Vulnerability-Lookup

CVE-2021-30887 (GCVE-0-2021-30887)

Vulnerability from cvelistv5 – Published: 2021-08-24 18:49 – Updated: 2024-08-03 22:48

Summary

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy.

Severity ?

No CVSS data available.

CWE

Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy

Assigner

apple

References

URL

Tags

	https://support.apple.com/en-us/HT212869	x_refsource_MISC
	https://support.apple.com/en-us/HT212867	x_refsource_MISC
	https://support.apple.com/en-us/HT212874	x_refsource_MISC
	https://support.apple.com/en-us/HT212876	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2021/12/20/6	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2021/dsa-5030	vendor-advisoryx_refsource_DEBIAN
	https://www.debian.org/security/2021/dsa-5031	vendor-advisoryx_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA

Impacted products

Vendor

Product

Version

Apple

iOS and iPadOS

Affected: unspecified , < 15.1 (custom)

Apple	macOS	Affected: unspecified , < 12.0 (custom)
Apple	macOS	Affected: unspecified , < 8.1 (custom)
Apple	macOS	Affected: unspecified , < 15.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:48:13.791Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212869"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212867"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212874"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212876"
          },
          {
            "name": "[oss-security] 20211220 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0007",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/20/6"
          },
          {
            "name": "DSA-5030",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5030"
          },
          {
            "name": "DSA-5031",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5031"
          },
          {
            "name": "FEDORA-2022-25a98f5d55",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/"
          },
          {
            "name": "FEDORA-2022-f7366e60cb",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "12.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "8.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-06T03:06:19.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212869"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212867"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212874"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212876"
        },
        {
          "name": "[oss-security] 20211220 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0007",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/20/6"
        },
        {
          "name": "DSA-5030",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5030"
        },
        {
          "name": "DSA-5031",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5031"
        },
        {
          "name": "FEDORA-2022-25a98f5d55",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/"
        },
        {
          "name": "FEDORA-2022-f7366e60cb",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2021-30887",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS and iPadOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "15.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "12.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "15.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212869",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212869"
            },
            {
              "name": "https://support.apple.com/en-us/HT212867",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212867"
            },
            {
              "name": "https://support.apple.com/en-us/HT212874",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212874"
            },
            {
              "name": "https://support.apple.com/en-us/HT212876",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212876"
            },
            {
              "name": "[oss-security] 20211220 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0007",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/12/20/6"
            },
            {
              "name": "DSA-5030",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-5030"
            },
            {
              "name": "DSA-5031",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-5031"
            },
            {
              "name": "FEDORA-2022-25a98f5d55",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/"
            },
            {
              "name": "FEDORA-2022-f7366e60cb",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2021-30887",
    "datePublished": "2021-08-24T18:49:51.000Z",
    "dateReserved": "2021-04-13T00:00:00.000Z",
    "dateUpdated": "2024-08-03T22:48:13.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2021-30887

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-30887

Aliases

CVE-2021-30887

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-30887",
    "description": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy.",
    "id": "GSD-2021-30887",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-30887.html",
      "https://www.debian.org/security/2021/dsa-5030",
      "https://www.debian.org/security/2021/dsa-5031",
      "https://ubuntu.com/security/CVE-2021-30887",
      "https://advisories.mageia.org/CVE-2021-30887.html",
      "https://linux.oracle.com/cve/CVE-2021-30887.html",
      "https://access.redhat.com/errata/RHSA-2022:1777"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-30887"
      ],
      "details": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy.",
      "id": "GSD-2021-30887",
      "modified": "2023-12-13T01:23:31.059266Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2021-30887",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS and iPadOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "15.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "12.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "8.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "15.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT212869",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212869"
          },
          {
            "name": "https://support.apple.com/en-us/HT212867",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212867"
          },
          {
            "name": "https://support.apple.com/en-us/HT212874",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212874"
          },
          {
            "name": "https://support.apple.com/en-us/HT212876",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212876"
          },
          {
            "name": "[oss-security] 20211220 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0007",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2021/12/20/6"
          },
          {
            "name": "DSA-5030",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2021/dsa-5030"
          },
          {
            "name": "DSA-5031",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2021/dsa-5031"
          },
          {
            "name": "FEDORA-2022-25a98f5d55",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/"
          },
          {
            "name": "FEDORA-2022-f7366e60cb",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-30887"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212876",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212876"
            },
            {
              "name": "https://support.apple.com/en-us/HT212874",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212874"
            },
            {
              "name": "https://support.apple.com/en-us/HT212869",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212869"
            },
            {
              "name": "https://support.apple.com/en-us/HT212867",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212867"
            },
            {
              "name": "[oss-security] 20211220 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0007",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/20/6"
            },
            {
              "name": "DSA-5031",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-5031"
            },
            {
              "name": "DSA-5030",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-5030"
            },
            {
              "name": "FEDORA-2022-25a98f5d55",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/"
            },
            {
              "name": "FEDORA-2022-f7366e60cb",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-01-09T16:41Z",
      "publishedDate": "2021-08-24T19:15Z"
    }
  }
}

