ID

VAR-202108-1268


CVE

CVE-2021-30953


TITLE

Apple iOS and iPadOS Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202108-2053

DESCRIPTION

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-22592) A use after free issue was addressed with improved memory management. (CVE-2020-27918) "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. A user may be unable to fully delete browsing history. (CVE-2020-29623) This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1765) A use after free issue was addressed with improved memory management. (CVE-2021-1788) A type confusion issue was addressed with improved state handling. (CVE-2021-1789) A port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. (CVE-2021-1799) This issue was addressed with improved iframe sandbox enforcement. (CVE-2021-1801) A memory corruption issue was addressed with improved state management. (CVE-2021-1817) A memory initialization issue was addressed with improved memory handling. (CVE-2021-1820) An input validation issue was addressed with improved input validation. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870) A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775) A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779) An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806) A use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30663) A memory corruption issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665) A buffer overflow issue was addressed with improved memory handling. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720) Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30734) Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (CVE-2021-30744) Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30749) A type confusion issue was addressed with improved state handling. (CVE-2021-30758) A memory corruption issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30761) A use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30762) A use after free issue was addressed with improved memory management. (CVE-2021-30797) Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30799) A use-after-free flaw was found in WebKitGTK. (CVE-2021-30809) A confusion type flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30836) A memory corruption issue was addressed with improved memory handling. (CVE-2021-30846) A memory corruption issue was addressed with improved memory handling. (CVE-2021-30848) Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30887) An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888) A buffer overflow flaw was found in WebKitGTK. (CVE-2021-30890) A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30934) A use after free issue was addressed with improved memory management. (CVE-2021-30936) A use after free issue was addressed with improved memory management. (CVE-2021-30953) A type confusion issue was addressed with improved memory handling. (CVE-2021-30984) ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912) BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762) A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45483) A use after free issue was addressed with improved memory management. (CVE-2022-22592) A cookie management issue was addressed with improved state management. (CVE-2022-22662) A logic issue in the handling of concurrent media was addressed with improved state handling. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-22677) A memory corruption issue was addressed with improved state management. (CVE-2022-26700) A use after free issue was addressed with improved memory management. (CVE-2022-26709) A use after free issue was addressed with improved memory management. (CVE-2022-26710) A memory corruption issue was addressed with improved state management. (CVE-2022-26716) A use after free issue was addressed with improved memory management. (CVE-2022-26717) A memory corruption issue was addressed with improved state management. (CVE-2022-26719) In WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. An app may be able to disclose kernel memory. (CVE-2022-32793) The issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32923) The issue was addressed with improved UI handling. Visiting a malicious website may lead to user interface spoofing. (CVE-2022-42852) A type confusion issue was addressed with improved state handling. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-42856) A memory corruption issue was addressed with improved state management. (CVE-2022-42863) A use after free issue was addressed with improved memory management. (CVE-2022-42867) A memory consumption issue was addressed with improved memory handling. (CVE-2022-46698) A memory corruption issue was addressed with improved state management. (CVE-2022-46699) A memory corruption issue was addressed with improved input validation. (CVE-2022-46700) A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529) A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358) A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360) A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361) A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362) A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363) The vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932) The vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954) An out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. (CVE-2023-28204) A use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373) N/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update Advisory ID: RHSA-2022:1777-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1777 Issue date: 2022-05-10 CVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 ===================================================================== 1. Summary: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: webkit2gtk3-2.34.6-1.el8.src.rpm aarch64: webkit2gtk3-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm ppc64le: webkit2gtk3-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm s390x: webkit2gtk3-2.34.6-1.el8.s390x.