Details of VAR-202108-2123

ID

VAR-202108-2123

CVE

CVE-2021-30851

TITLE

apple's Safari Out-of-bounds write vulnerability in products from multiple vendors such as

Trust: 0.8

sources: JVNDB: JVNDB-2021-021226

DESCRIPTION

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. apple's Safari Products from multiple vendors, such as the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. A security issue has been found in WebKitGTK and WPE WebKit prior to 2.34.0. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15 iOS 15 and iPadOS 15 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212814. Accessory Manager Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory consumption issue was addressed with improved memory handling. CVE-2021-30837: Siddharth Aeri (@b1n4r1b01) AppleMobileFileIntegrity Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to read sensitive information Description: This issue was addressed with improved checks. CVE-2021-30811: an anonymous researcher working with Compartir Apple Neural Engine Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges on devices with an Apple Neural Engine Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30838: proteas wang CoreML Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30825: hjy79425575 working with Trend Micro Zero Day Initiative Face ID Available for devices with Face ID: iPhone X, iPhone XR, iPhone XS (all models), iPhone 11 (all models), iPhone 12 (all models), iPad Pro (11-inch), and iPad Pro (3rd generation) Impact: A 3D model constructed to look like the enrolled user may be able to authenticate via Face ID Description: This issue was addressed by improving Face ID anti- spoofing models. CVE-2021-30863: Wish Wu (吴潍浠 @wish_wu) of Ant-financial Light-Year Security Lab FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30835: Ye Zhang of Baidu Security CVE-2021-30847: Mike Zhang of Pangu Lab Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab libexpat Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1. CVE-2013-0340: an anonymous researcher Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30819: Apple Preferences Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Preferences Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Siri Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to view contacts from the lock screen Description: A lock screen issue allowed access to contacts on a locked device. CVE-2021-30815: an anonymous researcher Telephony Available for: iPhone SE (1st generation), iPad Pro 12.9-inch, iPad Air 2, iPad (5th generation), and iPad mini 4 Impact: In certain situations, the baseband would fail to enable integrity and ciphering protection Description: A logic issue was addressed with improved state management. CVE-2021-30826: CheolJun Park, Sangwook Bae and BeomSeok Oh of KAIST SysSec Lab WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30846: Sergei Glazunov of Google Project Zero WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30848: Sergei Glazunov of Google Project Zero WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30849: Sergei Glazunov of Google Project Zero WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30851: Samuel Groß of Google Project Zero Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup Description: An authorization issue was addressed with improved state management. CVE-2021-30810: an anonymous researcher Additional recognition Assets We would like to acknowledge Cees Elzinga for their assistance. Bluetooth We would like to acknowledge an anonymous researcher for their assistance. File System We would like to acknowledge Siddharth Aeri (@b1n4r1b01) for their assistance. Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. UIKit We would like to acknowledge an anonymous researcher for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About * The version after applying this update will be "15.0" Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI88sACgkQeC9qKD1p rhjVNxAAx5mEiw7NE47t6rO8Y93xPrNSk+7xcqPeBHUCg+rLmqxtOhITRVUw0QLH sBIwSVK1RxxRjasBfgwbh1jyMYg6EzfKNQOeZGnjLA4WRmIj728aGehJ56Z/ggpJ awJNPvfzyoSdFgdwntj2FDih/d4oJmMwIyhNvqGrSwuybq9sznxJsTbpRbKWFhiz y/phwVywo0A//XBiup3hrscl5SmxO44WBDlL+MAv4FnRPk7IGbBCfO8HnhO/9j1n uSNoKtnJt2f6/06E0wMLStBSESKPSmKSz65AtR6h1oNytEuJtyHME8zOtz/Z9hlJ fo5f6tN6uCgYgYs7dyonWk5qiL7cue3ow58dPjZuNmqxFeu5bCc/1G47LDcdwoAg o0aU22MEs4wKdBWrtFI40BQ5LEmFrh3NM82GwFYDBz92x7B9SpXMau6F82pCvvyG wNbRL5PzHUMa1/LfVcoOyWk0gZBeD8/GFzNmwBeZmBMlpoPRo5bkyjUn8/ABG+Ie 665EHgGYs5BIV20Gviax0g4bjGHqEndfxdjyDHzJ87d65iA5uYdOiw61WpHq9kwH hK4e6BF0CahTrpz6UGVuOA/VMMDv3ZqhW+a95KBzDa7dHVnokpV+WiMJcmoEJ5gI 5ovpqig9qjf7zMv3+3Mlij0anQ24w7+MjEBk7WDG+2al83GCMAE= =nkJd -----END PGP SIGNATURE----- . CVE-2021-30811: an anonymous researcher working with Compartir bootp Available for: Apple Watch Series 3 and later Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 25, 2021 WebKit Available for: Apple Watch Series 3 and later Impact: Visiting a maliciously crafted website may reveal a user's browsing history Description: The issue was resolved with additional restrictions on CSS compositing. CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research Entry added October 25, 2021 WebKit Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to bypass HSTS Description: A logic issue was addressed with improved restrictions. Alternatively, on your watch, select "My Watch > General > About". CVE-2021-30851: Samuel Groß of Google Project Zero Installation note: This update may be obtained from the Mac App Store

