Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-30799 (GCVE-0-2021-30799)
Vulnerability from cvelistv5 – Published: 2021-09-08 13:38 – Updated: 2024-08-03 22:40
VLAI?
EPSS
Summary
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:40:32.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212601"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212602"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212603"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Update - Catalina",
"vendor": "Apple",
"versions": [
{
"lessThan": "2021",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2021",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-08T13:38:58.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212601"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212602"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212603"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-30799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Update - Catalina",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2021"
}
]
}
},
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.7"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.5"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2021"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212601",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212601"
},
{
"name": "https://support.apple.com/en-us/HT212602",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212602"
},
{
"name": "https://support.apple.com/en-us/HT212600",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212600"
},
{
"name": "https://support.apple.com/en-us/HT212603",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212603"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2021-30799",
"datePublished": "2021-09-08T13:38:58.000Z",
"dateReserved": "2021-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:40:32.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-RH3C-99Q9-27V6
Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13
VLAI?
Details
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2021-30799"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-08T14:15:00Z",
"severity": "HIGH"
},
"details": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "GHSA-rh3c-99q9-27v6",
"modified": "2022-05-24T19:13:41Z",
"published": "2022-05-24T19:13:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30799"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212600"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212601"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212602"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212603"
}
],
"schema_version": "1.4.0",
"severity": []
}
CVE-2021-30799
Vulnerability from fstec - Published: 09.07.2021
VLAI Severity ?
Title
Уязвимость модулей отображения веб-страниц WebKitGTK, WPE WebKit, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Description
Уязвимость модулей отображения веб-страниц WebKitGTK, WPE WebKit связана с записью за границами буфера. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании с помощью вредоносного веб-контента
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», АО "НППКТ"
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), WebKitGTK, WPE WebKit, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
9 (Debian GNU/Linux), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), до 2.32.3 (WebKitGTK), до 2.32.3 (WPE WebKit), 4.7 (Astra Linux Special Edition), до 2.1 (ОСОН ОСнова Оnyx)
Possible Mitigations
Для WebKitGTK:
использование рекомендаций производителя: https://webkitgtk.org/security/WSA-2021-0004.html
Для ОС Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2021-30799
Для Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
Для ОСОН Основа:
Обновление программного обеспечения webkit2gtk до версии 2.32.3-1~deb10u1
Reference
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2021-30799
https://nvd.nist.gov/vuln/detail/CVE-2021-30799
https://security-tracker.debian.org/tracker/CVE-2021-30799
https://webkitgtk.org/security/WSA-2021-0004.html
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/
CWE
CWE-787
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), \u0434\u043e 2.32.3 (WebKitGTK), \u0434\u043e 2.32.3 (WPE WebKit), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f WebKitGTK:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://webkitgtk.org/security/WSA-2021-0004.html\n\n\u0414\u043b\u044f \u041e\u0421 Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2021-30799\n\n\u0414\u043b\u044f Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f webkit2gtk \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.32.3-1~deb10u1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.07.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "17.10.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.01.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-00210",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-30799",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), WebKitGTK, WPE WebKit, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK, WPE WebKit, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK, WPE WebKit \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0432\u0435\u0431-\u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2021-30799\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-30799\nhttps://security-tracker.debian.org/tracker/CVE-2021-30799\nhttps://webkitgtk.org/security/WSA-2021-0004.html\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
FKIE_CVE-2021-30799
Vulnerability from fkie_nvd - Published: 2021-09-08 14:15 - Updated: 2024-11-21 06:04
Severity ?