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm x86_64: webkit2gtk3-2.34.6-1.el8.i686.rpm webkit2gtk3-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-30809 https://access.redhat.com/security/cve/CVE-2021-30818 https://access.redhat.com/security/cve/CVE-2021-30823 https://access.redhat.com/security/cve/CVE-2021-30836 https://access.redhat.com/security/cve/CVE-2021-30846 https://access.redhat.com/security/cve/CVE-2021-30848 https://access.redhat.com/security/cve/CVE-2021-30849 https://access.redhat.com/security/cve/CVE-2021-30851 https://access.redhat.com/security/cve/CVE-2021-30884 https://access.redhat.com/security/cve/CVE-2021-30887 https://access.redhat.com/security/cve/CVE-2021-30888 https://access.redhat.com/security/cve/CVE-2021-30889 https://access.redhat.com/security/cve/CVE-2021-30890 https://access.redhat.com/security/cve/CVE-2021-30897 https://access.redhat.com/security/cve/CVE-2021-30934 https://access.redhat.com/security/cve/CVE-2021-30936 https://access.redhat.com/security/cve/CVE-2021-30951 https://access.redhat.com/security/cve/CVE-2021-30952 https://access.redhat.com/security/cve/CVE-2021-30953 https://access.redhat.com/security/cve/CVE-2021-30954 https://access.redhat.com/security/cve/CVE-2021-30984 https://access.redhat.com/security/cve/CVE-2021-45481 https://access.redhat.com/security/cve/CVE-2021-45482 https://access.redhat.com/security/cve/CVE-2021-45483 https://access.redhat.com/security/cve/CVE-2022-22589 https://access.redhat.com/security/cve/CVE-2022-22590 https://access.redhat.com/security/cve/CVE-2022-22592 https://access.redhat.com/security/cve/CVE-2022-22594 https://access.redhat.com/security/cve/CVE-2022-22620 https://access.redhat.com/security/cve/CVE-2022-22637 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. For the oldstable distribution (buster), these problems have been fixed in version 2.34.4-1~deb10u1. For the stable distribution (bullseye), these problems have been fixed in version 2.34.4-1~deb11u1. We recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-12-15-6 watchOS 8.3 watchOS 8.3 addresses the following issues. CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab CFNetwork Proxies Available for: Apple Watch Series 3 and later Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations Description: A logic issue was addressed with improved state management. CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: Apple Watch Series 3 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab Crash Reporter Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30916: Zweig of Kunlun Lab Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero Kernel Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2021-30955: Zweig of Kunlun Lab Preferences Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t) Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: @gorelics Sandbox Available for: Apple Watch Series 3 and later Impact: An application may be able to access a user's files Description: An access issue was addressed with additional sandbox restrictions. CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security TCC Available for: Apple Watch Series 3 and later Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics TCC Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass Privacy preferences Description: An inherited permissions issue was addressed with additional restrictions. CVE-2021-30954: Kunlun Lab Additional recognition Bluetooth We would like to acknowledge Haram Park, Korea University for their assistance. ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance. Contacts We would like to acknowledge Minchan Park (03stin) for their assistance. Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance. WebKit We would like to acknowledge Peter Snyder of Brave and Soroush Karami for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p rhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn wkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1 eG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh TL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj t1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+ wlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz xnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS rwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj FPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj zn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI 1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+ -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4 Description ========== Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details. Workaround ========= There is no known workaround at this time. Resolution ========= All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4" References ========= [ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202202-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 1.71

