS versi\u00f3n 14.6, iOS versi\u00f3n 12.5.3, Safari versi\u00f3n 14.1.1, macOS Big Sur versi\u00f3n 11.3.1. El procesamiento de contenido web maliciosamente dise\u00f1ado puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario"
    }
  ],
  "id": "CVE-2021-30663",
  "lastModified": "2025-10-23T14:55:43.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-09-08T15:15:13.413",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212335"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212336"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212341"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212532"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212335"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212341"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212534"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30663"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CERTFR-2021-AVI-336

Vulnerability from certfr_avis - Published: 2021-05-04 - Updated: 2021-05-04

De multiples vulnérabilités ont été découvertes dans les produits Apple. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS Big Sur versions antérieures à 11.3.1
Apple	N/A	iOS versions antérieures à 14.5.1
Apple	N/A	watchOS versions antérieures à 7.4.1
Apple	N/A	iPadOS versions antérieures à 14.5.1
Apple	N/A	iOS versions antérieures à 12.5.3

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT212341 du 03 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212336 du 03 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212335 du 03 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212339 du 03 mai 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.3.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 14.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 14.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 12.5.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-30666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30666"
    },
    {
      "name": "CVE-2021-30663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30663"
    },
    {
      "name": "CVE-2021-30661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30661"
    },
    {
      "name": "CVE-2021-30665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30665"
    }
  ],
  "initial_release_date": "2021-05-04T00:00:00",
  "last_revision_date": "2021-05-04T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-336",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-05-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212341 du 03 mai 2021",
      "url": "https://support.apple.com/fr-fr/HT212341"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212336 du 03 mai 2021",
      "url": "https://support.apple.com/fr-fr/HT212336"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212335 du 03 mai 2021",
      "url": "https://support.apple.com/fr-fr/HT212335"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212339 du 03 mai 2021",
      "url": "https://support.apple.com/fr-fr/HT212339"
    }
  ]
}

CERTFR-2021-AVI-345

Vulnerability from certfr_avis - Published: 2021-05-05 - Updated: 2021-05-05

De multiples vulnérabilités ont été découvertes dans Apple Safari. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	Safari	Apple Safari versions antérieures à 14.1 sans le correctif du 26 avril 2021

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT212340 du 04 mai 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 14.1 sans le correctif du 26 avril 2021",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-30663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30663"
    },
    {
      "name": "CVE-2021-30665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30665"
    }
  ],
  "initial_release_date": "2021-05-05T00:00:00",
  "last_revision_date": "2021-05-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-345",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-05-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple Safari. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212340 du 04 mai 2021",
      "url": "https://support.apple.com/en-us/HT212340"
    }
  ]
}

CERTFR-2021-AVI-398

Vulnerability from certfr_avis - Published: 2021-05-25 - Updated: 2021-05-25

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	Safari	Safari versions antérieures à 14.1.1
Apple	macOS	macOS Big Sur versions antérieures à 11.4
Apple	macOS	macOS Catalina versions sans la mise à jour 2021-003
Apple	N/A	iPadOS versions antérieures à 14.6
Apple	N/A	tvOS versions antérieures à 14.6
Apple	N/A	watchOS versions antérieures à 7.5
Apple	macOS	macOS Mojave versions sans la mise à jour 2021-004
Apple	N/A	iOS versions antérieures à 14.6