Trust: 2.43

sources: NVD: CVE-2021-30851 // JVNDB: JVNDB-2021-021226 // VULHUB: VHN-390584 // VULMON: CVE-2021-30851 // PACKETSTORM: 164233 // PACKETSTORM: 164693 // PACKETSTORM: 164692 // PACKETSTORM: 164688 // PACKETSTORM: 164241 // PACKETSTORM: 164236 // PACKETSTORM: 164234

AFFECTED PRODUCTS

vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	15.0	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	15.0	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	8.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.0	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	15.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	eq	version:	12.0.1	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.0.1	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	watchos	scope:	eq	version:	8.0	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	safari	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	-	version:	-	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-021226 // NVD: CVE-2021-30851

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30851
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-30851
value:	HIGH
Trust: 0.8
VULHUB:	VHN-390584
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-30851
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-30851
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-390584
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-30851
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-30851
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-390584 // VULMON: CVE-2021-30851 // JVNDB: JVNDB-2021-021226 // NVD: CVE-2021-30851

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-390584 // JVNDB: JVNDB-2021-021226 // NVD: CVE-2021-30851

TYPE

code execution

Trust: 0.6

sources: PACKETSTORM: 164693 // PACKETSTORM: 164692 // PACKETSTORM: 164688 // PACKETSTORM: 164241 // PACKETSTORM: 164236 // PACKETSTORM: 164234

PATCH

title:	HT212819 Apple Security update	url:	https://www.debian.org/security/2021/dsa-4995	Trust: 0.8
title:	Red Hat: CVE-2021-30851	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-30851	Trust: 0.1
title:	Debian Security Advisories: DSA-4996-1 wpewebkit -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=f71426611b6d65dd2fc20f96e1b5aa21	Trust: 0.1
title:	Debian Security Advisories: DSA-4995-1 webkit2gtk -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=54e170d5f64268e52cbdddfae4a29a4d	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-30851 log	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202110-9] webkit2gtk: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202110-9	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202110-10] wpewebkit: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202110-10	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-015	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-015	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2023-2088	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-2088	Trust: 0.1
title:	-	url:	https://github.com/RUB-SysSec/JIT-Picker	Trust: 0.1

sources: VULMON: CVE-2021-30851 // JVNDB: JVNDB-2021-021226

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30851	Trust: 3.5
db:	OPENWALL	id:	OSS-SECURITY/2021/10/31/1	Trust: 2.0
db:	JVNDB	id:	JVNDB-2021-021226	Trust: 0.8
db:	PACKETSTORM	id:	164688	Trust: 0.2
db:	PACKETSTORM	id:	164693	Trust: 0.2
db:	PACKETSTORM	id:	164692	Trust: 0.2
db:	PACKETSTORM	id:	167037	Trust: 0.1
db:	VULHUB	id:	VHN-390584	Trust: 0.1
db:	VULMON	id:	CVE-2021-30851	Trust: 0.1
db:	PACKETSTORM	id:	164233	Trust: 0.1
db:	PACKETSTORM	id:	164241	Trust: 0.1
db:	PACKETSTORM	id:	164236	Trust: 0.1
db:	PACKETSTORM	id:	164234	Trust: 0.1

sources: VULHUB: VHN-390584 // VULMON: CVE-2021-30851 // JVNDB: JVNDB-2021-021226 // PACKETSTORM: 164233 // PACKETSTORM: 164693 // PACKETSTORM: 164692 // PACKETSTORM: 164688 // PACKETSTORM: 164241 // PACKETSTORM: 164236 // PACKETSTORM: 164234 // NVD: CVE-2021-30851