Summary
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.15.6 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | macos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3AF02B7-BF1F-483A-BA47-9B5B92AF1D29",
"versionEndExcluding": "14.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB29E85-E401-4492-973C-B3116ECDDE36",
"versionEndIncluding": "10.14.6",
"versionStartIncluding": "10.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8A73F8-3074-4B32-B9F6-343B6B1988C5",
"versionEndExcluding": "10.15.7",
"versionStartIncluding": "10.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
"matchCriteriaId": "CFE26ECC-A2C2-4501-9950-510DE0E1BD86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
"matchCriteriaId": "26108BEF-0847-4AB0-BD98-35344DFA7835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
"matchCriteriaId": "A369D48B-6A0A-47AE-9513-D5E2E6F30931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
"matchCriteriaId": "510F8317-94DA-498E-927A-83D5F41AF54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
"matchCriteriaId": "0D5D1970-6D2A-42CA-A203-42023D71730D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
"matchCriteriaId": "C68AE52B-5139-40A4-AE9A-E752DBF07D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
"matchCriteriaId": "0FD3467D-7679-479F-9C0B-A93F7CD0929D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
"matchCriteriaId": "D4C6098E-EDBD-4A85-8282-B2E9D9333872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
"matchCriteriaId": "518BB47B-DD76-4E8C-9F10-7EBC1E146191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
"matchCriteriaId": "63940A55-D851-46EB-9668-D82BEFC1FE95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
"matchCriteriaId": "68C7A97A-3801-44FA-96CA-10298FA39883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
"matchCriteriaId": "6D69914D-46C7-4A0E-A075-C863C1692D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
"matchCriteriaId": "9CDB4476-B521-43E4-A129-8718A8E0A8CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
"matchCriteriaId": "9D072B77-BE3F-4A2E-B66A-E2C8DC3781E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*",
"matchCriteriaId": "A4A6BF78-B772-435C-AC1A-2199027CCF9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-003:*:*:*:*:*:*",
"matchCriteriaId": "9A233DE4-D09A-4157-B852-E675889DD4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-004:*:*:*:*:*:*",
"matchCriteriaId": "C5B08C18-E0B5-4036-824E-4A3FCB518200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*",
"matchCriteriaId": "2C88BD98-46F5-447F-963A-FB9B167E31BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*",
"matchCriteriaId": "C7A0615B-D958-4BBF-B53F-AA839A0FE845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.6:supplemental_update:*:*:*:*:*:*",
"matchCriteriaId": "2E5A4D99-706D-4B12-9D41-13A480B3DF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
"matchCriteriaId": "F12CC8B5-C1EB-419E-8496-B9A3864656AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
"matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*",
"matchCriteriaId": "7FD7176C-F4D1-43A7-9E49-BA92CA0D9980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*",
"matchCriteriaId": "2703DE0B-8A9E-4A9D-9AE8-028E22BF47CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
"matchCriteriaId": "D425C653-37A2-448C-BF2F-B684ADB08A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
"matchCriteriaId": "A54D63B7-B92B-47C3-B1C5-9892E5873A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE66C45C-B3D7-444B-AE70-8EF7A380295E",
"versionEndExcluding": "11.5",
"versionStartIncluding": "11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de la memoria con una administraci\u00f3n de memoria mejorada. Este problema se corrigi\u00f3 en iOS versi\u00f3n 14.7, macOS Big Sur versi\u00f3n 11.5, Security Update 2021-004 Catalina y Security Update 2021-005 Mojave. El procesamiento de contenido web dise\u00f1ado maliciosamente puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario"
}
],
"id": "CVE-2021-30799",
"lastModified": "2024-11-21T06:04:44.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-08T14:15:11.793",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212600"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212601"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212602"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212603"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2021-30799
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-30799",
"description": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "GSD-2021-30799",
"references": [
"https://www.suse.com/security/cve/CVE-2021-30799.html",
"https://www.debian.org/security/2021/dsa-4945",
"https://access.redhat.com/errata/RHSA-2021:4381",
"https://ubuntu.com/security/CVE-2021-30799",
"https://advisories.mageia.org/CVE-2021-30799.html",
"https://security.archlinux.org/CVE-2021-30799",
"https://linux.oracle.com/cve/CVE-2021-30799.html",
"https://packetstormsecurity.com/files/cve/CVE-2021-30799"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-30799"
],
"details": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "GSD-2021-30799",
"modified": "2023-12-13T01:23:30.631288Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-30799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Update - Catalina",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2021"
}
]
}
},
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.7"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.5"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2021"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212601",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212601"
},
{
"name": "https://support.apple.com/en-us/HT212602",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212602"
},
{
"name": "https://support.apple.com/en-us/HT212600",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212600"
},
{
"name": "https://support.apple.com/en-us/HT212603",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212603"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.14.6",
"versionStartIncluding": "10.14",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-003:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-004:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.15.7",
"versionStartIncluding": "10.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.6:supplemental_update:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.5",
"versionStartIncluding": "11.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-30799"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212602",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212602"
},
{
