Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-072
Vulnerability from certfr_avis - Published: 2021-02-02 - Updated: 2021-02-02
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Catalina sans le correctif de s\u00e9curit\u00e9 2021-001",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 14.0.3",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Mojave sans le correctif de s\u00e9curit\u00e9 2021-001",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1778",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1778"
},
{
"name": "CVE-2021-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1789"
},
{
"name": "CVE-2021-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1762"
},
{
"name": "CVE-2021-1773",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1773"
},
{
"name": "CVE-2021-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1761"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2021-1775",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1775"
},
{
"name": "CVE-2020-27937",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27937"
},
{
"name": "CVE-2021-1738",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1738"
},
{
"name": "CVE-2021-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1777"
},
{
"name": "CVE-2021-1787",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1787"
},
{
"name": "CVE-2021-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1766"
},
{
"name": "CVE-2021-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1745"
},
{
"name": "CVE-2021-1736",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1736"
},
{
"name": "CVE-2021-1764",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1764"
},
{
"name": "CVE-2021-1743",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1743"
},
{
"name": "CVE-2021-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1786"
},
{
"name": "CVE-2021-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1788"
},
{
"name": "CVE-2021-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1737"
},
{
"name": "CVE-2021-1792",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1792"
},
{
"name": "CVE-2020-29614",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29614"
},
{
"name": "CVE-2021-1785",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1785"
},
{
"name": "CVE-2021-1818",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1818"
},
{
"name": "CVE-2021-1782",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1782"
},
{
"name": "CVE-2021-1793",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1793"
},
{
"name": "CVE-2020-29633",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29633"
},
{
"name": "CVE-2021-1751",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1751"
},
{
"name": "CVE-2021-1797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1797"
},
{
"name": "CVE-2020-29608",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29608"
},
{
"name": "CVE-2021-1791",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1791"
},
{
"name": "CVE-2021-1871",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1871"
},
{
"name": "CVE-2021-1801",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1801"
},
{
"name": "CVE-2021-1783",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1783"
},
{
"name": "CVE-2021-1870",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1870"
},
{
"name": "CVE-2020-27938",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27938"
},
{
"name": "CVE-2021-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1767"
},
{
"name": "CVE-2021-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1771"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2021-1802",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1802"
},
{
"name": "CVE-2021-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1747"
},
{
"name": "CVE-2021-1790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1790"
},
{
"name": "CVE-2021-1765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1765"
},
{
"name": "CVE-2021-1799",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1799"
},
{
"name": "CVE-2021-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1746"
},
{
"name": "CVE-2021-1754",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1754"
},
{
"name": "CVE-2021-1772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1772"
},
{
"name": "CVE-2021-1776",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1776"
},
{
"name": "CVE-2021-1753",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1753"
},
{
"name": "CVE-2021-1741",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1741"
},
{
"name": "CVE-2021-1750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1750"
},
{
"name": "CVE-2021-1744",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1744"
},
{
"name": "CVE-2021-1742",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1742"
},
{
"name": "CVE-2021-1760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1760"
},
{
"name": "CVE-2020-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27904"
},
{
"name": "CVE-2021-1757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1757"
},
{
"name": "CVE-2020-25709",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25709"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2021-1768",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1768"
},
{
"name": "CVE-2021-1774",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1774"
},
{
"name": "CVE-2021-1769",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1769"
},
{
"name": "CVE-2021-1759",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1759"
},
{
"name": "CVE-2021-1763",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1763"
},
{
"name": "CVE-2021-1779",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1779"
},
{
"name": "CVE-2021-1758",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1758"
},
{
"name": "CVE-2020-27945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27945"
}
],
"initial_release_date": "2021-02-02T00:00:00",
"last_revision_date": "2021-02-02T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-072",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212152 du 01 f\u00e9vrier 2021",
"url": "https://support.apple.com/fr-fr/HT212152"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212147 du 01 f\u00e9vrier 2021",
"url": "https://support.apple.com/fr-fr/HT212147"
}
]
}
CVE-2021-1786 (GCVE-0-2021-1786)
Vulnerability from cvelistv5 – Published: 2021-04-02 17:59 – Updated: 2024-08-03 16:25
VLAI
EPSS
Summary
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to create or modify system files.
Severity
No CVSS data available.
CWE
- A local user may be able to create or modify system files
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT212147 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212146 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212148 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212149 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:25:05.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to create or modify system files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A local user may be able to create or modify system files",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-02T17:59:36.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-1786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to create or modify system files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A local user may be able to create or modify system files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212147",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212147"
},
{
"name": "https://support.apple.com/en-us/HT212146",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212146"
},
{
"name": "https://support.apple.com/en-us/HT212148",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212148"
},
{
"name": "https://support.apple.com/en-us/HT212149",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2021-1786",
"datePublished": "2021-04-02T17:59:36.000Z",
"dateReserved": "2020-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:25:05.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1787 (GCVE-0-2021-1787)
Vulnerability from cvelistv5 – Published: 2021-04-02 18:00 – Updated: 2024-08-03 16:25
VLAI
EPSS
Summary
Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.