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT212534 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212528 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212531 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212533 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212530 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212529 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212532 du 24 mai 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 14.1.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.4",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina versions sans la mise \u00e0 jour 2021-003",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 14.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 14.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 7.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave versions sans la mise \u00e0 jour 2021-004",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 14.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-30678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30678"
    },
    {
      "name": "CVE-2021-30715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30715"
    },
    {
      "name": "CVE-2021-30724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30724"
    },
    {
      "name": "CVE-2021-30668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30668"
    },
    {
      "name": "CVE-2020-36230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36230"
    },
    {
      "name": "CVE-2021-30681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30681"
    },
    {
      "name": "CVE-2020-36221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36221"
    },
    {
      "name": "CVE-2021-30667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30667"
    },
    {
      "name": "CVE-2021-30722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30722"
    },
    {
      "name": "CVE-2021-30684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30684"
    },
    {
      "name": "CVE-2021-30737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30737"
    },
    {
      "name": "CVE-2021-30708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30708"
    },
    {
      "name": "CVE-2020-36225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36225"
    },
    {
      "name": "CVE-2021-30701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30701"
    },
    {
      "name": "CVE-2021-30743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30743"
    },
    {
      "name": "CVE-2021-30726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30726"
    },
    {
      "name": "CVE-2021-30676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30676"
    },
    {
      "name": "CVE-2021-30671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30671"
    },
    {
      "name": "CVE-2020-36224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36224"
    },
    {
      "name": "CVE-2021-30692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30692"
    },
    {
      "name": "CVE-2021-30677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30677"
    },
    {
      "name": "CVE-2021-30714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30714"
    },
    {
      "name": "CVE-2021-30702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30702"
    },
    {
      "name": "CVE-2021-30727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30727"
    },
    {
      "name": "CVE-2021-21779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21779"
    },
    {
      "name": "CVE-2021-1884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1884"
    },
    {
      "name": "CVE-2020-36228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36228"
    },
    {
      "name": "CVE-2020-36227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36227"
    },
    {
      "name": "CVE-2021-30723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30723"
    },
    {
      "name": "CVE-2021-30729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30729"
    },
    {
      "name": "CVE-2021-30719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30719"
    },
    {
      "name": "CVE-2021-30696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30696"
    },
    {
      "name": "CVE-2021-30712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30712"
    },
    {
      "name": "CVE-2021-30688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30688"
    },
    {
      "name": "CVE-2021-30739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30739"
    },
    {
      "name": "CVE-2021-30680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30680"
    },
    {
      "name": "CVE-2021-30689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30689"
    },
    {
      "name": "CVE-2021-30746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30746"
    },
    {
      "name": "CVE-2021-30744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30744"
    },
    {
      "name": "CVE-2020-36223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36223"
    },
    {
      "name": "CVE-2021-30669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30669"
    },
    {
      "name": "CVE-2021-30699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30699"
    },
    {
      "name": "CVE-2021-30728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30728"
    },
    {
      "name": "CVE-2021-30736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30736"
    },
    {
      "name": "CVE-2020-36229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36229"
    },
    {
      "name": "CVE-2021-30695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30695"
    },
    {
      "name": "CVE-2021-30705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30705"
    },
    {
      "name": "CVE-2021-30663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30663"
    },
    {
      "name": "CVE-2021-30683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30683"
    },
    {
      "name": "CVE-2021-30691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30691"
    },
    {
      "name": "CVE-2021-30725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30725"
    },
    {
      "name": "CVE-2021-30665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30665"
    },
    {
      "name": "CVE-2021-30721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30721"
    },
    {
      "name": "CVE-2021-30693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30693"
    },
    {
      "name": "CVE-2021-30682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30682"
    },
    {
      "name": "CVE-2021-30674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30674"
    },
    {
      "name": "CVE-2021-30694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30694"
    },
    {
      "name": "CVE-2021-1883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1883"
    },
    {
      "name": "CVE-2021-30673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30673"
    },
    {
      "name": "CVE-2021-30718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30718"
    },
    {
      "name": "CVE-2021-30713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30713"
    },
    {
      "name": "CVE-2021-30717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30717"
    },
    {
      "name": "CVE-2020-36226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36226"
    },
    {
      "name": "CVE-2021-30687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30687"
    },
    {
      "name": "CVE-2020-36222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36222"
    },
    {
      "name": "CVE-2021-30709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30709"
    },
    {
      "name": "CVE-2021-30690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30690"
    },
    {
      "name": "CVE-2021-30686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30686"
    },
    {
      "name": "CVE-2021-30716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30716"
    },
    {
      "name": "CVE-2021-30735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30735"
    },
    {
      "name": "CVE-2021-30679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30679"
    },
    {
      "name": "CVE-2021-30734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30734"
    },
    {
      "name": "CVE-2021-30697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30697"
    },
    {
      "name": "CVE-2021-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30698"
    },
    {
      "name": "CVE-2021-30720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30720"
    },
    {
      "name": "CVE-2021-30740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30740"
    },
    {
      "name": "CVE-2021-23841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
    },
    {
      "name": "CVE-2021-30685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30685"
    },
    {
      "name": "CVE-2021-30738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30738"
    },
    {
      "name": "CVE-2021-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30749"
    },
    {
      "name": "CVE-2021-30704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30704"
    },
    {
      "name": "CVE-2021-30741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30741"
    },
    {
      "name": "CVE-2021-30707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30707"
    },
    {
      "name": "CVE-2021-30710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30710"
    },
    {
      "name": "CVE-2021-30700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30700"
    }
  ],
  "initial_release_date": "2021-05-25T00:00:00",
  "last_revision_date": "2021-05-25T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-398",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-05-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212534 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212534"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212528 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212528"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212531 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212531"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212533 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212533"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212530 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212530"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212529 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212529"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212532 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212532"
    }
  ]
}