"name": "https://support.apple.com/en-us/HT212603",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212603"
},
{
"name": "https://support.apple.com/en-us/HT212600",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212600"
},
{
"name": "https://support.apple.com/en-us/HT212601",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212601"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-09-15T19:45Z",
"publishedDate": "2021-09-08T14:15Z"
}
}
}
CERTFR-2021-AVI-562
Vulnerability from certfr_avis - Published: 2021-07-22 - Updated: 2021-07-22
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 14.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Catalina versions ant\u00e9rieures \u00e0 2021-004",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 14.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Mojave versions ant\u00e9rieures \u00e0 2021-005",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-30784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30784"
},
{
"name": "CVE-2021-30799",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30799"
},
{
"name": "CVE-2021-30672",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30672"
},
{
"name": "CVE-2021-30765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30765"
},
{
"name": "CVE-2021-30731",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30731"
},
{
"name": "CVE-2021-30792",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30792"
},
{
"name": "CVE-2018-25014",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25014"
},
{
"name": "CVE-2021-30787",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30787"
},
{
"name": "CVE-2021-30782",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30782"
},
{
"name": "CVE-2021-30800",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30800"
},
{
"name": "CVE-2021-30733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30733"
},
{
"name": "CVE-2021-30766",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30766"
},
{
"name": "CVE-2018-25011",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25011"
},
{
"name": "CVE-2021-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30774"
},
{
"name": "CVE-2021-30778",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30778"
},
{
"name": "CVE-2021-30763",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30763"
},
{
"name": "CVE-2021-30776",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30776"
},
{
"name": "CVE-2021-30677",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30677"
},
{
"name": "CVE-2021-30775",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30775"
},
{
"name": "CVE-2021-30789",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30789"
},
{
"name": "CVE-2021-30759",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30759"
},
{
"name": "CVE-2018-25010",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25010"
},
{
"name": "CVE-2021-30748",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30748"
},
{
"name": "CVE-2021-30796",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30796"
},
{
"name": "CVE-2021-30791",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30791"
},
{
"name": "CVE-2021-30770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30770"
},
{
"name": "CVE-2021-30797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30797"
},
{
"name": "CVE-2021-30788",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30788"
},
{
"name": "CVE-2021-30790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30790"
},
{
"name": "CVE-2021-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30703"
},
{
"name": "CVE-2021-30772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30772"
},
{
"name": "CVE-2021-30781",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30781"
},
{
"name": "CVE-2021-30773",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30773"
},
{
"name": "CVE-2020-36328",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36328"
},
{
"name": "CVE-2021-30758",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30758"
},
{
"name": "CVE-2021-30803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30803"
},
{
"name": "CVE-2021-30798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30798"
},
{
"name": "CVE-2021-30769",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30769"
},
{
"name": "CVE-2021-30760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30760"
},
{
"name": "CVE-2021-30785",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30785"
},
{
"name": "CVE-2021-30780",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30780"
},
{
"name": "CVE-2020-36330",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36330"
},
{
"name": "CVE-2021-30793",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30793"
},
{
"name": "CVE-2021-30779",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30779"
},
{
"name": "CVE-2021-30805",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30805"
},
{
"name": "CVE-2021-30786",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30786"
},
{
"name": "CVE-2020-36329",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36329"
},
{
"name": "CVE-2021-30804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30804"
},
{
"name": "CVE-2021-30795",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30795"
},
{
"name": "CVE-2021-30777",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30777"
},
{
"name": "CVE-2020-36331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36331"
},
{
"name": "CVE-2021-30768",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30768"
},
{
"name": "CVE-2021-30802",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30802"
},
{
"name": "CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"name": "CVE-2021-30783",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30783"
}
],
"initial_release_date": "2021-07-22T00:00:00",
"last_revision_date": "2021-07-22T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-562",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212601 du 21 juillet 2021",
"url": "https://support.apple.com/en-us/HT212601"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212600 du 21 juillet 2021",
"url": "https://support.apple.com/en-us/HT212600"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212602 du 21 juillet 2021",
"url": "https://support.apple.com/en-us/HT212602"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212603 du 21 juillet 2021",
"url": "https://support.apple.com/en-us/HT212603"
}
]
}
cve-2021-30799
Vulnerability from osv_almalinux
Published
2021-11-09 09:15
Modified
2021-11-12 10:21
Summary
Moderate: GNOME security, bug fix, and enhancement update
Details
GNOME is the default desktop environment of AlmaLinux.