FKIE_CVE-2021-30887

Vulnerability from fkie_nvd - Published: 2021-08-24 19:15 - Updated: 2024-11-21 06:04

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

References

	URL	Tags
	product-security@apple.com	http://www.openwall.com/lists/oss-security/2021/12/20/6
	product-security@apple.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/
	product-security@apple.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/
	product-security@apple.com	https://support.apple.com/en-us/HT212867
	product-security@apple.com	https://support.apple.com/en-us/HT212869
	product-security@apple.com	https://support.apple.com/en-us/HT212874
	product-security@apple.com	https://support.apple.com/en-us/HT212876
	product-security@apple.com	https://www.debian.org/security/2021/dsa-5030
	product-security@apple.com	https://www.debian.org/security/2021/dsa-5031
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/12/20/6
	af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/
	af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212867
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212869
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212874
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212876
	af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5030
	af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5031

Impacted products

Vendor	Product	Version
apple	ipados	*
apple	iphone_os	*
apple	macos	*
apple	tvos	*
apple	watchos	*
fedoraproject	fedora	34
fedoraproject	fedora	35
debian	debian_linux	10.0
debian	debian_linux	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B93FE038-6BF4-484E-8BBC-6F4332DCE045",
              "versionEndExcluding": "15.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E11B095-8786-478A-A6BA-82DED207426B",
              "versionEndExcluding": "15.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "579B2A0D-A84F-45C2-B545-35ECEA3297DA",
              "versionEndExcluding": "12.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A76BB8B-613D-46B7-80F8-83B6EF76F344",
              "versionEndExcluding": "15.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82F66E5-A6BF-4D7A-8DCA-DD4C35723936",
              "versionEndExcluding": "8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un problema l\u00f3gico con restricciones mejoradas. Este problema se corrigi\u00f3 en macOS Monterey versi\u00f3n 12.0.1, iOS versi\u00f3n 15.1 y iPadOS versi\u00f3n 15.1, watchOS versi\u00f3n 8.1, tvOS versi\u00f3n 15.1. El procesamiento de contenido web dise\u00f1ado de forma maliciosa puede conllevar a una no aplicaci\u00f3n inesperada de la pol\u00edtica de seguridad de contenidos"
    }
  ],
  "id": "CVE-2021-30887",
  "lastModified": "2024-11-21T06:04:54.423",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-24T19:15:16.817",
  "references": [
    {
      "source": "product-security@apple.com",
      "url": "http://www.openwall.com/lists/oss-security/2021/12/20/6"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/en-us/HT212867"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/en-us/HT212869"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/en-us/HT212874"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/en-us/HT212876"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://www.debian.org/security/2021/dsa-5030"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://www.debian.org/security/2021/dsa-5031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2021/12/20/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/en-us/HT212867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/en-us/HT212869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/en-us/HT212874"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/en-us/HT212876"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2021/dsa-5030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2021/dsa-5031"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2021-AVI-825