sources: NVD: CVE-2021-30953 // VULHUB: VHN-390686 // VULMON: CVE-2021-30953 // PACKETSTORM: 167037 // PACKETSTORM: 169186 // PACKETSTORM: 165358 // PACKETSTORM: 165359 // PACKETSTORM: 165360 // PACKETSTORM: 169195 // PACKETSTORM: 165794

AFFECTED PRODUCTS

vendor:applemodel:macosscope:lteversion:12.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.2

Trust: 1.0

vendor:applemodel:safariscope:ltversion:15.2

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:15.2

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:8.3

Trust: 1.0

sources: NVD: CVE-2021-30953

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30953
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202108-2053
value: HIGH

Trust: 0.6

VULHUB: VHN-390686
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-30953
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30953
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-390686
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30953
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-390686 // VULMON: CVE-2021-30953 // CNNVD: CNNVD-202108-2053 // NVD: CVE-2021-30953

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

sources: VULHUB: VHN-390686 // NVD: CVE-2021-30953

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-2053

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202108-2053

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-390686

PATCH

title:Apple iOS and iPadOS Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174540

Trust: 0.6

title:Red Hat: CVE-2021-30953url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-30953

Trust: 0.1

title:Debian Security Advisories: DSA-5060-1 webkit2gtk -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=743b4956bba0b69beefec691bcb80a4f

Trust: 0.1

title:Debian Security Advisories: DSA-5061-1 wpewebkit -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=de655d6c12336519b9a7054c0eb4670d

Trust: 0.1

title:Amazon Linux 2: ALAS2-2023-2088url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-2088

Trust: 0.1

sources: VULMON: CVE-2021-30953 // CNNVD: CNNVD-202108-2053

EXTERNAL IDS

db:NVDid:CVE-2021-30953

Trust: 2.5

db:OPENWALLid:OSS-SECURITY/2022/01/21/2

Trust: 1.8

db:PACKETSTORMid:167037

Trust: 0.8

db:PACKETSTORMid:165360

Trust: 0.8

db:PACKETSTORMid:165765

Trust: 0.7

db:CS-HELPid:SB2022012631

Trust: 0.6

db:CS-HELPid:SB2021121510

Trust: 0.6

db:CS-HELPid:SB2021121434

Trust: 0.6

db:CS-HELPid:SB2022051140

Trust: 0.6

db:CS-HELPid:SB2022012301

Trust: 0.6

db:AUSCERTid:ESB-2022.0371

Trust: 0.6

db:AUSCERTid:ESB-2022.0899

Trust: 0.6

db:AUSCERTid:ESB-2021.4260

Trust: 0.6

db:AUSCERTid:ESB-2022.0405

Trust: 0.6

db:CNNVDid:CNNVD-202108-2053

Trust: 0.6

db:PACKETSTORMid:165359

Trust: 0.2

db:PACKETSTORMid:165358

Trust: 0.2

db:VULHUBid:VHN-390686

Trust: 0.1

db:VULMONid:CVE-2021-30953

Trust: 0.1

db:PACKETSTORMid:169186

Trust: 0.1

db:PACKETSTORMid:169195

Trust: 0.1

db:PACKETSTORMid:165794

Trust: 0.1

sources: VULHUB: VHN-390686 // VULMON: CVE-2021-30953 // PACKETSTORM: 167037 // PACKETSTORM: 169186 // PACKETSTORM: 165358 // PACKETSTORM: 165359 // PACKETSTORM: 165360 // PACKETSTORM: 169195 // PACKETSTORM: 165794 // CNNVD: CNNVD-202108-2053 // NVD: CVE-2021-30953

REFERENCES

url:https://support.apple.com/en-us/ht212976

Trust: 2.4

url:https://support.apple.com/en-us/ht212982

Trust: 2.4

url:https://www.debian.org/security/2022/dsa-5060

Trust: 1.9

url:https://www.debian.org/security/2022/dsa-5061

Trust: 1.8

url:https://support.apple.com/en-us/ht212975

Trust: 1.8

url:https://support.apple.com/en-us/ht212978

Trust: 1.8

url:https://support.apple.com/en-us/ht212980

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2022/01/21/2

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2021-30953

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-30952

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30984

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30953

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30936

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30954

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30934

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30951

Trust: 0.7

url:https://packetstormsecurity.com/files/165765/ubuntu-security-notice-usn-5255-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0371

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37064

Trust: 0.6

url:https://packetstormsecurity.com/files/167037/red-hat-security-advisory-2022-1777-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021121510

Trust: 0.6

url:https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-37345

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051140

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4260

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0405

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021121434

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0899

Trust: 0.6

url:https://packetstormsecurity.com/files/165360/apple-security-advisory-2021-12-15-7.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012301

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012631

Trust: 0.6

url:https://www.apple.com/support/security/pgp/

Trust: 0.3

url:https://support.apple.com/kb/ht201222

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30888

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30848

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30884

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-45482

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30809

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30846

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30849

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30897

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30836

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30887

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30823

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30889

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30818

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30851

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30890

Trust: 0.2

url:https://www.debian.org/security/faq

Trust: 0.2

url:https://www.debian.org/security/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30966