CVE-2021-30663

Vulnerability from fstec - Published: 08.09.2021

Title

Уязвимость операционных систем iPadOS, tvOS, iOS, браузера Safari , вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость операционных систем iPadOS, tvOS, iOS, браузера Safari вызвана целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Сообщество свободного программного обеспечения, Canonical Ltd., Red Hat Inc., Fedora Project, Novell Inc., Apple Inc., ООО «РусБИТех-Астра», АО "НППКТ"

Software Name

Debian GNU/Linux, Ubuntu, Red Hat Enterprise Linux, Fedora, OpenSUSE Leap, Safari, MacOS, iPadOS, iOS, tvOS, Astra Linux Special Edition (запись в едином реестре российских программ №369), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 33 (Fedora), 21.04 (Ubuntu), 34 (Fedora), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), до 14.1.1 (Safari), от 11.0 до 11.3.1 (MacOS), от 14.0 до 14.5.1 (iPadOS), от 14.0 до 14.5.1 (iOS), до 14.6 (tvOS), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.1 (ОСОН ОСнова Оnyx)

Possible Mitigations

Использование рекомендаций: https://support.apple.com/en-us/HT212341 https://support.apple.com/en-us/HT212534 https://support.apple.com/en-us/HT212336 https://support.apple.com/en-us/HT212532 https://support.apple.com/en-us/HT212335 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2021-30663 Для программных продуктов Red Hat Inc.: https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30663.xml Для Ubuntu https://ubuntu.com/security/CVE-2021-30663 Для Fedora: https://lists.fedoraproject.org/archives/search?mlist=package-announce%40lists.fedoraproject.org&q=CVE-2021-30663 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2021-30663 Для Astra Linux: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17 использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47 Для ОСОН Основа: Обновление программного обеспечения webkit2gtk до версии 2.32.3-1~deb10u1

Reference

https://support.apple.com/en-us/HT212341 https://support.apple.com/en-us/HT212534 https://support.apple.com/en-us/HT212336 https://support.apple.com/en-us/HT212532 https://support.apple.com/en-us/HT212335 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/ https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

CWE

CWE-190

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Canonical Ltd., Red Hat Inc., Fedora Project, Novell Inc., Apple Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 33 (Fedora), 21.04 (Ubuntu), 34 (Fedora), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), \u0434\u043e 14.1.1 (Safari), \u043e\u0442 11.0 \u0434\u043e 11.3.1 (MacOS), \u043e\u0442 14.0 \u0434\u043e 14.5.1 (iPadOS), \u043e\u0442 14.0 \u0434\u043e 14.5.1 (iOS), \u0434\u043e 14.6 (tvOS), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://support.apple.com/en-us/HT212341\nhttps://support.apple.com/en-us/HT212534\nhttps://support.apple.com/en-us/HT212336\nhttps://support.apple.com/en-us/HT212532\nhttps://support.apple.com/en-us/HT212335\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2021-30663\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30663.xml\n\u0414\u043b\u044f Ubuntu\nhttps://ubuntu.com/security/CVE-2021-30663\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/search?mlist=package-announce%40lists.fedoraproject.org\u0026q=CVE-2021-30663\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-30663\n\n\u0414\u043b\u044f Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f webkit2gtk \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.32.3-1~deb10u1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.09.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.10.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-05083",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-30663",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Ubuntu, Red Hat Enterprise Linux, Fedora, OpenSUSE Leap, Safari, MacOS, iPadOS, iOS, tvOS, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 20.04 LTS , Fedora Project Fedora 33 , Canonical Ltd. Ubuntu 21.04 , Fedora Project Fedora 34 , Novell Inc. OpenSUSE Leap 15.3 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Apple Inc. MacOS \u043e\u0442 11.0 \u0434\u043e 11.3.1 , Apple Inc. iPadOS \u043e\u0442 14.0 \u0434\u043e 14.5.1 , Apple Inc. iOS \u043e\u0442 14.0 \u0434\u043e 14.5.1 , Apple Inc. tvOS \u0434\u043e 14.6 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c iPadOS, tvOS, iOS, \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Safari , \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u0430\u044f \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c iPadOS, tvOS, iOS, \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Safari \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://support.apple.com/en-us/HT212341\nhttps://support.apple.com/en-us/HT212534\nhttps://support.apple.com/en-us/HT212336\nhttps://support.apple.com/en-us/HT212532\nhttps://support.apple.com/en-us/HT212335\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