Vulnerability from certfr_avis - Published: 2021-10-27 - Updated: 2021-10-27

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions antérieures à 8.1
Apple	macOS	macOS Big Sur versions antérieures à 11.6.1
Apple	N/A	iOS et iPadOS versions antérieures à 14.8.1
Apple	N/A	tvOS versions antérieures à 15.1
Apple	macOS	macOS Catalina sans le correctif de sécurité 2021-007
Apple	N/A	iOS et iPadOS versions 15.x antérieures à 15.1
Apple	macOS	macOS Monterey versions antérieures à 12.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT212874 du 25 octobre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212868 du 25 octobre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212871 du 25 octobre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212876 du 25 octobre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212872 du 25 octobre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212867 du 25 octobre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212869 du 25 octobre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.6.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 14.8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 15.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina sans le correctif de s\u00e9curit\u00e9 2021-007",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS et iPadOS versions 15.x ant\u00e9rieures \u00e0 15.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.0.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-30875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30875"
    },
    {
      "name": "CVE-2021-30914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30914"
    },
    {
      "name": "CVE-2021-30909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30909"
    },
    {
      "name": "CVE-2021-30899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30899"
    },
    {
      "name": "CVE-2021-30892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30892"
    },
    {
      "name": "CVE-2021-30887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30887"
    },
    {
      "name": "CVE-2021-30895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30895"
    },
    {
      "name": "CVE-2021-30907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30907"
    },
    {
      "name": "CVE-2021-30861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30861"
    },
    {
      "name": "CVE-2021-30911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30911"
    },
    {
      "name": "CVE-2021-30833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30833"
    },
    {
      "name": "CVE-2021-30901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30901"
    },
    {
      "name": "CVE-2021-30823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30823"
    },
    {
      "name": "CVE-2021-30912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30912"
    },
    {
      "name": "CVE-2021-30896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30896"
    },
    {
      "name": "CVE-2021-30902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30902"
    },
    {
      "name": "CVE-2021-30888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30888"
    },
    {
      "name": "CVE-2021-30868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30868"
    },
    {
      "name": "CVE-2021-30864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30864"
    },
    {
      "name": "CVE-2021-30916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30916"
    },
    {
      "name": "CVE-2021-30834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30834"
    },
    {
      "name": "CVE-2021-30890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30890"
    },
    {
      "name": "CVE-2021-30879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30879"
    },
    {
      "name": "CVE-2021-30903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30903"
    },
    {
      "name": "CVE-2021-30880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30880"
    },
    {
      "name": "CVE-2021-30910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30910"
    },
    {
      "name": "CVE-2021-30886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30886"
    },
    {
      "name": "CVE-2021-30824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30824"
    },
    {
      "name": "CVE-2021-30908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30908"
    },
    {
      "name": "CVE-2021-30915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30915"
    },
    {
      "name": "CVE-2021-30906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30906"
    },
    {
      "name": "CVE-2021-30889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30889"
    },
    {
      "name": "CVE-2021-30813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30813"
    },
    {
      "name": "CVE-2021-30873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30873"
    },
    {
      "name": "CVE-2021-30917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30917"
    },
    {
      "name": "CVE-2021-30877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30877"
    },
    {
      "name": "CVE-2021-30920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30920"
    },
    {
      "name": "CVE-2021-30913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30913"
    },
    {
      "name": "CVE-2021-30918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30918"
    },
    {
      "name": "CVE-2021-30876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30876"
    },
    {
      "name": "CVE-2021-30905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30905"
    },
    {
      "name": "CVE-2021-30881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30881"
    },
    {
      "name": "CVE-2021-30821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30821"
    },
    {
      "name": "CVE-2021-30883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30883"
    },
    {
      "name": "CVE-2021-30894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30894"
    },
    {
      "name": "CVE-2021-30900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30900"
    },
    {
      "name": "CVE-2021-30919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30919"
    }
  ],
  "initial_release_date": "2021-10-27T00:00:00",
  "last_revision_date": "2021-10-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-825",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-10-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212874 du 25 octobre 2021",
      "url": "https://support.apple.com/fr-fr/HT212874"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212868 du 25 octobre 2021",
      "url": "https://support.apple.com/fr-fr/HT212868"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212871 du 25 octobre 2021",
      "url": "https://support.apple.com/fr-fr/HT212871"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212876 du 25 octobre 2021",
      "url": "https://support.apple.com/fr-fr/HT212876"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212872 du 25 octobre 2021",
      "url": "https://support.apple.com/fr-fr/HT212872"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212867 du 25 octobre 2021",
      "url": "https://support.apple.com/fr-fr/HT212867"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212869 du 25 octobre 2021",
      "url": "https://support.apple.com/fr-fr/HT212869"
    }
  ]
}