REFERENCES

url:	http://www.openwall.com/lists/oss-security/2021/10/31/1	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30851	Trust: 1.5
url:	https://support.apple.com/kb/ht212869	Trust: 1.2
url:	https://www.debian.org/security/2021/dsa-4995	Trust: 1.2
url:	https://www.debian.org/security/2021/dsa-4996	Trust: 1.2
url:	https://support.apple.com/en-us/ht212814	Trust: 1.2
url:	https://support.apple.com/en-us/ht212815	Trust: 1.2
url:	https://support.apple.com/en-us/ht212816	Trust: 1.2
url:	https://support.apple.com/en-us/ht212819	Trust: 1.2
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/h6mgxcx7p5ahwoq6irt477ukt7is4dad/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/on5sdvvpvpcagfpw2ghyatzvzylpw2l4/	Trust: 1.0
url:	https://www.apple.com/support/security/pgp/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30849	Trust: 0.7
url:	https://support.apple.com/kb/ht201222	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30846	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30841	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30835	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30810	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30857	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30843	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30847	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30842	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2013-0340	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30837	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30854	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30848	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30855	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30811	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30818	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30809	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30823	Trust: 0.3
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/on5sdvvpvpcagfpw2ghyatzvzylpw2l4/	Trust: 0.2
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/h6mgxcx7p5ahwoq6irt477ukt7is4dad/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30852	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30808	Trust: 0.2
url:	https://support.apple.com/ht212815.	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30834	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30831	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30850	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30866	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30814	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30840	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30836	Trust: 0.2
url:	https://support.apple.com/kb/ht204641	Trust: 0.2
url:	https://support.apple.com/ht212819.	Trust: 0.2
url:	https://support.apple.com/ht212816.	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30851	Trust: 0.1
url:	https://security.archlinux.org/cve-2021-30851	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30815	Trust: 0.1
url:	https://support.apple.com/ht212814.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30863	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30838	Trust: 0.1
url:	https://www.apple.com/itunes/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30825	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30826	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30819	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30884	Trust: 0.1

CREDITS

Apple

Trust: 0.7

sources: PACKETSTORM: 164233 // PACKETSTORM: 164693 // PACKETSTORM: 164692 // PACKETSTORM: 164688 // PACKETSTORM: 164241 // PACKETSTORM: 164236 // PACKETSTORM: 164234

SOURCES

db:	VULHUB	id:	VHN-390584
db:	VULMON	id:	CVE-2021-30851
db:	JVNDB	id:	JVNDB-2021-021226
db:	PACKETSTORM	id:	164233
db:	PACKETSTORM	id:	164693
db:	PACKETSTORM	id:	164692
db:	PACKETSTORM	id:	164688
db:	PACKETSTORM	id:	164241
db:	PACKETSTORM	id:	164236
db:	PACKETSTORM	id:	164234
db:	NVD	id:	CVE-2021-30851

LAST UPDATE DATE

2024-12-25T22:41:44.556000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-390584	date:	2023-01-09T00:00:00
db:	VULMON	id:	CVE-2021-30851	date:	2023-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-021226	date:	2024-07-19T07:14:00
db:	NVD	id:	CVE-2021-30851	date:	2023-11-07T03:33:31.553

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-390584	date:	2021-08-24T00:00:00
db:	VULMON	id:	CVE-2021-30851	date:	2021-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-021226	date:	2024-07-19T00:00:00
db:	PACKETSTORM	id:	164233	date:	2021-09-22T16:22:10
db:	PACKETSTORM	id:	164693	date:	2021-10-28T14:58:57
db:	PACKETSTORM	id:	164692	date:	2021-10-28T14:58:43
db:	PACKETSTORM	id:	164688	date:	2021-10-28T14:55:07
db:	PACKETSTORM	id:	164241	date:	2021-09-22T16:29:53
db:	PACKETSTORM	id:	164236	date:	2021-09-22T16:24:22
db:	PACKETSTORM	id:	164234	date:	2021-09-22T16:22:32
db:	NVD	id:	CVE-2021-30851	date:	2021-08-24T19:15:13.373