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30926

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30957

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30958

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30960

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30916

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30927

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30945

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30939

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30955

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30937

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30968

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30980

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30949

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30947

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30942

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://alas.aws.amazon.com/al2/alas-2023-2088.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22592

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22637

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30809

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30846

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22589

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30890

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1777

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30888

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22620

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30887

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30952

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30823

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-45483

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22590

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30897

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30936

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30851

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30848

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-45483

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30849

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30836

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-45481

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30818

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30889

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-45482

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30951

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22589

Trust: 0.1

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30984

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30954

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-45481

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22590

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30884

Trust: 0.1

url:https://security-tracker.debian.org/tracker/webkit2gtk

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30993

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30995

Trust: 0.1

url:https://support.apple.com/ht212980.

Trust: 0.1

url:https://support.apple.com/kb/ht204641

Trust: 0.1

url:https://support.apple.com/ht212975.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30946

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30767

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30964

Trust: 0.1

url:https://support.apple.com/ht212982.

Trust: 0.1

url:https://security-tracker.debian.org/tracker/wpewebkit

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1844

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30744

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1820

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30762

Trust: 0.1

url:https://webkitgtk.org/security/wsa-2021-0005.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30858

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30682

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30663

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1817

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-42762

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30758

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30799

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21779

Trust: 0.1

url:https://security.gentoo.org/glsa/202202-01

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1871

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30665

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30795

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1825

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30661

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30666

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30734

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1826

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30749

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30689

Trust: 0.1

url:https://webkitgtk.org/security/wsa-2021-0004.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30761

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1788

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://webkitgtk.org/security/wsa-2021-0006.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21806

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

sources: VULHUB: VHN-390686 // VULMON: CVE-2021-30953 // PACKETSTORM: 167037 // PACKETSTORM: 169186 // PACKETSTORM: 165358 // PACKETSTORM: 165359 // PACKETSTORM: 165360 // PACKETSTORM: 169195 // PACKETSTORM: 165794 // CNNVD: CNNVD-202108-2053 // NVD: CVE-2021-30953

CREDITS

Apple

Trust: 0.3

sources: PACKETSTORM: 165358 // PACKETSTORM: 165359 // PACKETSTORM: 165360

SOURCES

db:VULHUBid:VHN-390686
db:VULMONid:CVE-2021-30953
db:PACKETSTORMid:167037
db:PACKETSTORMid:169186
db:PACKETSTORMid:165358
db:PACKETSTORMid:165359
db:PACKETSTORMid:165360
db:PACKETSTORMid:169195
db:PACKETSTORMid:165794
db:CNNVDid:CNNVD-202108-2053
db:NVDid:CVE-2021-30953

LAST UPDATE DATE

2024-12-20T21:09:43.219000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390686date:2022-02-25T00:00:00
db:VULMONid:CVE-2021-30953date:2022-02-25T00:00:00
db:CNNVDid:CNNVD-202108-2053date:2022-05-12T00:00:00
db:NVDid:CVE-2021-30953date:2023-11-07T03:34:01.670

SOURCES RELEASE DATE

db:VULHUBid:VHN-390686date:2021-08-24T00:00:00
db:VULMONid:CVE-2021-30953date:2021-08-24T00:00:00
db:PACKETSTORMid:167037date:2022-05-11T15:50:41
db:PACKETSTORMid:169186date:2022-01-28T20:12:00
db:PACKETSTORMid:165358date:2021-12-17T19:19:55
db:PACKETSTORMid:165359date:2021-12-17T19:20:06
db:PACKETSTORMid:165360date:2021-12-17T19:23:27
db:PACKETSTORMid:169195date:2022-01-28T20:12:00
db:PACKETSTORMid:165794date:2022-02-01T17:03:05
db:CNNVDid:CNNVD-202108-2053date:2021-08-24T00:00:00
db:NVDid:CVE-2021-30953date:2021-08-24T19:15:21.817