CERTFR-2021-AVI-827

Vulnerability from certfr_avis - Published: 2021-10-28 - Updated: 2021-10-28

De multiples vulnérabilités ont été découvertes dans Apple Safari. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	Safari	Safari versions antérieures à 15.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT212875 du 27 octobre 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 15.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-30887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30887"
    },
    {
      "name": "CVE-2021-30888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30888"
    },
    {
      "name": "CVE-2021-30890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30890"
    },
    {
      "name": "CVE-2021-30889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30889"
    }
  ],
  "initial_release_date": "2021-10-28T00:00:00",
  "last_revision_date": "2021-10-28T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-827",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-10-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple Safari.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212875 du 27 octobre 2021",
      "url": "https://support.apple.com/fr-fr/HT212875"
    }
  ]
}

cve-2021-30887

Vulnerability from osv_almalinux

Published

2022-05-10 06:24

Modified

2022-05-10 08:00

Summary

Moderate: webkit2gtk3 security, bug fix, and enhancement update

Details

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6). (BZ#1985042)

Security Fix(es):

webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free (CVE-2022-22620)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30809)
webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-30818)
webkitgtk: Logic issue leading to HSTS bypass (CVE-2021-30823)
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30846)
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30848)
webkitgtk: Multiple memory corruption issue leading to arbitrary code execution (CVE-2021-30849)
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30851)
webkitgtk: Logic issue leading to Content Security Policy bypass (CVE-2021-30887)
webkitgtk: Information leak via Content Security Policy reports (CVE-2021-30888)
webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2021-30889)
webkitgtk: Logic issue leading to universal cross-site scripting (CVE-2021-30890)
webkitgtk: Cross-origin data exfiltration via resource timing API (CVE-2021-30897)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30934)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30936)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30951)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30952)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30953)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30954)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30984)
webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create (CVE-2021-45481)
webkitgtk: use-after-free in WebCore::ContainerNode::firstChild (CVE-2021-45482)
webkitgtk: use-after-free in WebCore::Frame::page (CVE-2021-45483)
webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript (CVE-2022-22589)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-22590)
webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2022-22592)
webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2022-22594)
webkitgtk: logic issue was addressed with improved state management (CVE-2022-22637)
webkitgtk: Out-of-bounds read leading to memory disclosure (CVE-2021-30836)
webkitgtk: CSS compositing issue leading to revealing of the browsing history (CVE-2021-30884)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.34.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.34.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.34.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.34.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nThe following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6). (BZ#1985042)\n\nSecurity Fix(es):\n\n* webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free (CVE-2022-22620)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30809)\n\n* webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-30818)\n\n* webkitgtk: Logic issue leading to HSTS bypass (CVE-2021-30823)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30846)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30848)\n\n* webkitgtk: Multiple memory corruption issue leading to arbitrary code execution (CVE-2021-30849)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30851)\n\n* webkitgtk: Logic issue leading to Content Security Policy bypass (CVE-2021-30887)\n\n* webkitgtk: Information leak via Content Security Policy reports (CVE-2021-30888)\n\n* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2021-30889)\n\n* webkitgtk: Logic issue leading to universal cross-site scripting (CVE-2021-30890)\n\n* webkitgtk: Cross-origin data exfiltration via resource timing API (CVE-2021-30897)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30934)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30936)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30951)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30952)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30953)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30954)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30984)\n\n* webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create (CVE-2021-45481)\n\n* webkitgtk: use-after-free in WebCore::ContainerNode::firstChild (CVE-2021-45482)\n\n* webkitgtk: use-after-free in WebCore::Frame::page (CVE-2021-45483)\n\n* webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript (CVE-2022-22589)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-22590)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2022-22592)\n\n* webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2022-22594)\n\n* webkitgtk: logic issue was addressed with improved state management (CVE-2022-22637)\n\n* webkitgtk: Out-of-bounds read leading to memory disclosure (CVE-2021-30836)\n\n* webkitgtk: CSS compositing issue leading to revealing of the browsing history (CVE-2021-30884)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2022:1777",
  "modified": "2022-05-10T08:00:31Z",
  "published": "2022-05-10T06:24:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2022-1777.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30809"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30818"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30823"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30836"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30846"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30848"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30849"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30851"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30884"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30887"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30888"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30889"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30890"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30897"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30934"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30936"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30951"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30952"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30953"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30954"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30984"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-45481"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-45482"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-45483"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22589"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22590"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22592"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22594"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22620"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22637"
    }
  ],
  "related": [
    "CVE-2022-22620",
    "CVE-2021-30809",
    "CVE-2021-30818",
    "CVE-2021-30823",
    "CVE-2021-30846",
    "CVE-2021-30848",
    "CVE-2021-30849",
    "CVE-2021-30851",
    "CVE-2021-30887",
    "CVE-2021-30888",
    "CVE-2021-30889",
    "CVE-2021-30890",
    "CVE-2021-30897",
    "CVE-2021-30934",
    "CVE-2021-30936",
    "CVE-2021-30951",
    "CVE-2021-30952",
    "CVE-2021-30953",
    "CVE-2021-30954",
    "CVE-2021-30984",
    "CVE-2021-45481",
    "CVE-2021-45482",
    "CVE-2021-45483",
    "CVE-2022-22589",
    "CVE-2022-22590",
    "CVE-2022-22592",
    "CVE-2022-22594",
    "CVE-2022-22637",
    "CVE-2021-30836",
    "CVE-2021-30884"
  ],
  "summary": "Moderate: webkit2gtk3 security, bug fix, and enhancement update"
}