The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300)
Security Fix(es):
-
webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)
-
LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)
-
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918)
-
webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)
-
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788)
-
webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)
-
webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)
-
webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)
-
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)
-
webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870)
-
webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871)
-
webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)
-
webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)
-
webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)
-
webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)
-
webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)
-
webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)
-
webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)
-
webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)
-
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734)
-
webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)
-
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749)
-
webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)
-
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795)
-
webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)
-
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799)
-
webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)
-
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241)
-
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "LibRaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.19.5-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "LibRaw-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.19.5-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "accountsservice"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.55-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "accountsservice-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.55-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "accountsservice-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.55-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gdm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:40.0-15.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-autoar"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.3-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-calculator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-classic-session"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-control-center"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.2-28.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-control-center-filesystem"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.2-28.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-online-accounts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-online-accounts-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-session"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.1-13.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-session-kiosk-session"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.1-13.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-session-wayland-session"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.1-13.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-session-xsession"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.1-13.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-settings-daemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.0-16.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.2-40.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-apps-menu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-auto-move-windows"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-dash-to-dock"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-desktop-icons"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-disable-screenshield"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-drive-menu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-gesture-inhibitor"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-horizontal-workspaces"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-launch-new-instance"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-native-window-placement"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-no-hot-corner"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-panel-favorites"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-places-menu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-screenshot-window-sizer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-systemMonitor"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-top-icons"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-updates-dialog"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-user-theme"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-window-grouper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-window-list"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-windowsNavigator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-workspace-indicator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-software"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.36.1-10.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-software-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.36.1-10.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gsettings-desktop-schemas"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.0-6.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gsettings-desktop-schemas-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.0-6.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk-update-icon-cache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.30-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.30-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.30-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk3-immodule-xim"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.30-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mutter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.2-60.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mutter-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.2-60.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "vino"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.0-11.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.32.3-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.32.3-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.32.3-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.32.3-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "GNOME is the default desktop environment of AlmaLinux.\n\nThe following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300)\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)\n\n* LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918)\n\n* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788)\n\n* webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)\n\n* webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)\n\n* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)\n\n* webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870)\n\n* webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871)\n\n* webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)\n\n* webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)\n\n* webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)\n\n* webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)\n\n* webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)\n\n* webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)\n\n* webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)\n\n* webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734)\n\n* webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749)\n\n* webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795)\n\n* webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799)\n\n* webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)\n\n* gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241)\n\n* gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2021:4381",
"modified": "2021-11-12T10:21:01Z",
"published": "2021-11-09T09:15:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2021-4381.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-13558"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-24870"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-27918"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-29623"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-36241"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1765"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1788"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1789"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1799"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1801"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1844"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1870"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1871"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-21775"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-21779"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-21806"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-28650"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30663"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30665"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30682"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30689"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30720"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30734"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30744"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30749"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30758"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30795"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30797"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30799"
}
],
"related": [
"CVE-2020-13558",
"CVE-2020-24870",
"CVE-2020-27918",
"CVE-2021-1765",
"CVE-2021-1788",
"CVE-2021-1789",
"CVE-2021-1799",
"CVE-2021-1801",
"CVE-2021-1844",
"CVE-2021-1870",
"CVE-2021-1871",
"CVE-2021-21775",
"CVE-2021-21779",
"CVE-2021-21806",
"CVE-2021-30663",
"CVE-2021-30665",
"CVE-2021-30682",
"CVE-2021-30689",
"CVE-2021-30720",
"CVE-2021-30734",
"CVE-2021-30744",
"CVE-2021-30749",
"CVE-2021-30758",
"CVE-2021-30795",
"CVE-2021-30797",
"CVE-2021-30799",
"CVE-2020-29623",
"CVE-2020-36241",
"CVE-2020-36241",
"CVE-2021-28650"
],
"summary": "Moderate: GNOME security, bug fix, and enhancement update"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…