Severity
No CVSS data available.
CWE
- A local attacker may be able to elevate their privileges
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT212147 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212146 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212148 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212149 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:25:05.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A local attacker may be able to elevate their privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-02T18:00:29.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-1787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A local attacker may be able to elevate their privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212147",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212147"
},
{
"name": "https://support.apple.com/en-us/HT212146",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212146"
},
{
"name": "https://support.apple.com/en-us/HT212148",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212148"
},
{
"name": "https://support.apple.com/en-us/HT212149",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2021-1787",
"datePublished": "2021-04-02T18:00:29.000Z",
"dateReserved": "2020-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:25:05.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1788 (GCVE-0-2021-1788)
Vulnerability from cvelistv5 – Published: 2021-04-02 18:00 – Updated: 2024-08-03 16:25
VLAI
EPSS
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity
No CVSS data available.
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT212147 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212146 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212148 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212149 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212152 | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.debian.org/security/2021/dsa-4923 | vendor-advisoryx_refsource_DEBIAN |
Impacted products
5 products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:25:05.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212149"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212152"
},
{
"name": "FEDORA-2021-864dc37032",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"name": "DSA-4923",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4923"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-30T23:06:10.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212149"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212152"
},
{
"name": "FEDORA-2021-864dc37032",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"name": "DSA-4923",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4923"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-1788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.0"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212147",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212147"
},
{
"name": "https://support.apple.com/en-us/HT212146",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212146"
},
{
"name": "https://support.apple.com/en-us/HT212148",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212148"
},
{
"name": "https://support.apple.com/en-us/HT212149",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212149"
},
{
"name": "https://support.apple.com/en-us/HT212152",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212152"
},
{
"name": "FEDORA-2021-864dc37032",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"name": "DSA-4923",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4923"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2021-1788",
"datePublished": "2021-04-02T18:00:45.000Z",
"dateReserved": "2020-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:25:05.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1789 (GCVE-0-2021-1789)
Vulnerability from cvelistv5 – Published: 2021-04-02 18:01 – Updated: 2025-10-21 23:25
VLAI
EPSS
Summary
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity
8.8 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT212147 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212146 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212148 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212149 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212152 | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202104-03 | vendor-advisoryx_refsource_GENTOO |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
5 products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:25:05.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212149"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212152"
},
{
"name": "FEDORA-2021-864dc37032",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"name": "FEDORA-2021-619711d709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"
},
{
"name": "GLSA-202104-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202104-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-1789",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:34:43.911837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-05-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1789"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:50.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1789"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-05-04T00:00:00.000Z",
"value": "CVE-2021-1789 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-01T01:06:28.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212149"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212152"
},
{
"name": "FEDORA-2021-864dc37032",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"name": "FEDORA-2021-619711d709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"
},
{
"name": "GLSA-202104-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202104-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-1789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.0"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212147",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212147"
},
{
"name": "https://support.apple.com/en-us/HT212146",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212146"
},
{
"name": "https://support.apple.com/en-us/HT212148",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212148"
},
{
"name": "https://support.apple.com/en-us/HT212149",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212149"
},
{
"name": "https://support.apple.com/en-us/HT212152",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212152"
},
{
"name": "FEDORA-2021-864dc37032",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"name": "FEDORA-2021-619711d709",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"
},
{
"name": "GLSA-202104-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202104-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2021-1789",
"datePublished": "2021-04-02T18:01:18.000Z",
"dateReserved": "2020-12-08T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:50.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1790 (GCVE-0-2021-1790)
Vulnerability from cvelistv5 – Published: 2021-04-02 18:02 – Updated: 2024-08-03 16:25
VLAI
EPSS
Summary
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution.
Severity
No CVSS data available.
CWE
- Processing a maliciously crafted font may lead to arbitrary code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT212147 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:25:05.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted font may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-02T18:02:02.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-1790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted font may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212147",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2021-1790",
"datePublished": "2021-04-02T18:02:02.000Z",
"dateReserved": "2020-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:25:05.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1791 (GCVE-0-2021-1791)
Vulnerability from cvelistv5 – Published: 2021-04-02 18:01 – Updated: 2024-08-03 16:25
VLAI
EPSS
Summary
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory.
Severity
No CVSS data available.