GHSA-5G93-PF3W-6F59

Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2025-10-22 00:32

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-30663"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.",
  "id": "GHSA-5g93-pf3w-6f59",
  "modified": "2025-10-22T00:32:19Z",
  "published": "2022-05-24T19:13:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30663"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212335"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212336"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212341"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212532"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212534"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30663"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2021-30663

Vulnerability from osv_almalinux

Published

2021-11-09 09:15

Modified

2021-11-12 10:21

Summary

Moderate: GNOME security, bug fix, and enhancement update

Details

GNOME is the default desktop environment of AlmaLinux.

The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300)

Security Fix(es):

webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)
LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918)
webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788)
webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)
webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)
webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)
webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870)
webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871)
webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)
webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)
webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)
webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)
webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)
webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)
webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)
webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734)
webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749)
webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795)
webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799)
webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241)
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "LibRaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.19.5-3.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "LibRaw-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.19.5-3.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "accountsservice"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.55-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "accountsservice-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.55-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "accountsservice-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.55-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gdm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:40.0-15.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-autoar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.3-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-calculator"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.2-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-classic-session"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-control-center"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.2-28.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-control-center-filesystem"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.2-28.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-online-accounts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.2-3.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-online-accounts-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.2-3.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-session"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.1-13.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-session-kiosk-session"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.1-13.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-session-wayland-session"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.1-13.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-session-xsession"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.1-13.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-settings-daemon"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.0-16.el8.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.2-40.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-apps-menu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-auto-move-windows"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-dash-to-dock"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-desktop-icons"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-disable-screenshield"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-drive-menu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-gesture-inhibitor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-horizontal-workspaces"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-launch-new-instance"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-native-window-placement"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-no-hot-corner"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-panel-favorites"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-places-menu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-screenshot-window-sizer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-systemMonitor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-top-icons"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-updates-dialog"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-user-theme"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-window-grouper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-window-list"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-windowsNavigator"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell-extension-workspace-indicator"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.1-20.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-software"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.36.1-10.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-software-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.36.1-10.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gsettings-desktop-schemas"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.0-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gsettings-desktop-schemas-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.0-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gtk-update-icon-cache"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.22.30-8.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.22.30-8.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.22.30-8.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gtk3-immodule-xim"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.22.30-8.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mutter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.2-60.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mutter-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.2-60.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "vino"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.22.0-11.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.32.3-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.32.3-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.32.3-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.32.3-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "GNOME is the default desktop environment of AlmaLinux.\n\nThe following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300)\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)\n\n* LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918)\n\n* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788)\n\n* webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)\n\n* webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)\n\n* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)\n\n* webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870)\n\n* webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871)\n\n* webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)\n\n* webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)\n\n* webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)\n\n* webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)\n\n* webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)\n\n* webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)\n\n* webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)\n\n* webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734)\n\n* webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749)\n\n* webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795)\n\n* webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799)\n\n* webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)\n\n* gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241)\n\n* gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2021:4381",
  "modified": "2021-11-12T10:21:01Z",
  "published": "2021-11-09T09:15:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2021-4381.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-13558"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-24870"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-27918"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-29623"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-36241"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-1765"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-1788"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-1789"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-1799"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-1801"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-1844"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-1870"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-1871"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-21775"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-21779"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-21806"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-28650"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30663"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30665"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30682"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30689"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30720"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30734"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30744"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30749"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30758"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30795"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30797"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30799"
    }
  ],
  "related": [
    "CVE-2020-13558",
    "CVE-2020-24870",
    "CVE-2020-27918",
    "CVE-2021-1765",
    "CVE-2021-1788",
    "CVE-2021-1789",
    "CVE-2021-1799",
    "CVE-2021-1801",
    "CVE-2021-1844",
    "CVE-2021-1870",
    "CVE-2021-1871",
    "CVE-2021-21775",
    "CVE-2021-21779",
    "CVE-2021-21806",
    "CVE-2021-30663",
    "CVE-2021-30665",
    "CVE-2021-30682",
    "CVE-2021-30689",
    "CVE-2021-30720",
    "CVE-2021-30734",
    "CVE-2021-30744",
    "CVE-2021-30749",
    "CVE-2021-30758",
    "CVE-2021-30795",
    "CVE-2021-30797",
    "CVE-2021-30799",
    "CVE-2020-29623",
    "CVE-2020-36241",
    "CVE-2020-36241",
    "CVE-2021-28650"
  ],
  "summary": "Moderate: GNOME security, bug fix, and enhancement update"
}