CVE-2021-30887

Vulnerability from fstec - Published: 13.04.2021

Title

Уязвимость модуля отображения веб-страниц WPE WebKit, связанная с использованием недоверенного файла междоменной политики, позволяющая нарушителю оказать воздействие на целостность данных

Description

Уязвимость модуля отображения веб-страниц WPE WebKit связана с использованием недоверенного файла междоменной политики. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, оказать воздействие на целостность данных

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», АО "НППКТ"

Software Name

Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), WebKitGTK, WPE WebKit, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), до 2.34.3 (WebKitGTK), до 2.34.3 (WPE WebKit), 4.7 (Astra Linux Special Edition), до 2.4.2 (ОСОН ОСнова Оnyx)

Possible Mitigations

Для WebKitGTK: использование рекомендаций производителя: https://webkitgtk.org/security/WSA-2021-0007.html Для WPE WebKit: использование рекомендаций производителя: https://webkitgtk.org/security/WSA-2021-0007.html Для ОС Astra Linux: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17 Для ОСОН Основа: Обновление программного обеспечения webkit2gtk до версии 2.34.3-1~deb10u1

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-30887 https://security-tracker.debian.org/tracker/CVE-2021-30887 https://webkitgtk.org/security/WSA-2021-0007.html https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4.2/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/

CWE

CWE-942

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), \u0434\u043e 2.34.3 (WebKitGTK), \u0434\u043e 2.34.3 (WPE WebKit), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.4.2 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f WebKitGTK:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://webkitgtk.org/security/WSA-2021-0007.html\n\n\u0414\u043b\u044f WPE WebKit:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://webkitgtk.org/security/WSA-2021-0007.html\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f webkit2gtk \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.34.3-1~deb10u1\n\n",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.04.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "03.04.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.09.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05708",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-30887",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), WebKitGTK, WPE WebKit, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.4.2  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WPE WebKit, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u043c\u0435\u0436\u0434\u043e\u043c\u0435\u043d\u043d\u043e\u0439 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u043c\u0435\u0436\u0434\u043e\u043c\u0435\u043d\u043d\u043e\u0439 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 (CWE-942)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WPE WebKit \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u043c\u0435\u0436\u0434\u043e\u043c\u0435\u043d\u043d\u043e\u0439 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2021-30887\nhttps://security-tracker.debian.org/tracker/CVE-2021-30887\nhttps://webkitgtk.org/security/WSA-2021-0007.html\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.4.2/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-942",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-30887 (GCVE-0-2021-30887)

GSD-2021-30887

FKIE_CVE-2021-30887

CERTFR-2021-AVI-825

Solution

CERTFR-2021-AVI-827

Solution

cve-2021-30887

Vulnerability from osv_almalinux

CVE-2021-30887

Tags

Sightings

Nomenclature