CWE
- A malicious application may be able to disclose kernel memory
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT212147 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212146 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212148 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212149 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:25:06.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious application may be able to disclose kernel memory",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-02T18:01:35.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-1791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to disclose kernel memory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212147",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212147"
},
{
"name": "https://support.apple.com/en-us/HT212146",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212146"
},
{
"name": "https://support.apple.com/en-us/HT212148",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212148"
},
{
"name": "https://support.apple.com/en-us/HT212149",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2021-1791",
"datePublished": "2021-04-02T18:01:35.000Z",
"dateReserved": "2020-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:25:06.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1792 (GCVE-0-2021-1792)
Vulnerability from cvelistv5 – Published: 2021-04-02 18:01 – Updated: 2024-08-03 16:25
VLAI
EPSS
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.
Severity
No CVSS data available.
CWE
- A remote attacker may be able to cause arbitrary code execution
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT212147 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212146 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212148 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212149 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:25:05.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A remote attacker may be able to cause arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-02T18:01:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-1792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A remote attacker may be able to cause arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212147",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212147"
},
{
"name": "https://support.apple.com/en-us/HT212146",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212146"
},
{
"name": "https://support.apple.com/en-us/HT212148",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212148"
},
{
"name": "https://support.apple.com/en-us/HT212149",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2021-1792",
"datePublished": "2021-04-02T18:01:01.000Z",
"dateReserved": "2020-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:25:05.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1793 (GCVE-0-2021-1793)
Vulnerability from cvelistv5 – Published: 2021-04-02 18:02 – Updated: 2024-08-03 16:25
VLAI
EPSS
Summary
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.
Severity
No CVSS data available.
CWE
- Processing a maliciously crafted image may lead to arbitrary code execution
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT212147 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212146 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212148 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212149 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:25:05.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted image may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-02T18:02:50.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-1793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted image may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212147",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212147"
},
{
"name": "https://support.apple.com/en-us/HT212146",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212146"
},
{
"name": "https://support.apple.com/en-us/HT212148",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212148"
},
{
"name": "https://support.apple.com/en-us/HT212149",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2021-1793",
"datePublished": "2021-04-02T18:02:50.000Z",
"dateReserved": "2020-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:25:05.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1797 (GCVE-0-2021-1797)
Vulnerability from cvelistv5 – Published: 2021-04-02 18:04 – Updated: 2024-08-03 16:25
VLAI
EPSS
Summary
The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files.
Severity
No CVSS data available.
CWE
- A local user may be able to read arbitrary files
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT212147 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212146 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212148 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212149 | x_refsource_MISC |
| https://support.apple.com/kb/HT212326 | x_refsource_CONFIRM |
| https://support.apple.com/kb/HT212327 | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2021/Apr/51 | mailing-listx_refsource_FULLDISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:25:04.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212149"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212327"
},
{
"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A local user may be able to read arbitrary files",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-27T20:06:41.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212149"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212327"
},
{
"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/51"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-1797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A local user may be able to read arbitrary files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212147",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212147"
},
{
"name": "https://support.apple.com/en-us/HT212146",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212146"
},
{
"name": "https://support.apple.com/en-us/HT212148",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212148"
},
{
"name": "https://support.apple.com/en-us/HT212149",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212149"
},
{
"name": "https://support.apple.com/kb/HT212326",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212326"
},
{
"name": "https://support.apple.com/kb/HT212327",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212327"
},
{
"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Apr/51"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2021-1797",
"datePublished": "2021-04-02T18:04:01.000Z",
"dateReserved": "2020-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:25:04.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1799 (GCVE-0-2021-1799)
Vulnerability from cvelistv5 – Published: 2021-04-02 18:04 – Updated: 2024-08-03 16:25
VLAI
EPSS
Summary
A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.
Severity
No CVSS data available.
CWE
- A malicious website may be able to access restricted ports on arbitrary servers
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT212147 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212146 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212148 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212149 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212152 | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202104-03 | vendor-advisoryx_refsource_GENTOO |
Impacted products
5 products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:25:04.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212149"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212152"
},
{
"name": "FEDORA-2021-864dc37032",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"name": "FEDORA-2021-619711d709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"
},
{
"name": "GLSA-202104-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202104-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious website may be able to access restricted ports on arbitrary servers",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-01T01:06:27.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212146"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212148"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212149"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212152"
},
{
"name": "FEDORA-2021-864dc37032",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"name": "FEDORA-2021-619711d709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"
},
{
"name": "GLSA-202104-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202104-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-1799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.0"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious website may be able to access restricted ports on arbitrary servers"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212147",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212147"
},
{
"name": "https://support.apple.com/en-us/HT212146",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212146"
},
{
"name": "https://support.apple.com/en-us/HT212148",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212148"
},
{
"name": "https://support.apple.com/en-us/HT212149",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212149"
},
{
"name": "https://support.apple.com/en-us/HT212152",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212152"
},
{
"name": "FEDORA-2021-864dc37032",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"name": "FEDORA-2021-619711d709",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"
},
{
"name": "GLSA-202104-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202104-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2021-1799",
"datePublished": "2021-04-02T18:04:32.000Z",
"dateReserved": "2020-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:25:04.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…