GSD-2021-30663

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-30663

Aliases

CVE-2021-30663

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-30663",
    "description": "An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.",
    "id": "GSD-2021-30663",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-30663.html",
      "https://www.debian.org/security/2021/dsa-4945",
      "https://access.redhat.com/errata/RHSA-2021:4381",
      "https://ubuntu.com/security/CVE-2021-30663",
      "https://advisories.mageia.org/CVE-2021-30663.html",
      "https://security.archlinux.org/CVE-2021-30663",
      "https://linux.oracle.com/cve/CVE-2021-30663.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-30663"
      ],
      "details": "An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.",
      "id": "GSD-2021-30663",
      "modified": "2023-12-13T01:23:31.988354Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2021-30663",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-11-17",
      "product": "Safari",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Integer overflow. Processing maliciously crafted web content may lead to arbitrary code execution.",
      "vendorProject": "Apple",
      "vulnerabilityName": "Apple Safari Webkit Browser Engine Integer Overflow Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2021-30663",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "11.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "14.5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "12.5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "14.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "14.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Processing maliciously crafted web content may lead to arbitrary code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT212532",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212532"
          },
          {
            "name": "https://support.apple.com/en-us/HT212534",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212534"
          },
          {
            "name": "https://support.apple.com/en-us/HT212341",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212341"
          },
          {
            "name": "https://support.apple.com/en-us/HT212335",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212335"
          },
          {
            "name": "https://support.apple.com/en-us/HT212336",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212336"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "cisaActionDue": "2021-11-17",
        "cisaExploitAdd": "2021-11-03",
        "cisaRequiredAction": "Apply updates per vendor instructions.",
        "cisaVulnerabilityName": "Apple Multiple Products Integer Overflow Vulnerability",
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:apple:macos:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "38C24205-D2E5-4354-B48F-A690D94DCCC7",
                    "versionEndExcluding": "11.3.1",
                    "versionStartIncluding": "11.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FFDA8CE0-8F2C-4FA7-91F8-A720F56EBC5D",
                    "versionEndExcluding": "14.1.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "35BD9C02-08C2-45A2-BC2C-A19111C293F3",
                    "versionEndExcluding": "14.5.1",
                    "versionStartIncluding": "14.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "443BF1FD-EC67-437D-A9CA-EEB3EF25B701",
                    "versionEndExcluding": "12.5.3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EBBD83AD-8615-422B-AE3E-39D4AB86D8FC",
                    "versionEndExcluding": "14.5.1",
                    "versionStartIncluding": "14.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9076D8C8-70CD-4DE5-8BAE-8CA6A5BEDDB3",
                    "versionEndExcluding": "14.6",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution."
          },
          {
            "lang": "es",
            "value": "Se abord\u00f3 un desbordamiento de enteros con una comprobaci\u00f3n de entrada mejorada. Este problema es corregido en iOS versi\u00f3n 14.5.1 y iPadOS versi\u00f3n 14.5.1, tvOS versi\u00f3n 14.6, iOS versi\u00f3n 12.5.3, Safari versi\u00f3n 14.1.1, macOS Big Sur versi\u00f3n 11.3.1. El procesamiento de contenido web maliciosamente dise\u00f1ado puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario"
          }
        ],
        "id": "CVE-2021-30663",
        "lastModified": "2024-02-02T03:08:37.943",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 8.6,
              "impactScore": 6.4,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": true
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2021-09-08T15:15:13.413",
        "references": [
          {
            "source": "product-security@apple.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://support.apple.com/en-us/HT212335"
          },
          {
            "source": "product-security@apple.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://support.apple.com/en-us/HT212336"
          },
          {
            "source": "product-security@apple.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://support.apple.com/en-us/HT212341"
          },
          {
            "source": "product-security@apple.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://support.apple.com/en-us/HT212532"
          },
          {
            "source": "product-security@apple.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://support.apple.com/en-us/HT212534"
          }
        ],
        "sourceIdentifier": "product-security@apple.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-190"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-30663 (GCVE-0-2021-30663)

Solution

Solution

Solution

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature