VAR-202108-1057
Vulnerability from variot - Updated: 2025-12-22 21:57An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. apple's iPadOS Integer overflow vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-21
https://security.gentoo.org/
Severity: High Title: Poppler: Arbitrary Code Execution Date: September 29, 2022 Bugs: #867958 ID: 202209-21
Synopsis
A vulnerability has been discovered in Poppler which could allow for arbitrary code execution.
Background
Poppler is a PDF rendering library based on the xpdf-3.0 code base.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/poppler < 22.09.0 >= 22.09.0
Description
Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details.
Workaround
Avoid opening untrusted PDFs.
Resolution
All Poppler users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/poppler-22.09.0"
References
[ 1 ] CVE-2021-30860 https://nvd.nist.gov/vuln/detail/CVE-2021-30860 [ 2 ] CVE-2022-38784 https://nvd.nist.gov/vuln/detail/CVE-2022-38784
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202209-21
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Information about the security content is also available at https://support.apple.com/HT212805. CVE-2021-30860: The Citizen Lab
CoreServices Available for: macOS Catalina Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improved access restrictions. CVE-2021-30783: an anonymous researcher, Ron Hass (@ronhass7) of Perception Point Entry added September 20, 2021
CUPS Available for: macOS Catalina Impact: A local attacker may be able to elevate their privileges Description: A permissions issue existed. CVE-2021-30827: an anonymous researcher Entry added September 20, 2021
CUPS Available for: macOS Catalina Impact: A local user may be able to read arbitrary files as root Description: This issue was addressed with improved checks. CVE-2021-30828: an anonymous researcher Entry added September 20, 2021
CUPS Available for: macOS Catalina Impact: A local user may be able to execute arbitrary files Description: A URI parsing issue was addressed with improved parsing. CVE-2021-30829: an anonymous researcher Entry added September 20, 2021
curl Available for: macOS Catalina Impact: curl could potentially reveal sensitive internal information to the server using a clear-text network protocol Description: A buffer overflow was addressed with improved input validation. CVE-2021-22925 Entry added September 20, 2021
CVMS Available for: macOS Catalina Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro Entry added September 20, 2021
FontParser Available for: macOS Catalina Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab Entry added September 20, 2021
ImageIO Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30835: Ye Zhang of Baidu Security CVE-2021-30847: Mike Zhang of Pangu Lab Entry added September 20, 2021
Kernel Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30830: Zweig of Kunlun Lab Entry added September 20, 2021
Kernel Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30865: Zweig of Kunlun Lab Entry added September 20, 2021
Kernel Available for: macOS Catalina Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: A race condition was addressed with additional validation. CVE-2020-29622: Jordy Zomer of Certified Secure Entry added September 20, 2021
Kernel Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab Entry added September 20, 2021
Kernel Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2021-30859: Apple Entry added September 20, 2021
libexpat Available for: macOS Catalina Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1. CVE-2013-0340: an anonymous researcher Entry added September 20, 2021
Preferences Available for: macOS Catalina Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Entry added September 20, 2021
Sandbox Available for: macOS Catalina Impact: A user may gain access to protected parts of the file system Description: An access issue was addressed with improved access restrictions. CVE-2021-30850: an anonymous researcher Entry added September 20, 2021
SMB Available for: macOS Catalina Impact: A remote attacker may be able to leak memory Description: A logic issue was addressed with improved state management. CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs Entry added September 20, 2021
TCC Available for: macOS Catalina Impact: A malicious application may be able to bypass Privacy preferences Description: A permissions issue was addressed with improved validation. CVE-2021-30713: an anonymous researcher Entry added September 20, 2021
Additional recognition
Bluetooth We would like to acknowledge say2 of ENKI for their assistance. Entry added September 20, 2021
CoreML We would like to acknowledge hjy79425575 working with Trend Micro Zero Day Initiative for their assistance. Entry added September 20, 2021
CUPS We would like to acknowledge an anonymous researcher for their assistance. Entry added September 20, 2021
Kernel We would like to acknowledge Anthony Steinhauser of Google's Safeside project for their assistance. Entry added September 20, 2021
smbx We would like to acknowledge Zhongcheng Li (CK01) for their assistance. Entry added September 20, 2021
Installation note:
This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p rhhvSA/+MzMvNJUS7KUDdIBNgVfzpgGLGGy0ewyCCuLaTFGPPtVVMlgXgo0Q1ds4 NQJ47AWXUkOEPotUdaMXYXTTlNRrS/rHuhrUar8tNgXVOuTIFoa0AaGNVFLbklxz KRte/SqDIY7PdWobflBTeeROlFq0/lIys+cyI3TtWezCGaGcdFO0Ckhv76UFUUUi qnB3hjxXVCkbwbetl6EMPQiIYpOzU8KOn95T3E24buRO8CxNdwYbZOkHqYaCAYLX Fm0lPtX4VknTdwjwhMTmNrbrMmc7TPOLEUavTNv0ghslYbywX3Iwj6f2mC5ZArUB klKZwLWPl8cOJmwMADnSpQc5VR+umM0fJdxsHajJu9/eWAuVK35IFJbQcZyP0Urv N+B8V4tk9D+I1NmU+12QIAlmUnnAmnzCBa/qE+FIGCyyBQgSM6WdmwXmWvQPX9/1 q7fVqW6zZv1A7z2Qal82sRkLH1APsoRGUQlw+uttmh6rKoLpNgH4ZJ4Xhqcq/S4k DgL85EvidWgaaTIj9+mI5NmqbY0E8/rkHtjxaOY9wyjpWiw2rSO7SXLTuDIRMBlt hlBR20e5/ZqdKxxAE+U31ZI8PzJhEU4PoCL5xcciXxBOilxhUgVLGDgmZol117Sy +wX/g7wuaorhnCsOIWNBC/up76pBJlCe+nsOoWNPFdgP5qw2pZY= =QJxi -----END PGP SIGNATURE-----
. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.8"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.5.5"
},
{
"model": "poppler",
"scope": "lt",
"trust": 1.0,
"vendor": "freedesktop",
"version": "22.09.0"
},
{
"model": "iphone os",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.8"
},
{
"model": "xpdf",
"scope": "lt",
"trust": 1.0,
"vendor": "xpdfreader",
"version": "4.04"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "xpdf",
"scope": null,
"trust": 0.8,
"vendor": "glyph cog",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "poppler",
"scope": null,
"trust": 0.8,
"vendor": "freedesktop",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "7.6.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"db": "NVD",
"id": "CVE-2021-30860"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "164249"
},
{
"db": "PACKETSTORM",
"id": "164197"
},
{
"db": "PACKETSTORM",
"id": "164196"
},
{
"db": "PACKETSTORM",
"id": "164194"
},
{
"db": "PACKETSTORM",
"id": "164277"
},
{
"db": "PACKETSTORM",
"id": "164242"
}
],
"trust": 0.6
},
"cve": "CVE-2021-30860",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-30860",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-390593",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-30860",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-30860",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30860",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-30860",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-30860",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-2136",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-390593",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-30860",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390593"
},
{
"db": "VULMON",
"id": "CVE-2021-30860"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2136"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"db": "NVD",
"id": "CVE-2021-30860"
},
{
"db": "NVD",
"id": "CVE-2021-30860"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. apple\u0027s iPadOS Integer overflow vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202209-21\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Poppler: Arbitrary Code Execution\n Date: September 29, 2022\n Bugs: #867958\n ID: 202209-21\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nA vulnerability has been discovered in Poppler which could allow for\narbitrary code execution. \n\nBackground\n=========\nPoppler is a PDF rendering library based on the xpdf-3.0 code base. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-text/poppler \u003c 22.09.0 \u003e= 22.09.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Poppler. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n=========\nAvoid opening untrusted PDFs. \n\nResolution\n=========\nAll Poppler users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-text/poppler-22.09.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30860\n https://nvd.nist.gov/vuln/detail/CVE-2021-30860\n[ 2 ] CVE-2022-38784\n https://nvd.nist.gov/vuln/detail/CVE-2022-38784\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-21\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212805. \nCVE-2021-30860: The Citizen Lab\n\nCoreServices\nAvailable for: macOS Catalina\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2021-30783: an anonymous researcher, Ron Hass (@ronhass7) of\nPerception Point\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Catalina\nImpact: A local attacker may be able to elevate their privileges\nDescription: A permissions issue existed. \nCVE-2021-30827: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Catalina\nImpact: A local user may be able to read arbitrary files as root\nDescription: This issue was addressed with improved checks. \nCVE-2021-30828: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Catalina\nImpact: A local user may be able to execute arbitrary files\nDescription: A URI parsing issue was addressed with improved parsing. \nCVE-2021-30829: an anonymous researcher\nEntry added September 20, 2021\n\ncurl\nAvailable for: macOS Catalina\nImpact: curl could potentially reveal sensitive internal information\nto the server using a clear-text network protocol\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2021-22925\nEntry added September 20, 2021\n\nCVMS\nAvailable for: macOS Catalina\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro\nEntry added September 20, 2021\n\nFontParser\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab\nEntry added September 20, 2021\n\nImageIO\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30835: Ye Zhang of Baidu Security\nCVE-2021-30847: Mike Zhang of Pangu Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30830: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30865: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Catalina\nImpact: Mounting a maliciously crafted NFS network share may lead to\narbitrary code execution with system privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2020-29622: Jordy Zomer of Certified Secure\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30857: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-30859: Apple\nEntry added September 20, 2021\n\nlibexpat\nAvailable for: macOS Catalina\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed by updating expat to version\n2.4.1. \nCVE-2013-0340: an anonymous researcher\nEntry added September 20, 2021\n\nPreferences\nAvailable for: macOS Catalina\nImpact: An application may be able to access restricted files\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nEntry added September 20, 2021\n\nSandbox\nAvailable for: macOS Catalina\nImpact: A user may gain access to protected parts of the file system\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2021-30850: an anonymous researcher\nEntry added September 20, 2021\n\nSMB\nAvailable for: macOS Catalina\nImpact: A remote attacker may be able to leak memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs\nEntry added September 20, 2021\n\nTCC\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2021-30713: an anonymous researcher\nEntry added September 20, 2021\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge say2 of ENKI for their assistance. \nEntry added September 20, 2021\n\nCoreML\nWe would like to acknowledge hjy79425575 working with Trend Micro\nZero Day Initiative for their assistance. \nEntry added September 20, 2021\n\nCUPS\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added September 20, 2021\n\nKernel\nWe would like to acknowledge Anthony Steinhauser of Google\u0027s Safeside\nproject for their assistance. \nEntry added September 20, 2021\n\nsmbx\nWe would like to acknowledge Zhongcheng Li (CK01) for their\nassistance. \nEntry added September 20, 2021\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p\nrhhvSA/+MzMvNJUS7KUDdIBNgVfzpgGLGGy0ewyCCuLaTFGPPtVVMlgXgo0Q1ds4\nNQJ47AWXUkOEPotUdaMXYXTTlNRrS/rHuhrUar8tNgXVOuTIFoa0AaGNVFLbklxz\nKRte/SqDIY7PdWobflBTeeROlFq0/lIys+cyI3TtWezCGaGcdFO0Ckhv76UFUUUi\nqnB3hjxXVCkbwbetl6EMPQiIYpOzU8KOn95T3E24buRO8CxNdwYbZOkHqYaCAYLX\nFm0lPtX4VknTdwjwhMTmNrbrMmc7TPOLEUavTNv0ghslYbywX3Iwj6f2mC5ZArUB\nklKZwLWPl8cOJmwMADnSpQc5VR+umM0fJdxsHajJu9/eWAuVK35IFJbQcZyP0Urv\nN+B8V4tk9D+I1NmU+12QIAlmUnnAmnzCBa/qE+FIGCyyBQgSM6WdmwXmWvQPX9/1\nq7fVqW6zZv1A7z2Qal82sRkLH1APsoRGUQlw+uttmh6rKoLpNgH4ZJ4Xhqcq/S4k\nDgL85EvidWgaaTIj9+mI5NmqbY0E8/rkHtjxaOY9wyjpWiw2rSO7SXLTuDIRMBlt\nhlBR20e5/ZqdKxxAE+U31ZI8PzJhEU4PoCL5xcciXxBOilxhUgVLGDgmZol117Sy\n+wX/g7wuaorhnCsOIWNBC/up76pBJlCe+nsOoWNPFdgP5qw2pZY=\n=QJxi\n-----END PGP SIGNATURE-----\n\n\n\n. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30860"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"db": "VULHUB",
"id": "VHN-390593"
},
{
"db": "VULMON",
"id": "CVE-2021-30860"
},
{
"db": "PACKETSTORM",
"id": "168573"
},
{
"db": "PACKETSTORM",
"id": "164249"
},
{
"db": "PACKETSTORM",
"id": "164197"
},
{
"db": "PACKETSTORM",
"id": "164196"
},
{
"db": "PACKETSTORM",
"id": "164194"
},
{
"db": "PACKETSTORM",
"id": "164277"
},
{
"db": "PACKETSTORM",
"id": "164242"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30860",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/09/02/11",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "168573",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021228",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164249",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164197",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164277",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.3102",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3099.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3212",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091321",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092317",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2136",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-390593",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30860",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164196",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164194",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164242",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390593"
},
{
"db": "VULMON",
"id": "CVE-2021-30860"
},
{
"db": "PACKETSTORM",
"id": "168573"
},
{
"db": "PACKETSTORM",
"id": "164249"
},
{
"db": "PACKETSTORM",
"id": "164197"
},
{
"db": "PACKETSTORM",
"id": "164196"
},
{
"db": "PACKETSTORM",
"id": "164194"
},
{
"db": "PACKETSTORM",
"id": "164277"
},
{
"db": "PACKETSTORM",
"id": "164242"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2136"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"db": "NVD",
"id": "CVE-2021-30860"
}
]
},
"id": "VAR-202108-1057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390593"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T21:57:04.449000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212807 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.freedesktop.org/wiki/"
},
{
"title": "Apple macOS Big Sur Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=162839"
},
{
"title": "Table of Contents\nTools\nEducational\nSimilar Lists\nContributing",
"trust": 0.1,
"url": "https://github.com/ex0dus-0x/awesome-rust-security "
},
{
"title": "CVE-2021-30860",
"trust": 0.1,
"url": "https://github.com/Levilutz/CVE-2021-30860 "
},
{
"title": "Gex is an iOS 14.7 jailbreak using CVE-2021-30807 IOMFB \u0026 CVE-2021-30860 exploit(s)",
"trust": 0.1,
"url": "https://github.com/30440r/gex "
},
{
"title": "ELEGANTBOUNCER",
"trust": 0.1,
"url": "https://github.com/msuiche/elegant-bouncer "
},
{
"title": "https://github.com/octane23/CASE-STUDY-1",
"trust": 0.1,
"url": "https://github.com/octane23/CASE-STUDY-1 "
},
{
"title": "https://github.com/houjingyi233/macOS-iOS-system-security",
"trust": 0.1,
"url": "https://github.com/houjingyi233/macOS-iOS-system-security "
},
{
"title": "https://github.com/houjingyi233/macos-ios-exploit-writeup",
"trust": 0.1,
"url": "https://github.com/houjingyi233/macos-ios-exploit-writeup "
},
{
"title": "CVE-T4PDF\nTable of contents\nList of CVEs\nList of Techniques",
"trust": 0.1,
"url": "https://github.com/0xCyberY/CVE-T4PDF "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/soosmile/POC "
},
{
"title": "Known Exploited Vulnerabilities Detector",
"trust": 0.1,
"url": "https://github.com/Ostorlab/KEV "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2021/12/17/cyber_spying_firms_facebook_meta/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2021/09/13/apple_ios_macos_security_fixes/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2022/04/20/google_zero_days/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2022/02/11/apple_emergency_webkit/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-30860"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2136"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390593"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"db": "NVD",
"id": "CVE-2021-30860"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://security.gentoo.org/glsa/202209-21"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/sep/25"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/sep/26"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/sep/27"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/sep/28"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/sep/38"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/sep/39"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/sep/40"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/sep/50"
},
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212805"
},
{
"trust": 1.9,
"url": "https://support.apple.com/en-us/ht212807"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht212824"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212804"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212806"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30860"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2021-30860"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.6,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092317"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168573/gentoo-linux-security-advisory-202209-21.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164249/apple-security-advisory-2021-09-20-8.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-two-vulnerabilities-36384"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3102"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164277/apple-security-advisory-2021-09-23-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3212"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3099.2"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164197/apple-security-advisory-2021-09-13-4.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212824"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091321"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht212805."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0340"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30841"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30855"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30843"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30859"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30857"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30842"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht212807."
},
{
"trust": 0.2,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://github.com/ex0dus-0x/awesome-rust-security"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38784"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30830"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30828"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30844"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30829"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30713"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30835"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212804."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30869"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212824."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390593"
},
{
"db": "VULMON",
"id": "CVE-2021-30860"
},
{
"db": "PACKETSTORM",
"id": "168573"
},
{
"db": "PACKETSTORM",
"id": "164249"
},
{
"db": "PACKETSTORM",
"id": "164197"
},
{
"db": "PACKETSTORM",
"id": "164196"
},
{
"db": "PACKETSTORM",
"id": "164194"
},
{
"db": "PACKETSTORM",
"id": "164277"
},
{
"db": "PACKETSTORM",
"id": "164242"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2136"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"db": "NVD",
"id": "CVE-2021-30860"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390593"
},
{
"db": "VULMON",
"id": "CVE-2021-30860"
},
{
"db": "PACKETSTORM",
"id": "168573"
},
{
"db": "PACKETSTORM",
"id": "164249"
},
{
"db": "PACKETSTORM",
"id": "164197"
},
{
"db": "PACKETSTORM",
"id": "164196"
},
{
"db": "PACKETSTORM",
"id": "164194"
},
{
"db": "PACKETSTORM",
"id": "164277"
},
{
"db": "PACKETSTORM",
"id": "164242"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2136"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"db": "NVD",
"id": "CVE-2021-30860"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390593"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30860"
},
{
"date": "2022-09-30T14:56:06",
"db": "PACKETSTORM",
"id": "168573"
},
{
"date": "2021-09-22T16:35:10",
"db": "PACKETSTORM",
"id": "164249"
},
{
"date": "2021-09-19T18:11:11",
"db": "PACKETSTORM",
"id": "164197"
},
{
"date": "2021-09-19T14:22:22",
"db": "PACKETSTORM",
"id": "164196"
},
{
"date": "2021-09-18T13:22:22",
"db": "PACKETSTORM",
"id": "164194"
},
{
"date": "2021-09-24T15:40:03",
"db": "PACKETSTORM",
"id": "164277"
},
{
"date": "2021-09-22T16:30:10",
"db": "PACKETSTORM",
"id": "164242"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2136"
},
{
"date": "2024-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"date": "2021-08-24T19:15:14.370000",
"db": "NVD",
"id": "CVE-2021-30860"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-390593"
},
{
"date": "2024-02-02T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30860"
},
{
"date": "2022-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2136"
},
{
"date": "2024-07-19T07:32:00",
"db": "JVNDB",
"id": "JVNDB-2021-021228"
},
{
"date": "2025-10-27T17:38:22.367000",
"db": "NVD",
"id": "CVE-2021-30860"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2136"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0iPadOS\u00a0 Integer overflow vulnerability in products from multiple vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021228"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "164249"
},
{
"db": "PACKETSTORM",
"id": "164197"
},
{
"db": "PACKETSTORM",
"id": "164196"
},
{
"db": "PACKETSTORM",
"id": "164194"
},
{
"db": "PACKETSTORM",
"id": "164277"
},
{
"db": "PACKETSTORM",
"id": "164242"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.