var-202109-0372
Vulnerability from variot
A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service. plural Apple The product contains a race condition vulnerability.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: macOS: 11.0 20A2411, 11.0.1 20B29, 11.0.1 20B50, 11.1 20C69, 11.2 20D64, 11.2.1 20D74, 11.2.1 20D75, 11.2.2 20D80, 11.2.3 2. Information about the security content is also available at https://support.apple.com/HT212530.
AMD Available for: macOS Catalina Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A logic issue was addressed with improved state management. CVE-2021-30676: shrek_wzw
AMD Available for: macOS Catalina Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30678: Yu Wang of Didi Research America
AppleScript Available for: macOS Catalina Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30669: Yair Hoffmann
Audio Available for: macOS Catalina Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
Core Services Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A validation issue existed in the handling of symlinks. CVE-2021-30681: Zhongcheng Li (CK01)
CVMS Available for: macOS Catalina Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock Available for: macOS Catalina Impact: A malicious application may be able to access a user's call history Description: An access issue was addressed with improved access restrictions. CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers Available for: macOS Catalina Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Heimdal Available for: macOS Catalina Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: A memory corruption issue was addressed with improved state management. CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)
Heimdal Available for: macOS Catalina Impact: Processing maliciously crafted server messages may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)
Heimdal Available for: macOS Catalina Impact: A local user may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal Available for: macOS Catalina Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: A use after free issue was addressed with improved memory management. CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu Security
ImageIO Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-30743: CFF of Topsec Alpha Team, an anonymous researcher, and Jeonghoon Shin(@singi21a) of THEORI working with Trend Micro Zero Day Initiative
ImageIO Available for: macOS Catalina Impact: Processing a maliciously crafted ASTC file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-30704: an anonymous researcher
Kernel Available for: macOS Catalina Impact: Processing a maliciously crafted message may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Login Window Available for: macOS Catalina Impact: A person with physical access to a Mac may be able to bypass Login Window Description: A logic issue was addressed with improved state management. CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An information disclosure issue was addressed with improved state management. CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A validation issue was addressed with improved logic. CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel Available for: macOS Catalina Impact: An application may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2020-36226 CVE-2020-36229 CVE-2020-36225 CVE-2020-36224 CVE-2020-36223 CVE-2020-36227 CVE-2020-36228 CVE-2020-36221 CVE-2020-36222 CVE-2020-36230
smbx Available for: macOS Catalina Impact: An attacker in a privileged network position may be able to perform denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx Available for: macOS Catalina Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved state management. CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx Available for: macOS Catalina Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
smbx Available for: macOS Catalina Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A path handling issue was addressed with improved validation. CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx Available for: macOS Catalina Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information disclosure issue was addressed with improved state management. CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
TCC Available for: macOS Catalina Impact: A malicious application may be able to send unauthorized Apple events to Finder Description: A validation issue was addressed with improved logic. CVE-2021-30671: Ryan Bell (@iRyanBell)
Additional recognition
App Store We would like to acknowledge Thijs Alkemade of Computest Research Division for their assistance.
CFString We would like to acknowledge an anonymous researcher for their assistance.
CoreCapture We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant- financial TianQiong Security Lab for their assistance.
Installation note:
This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9EACgkQZcsbuWJ6 jjD30A//Y8naJNtsWjb81/k7PogzAk9k+9JXaW42pICvHllxSybcOt+hH8p59vsc UaNjdJOLjkkG0R4yRR0yU9vDlMu+cXmexmhMb8+dQ49PDjOXu4yqFXOUhezohGCP THgTqgTX5iItY57uF/AQfPpZK1zC39xBPfWbtRVNkzGkHX/OEoI1VheK1gXaZcDv q35GpiB3N28M+5U0sn4rqhNyQobNltCtAx/EEbDmfT+m7EwSuDYiCuH/bEQM0tzB dpLAp0w9Tjrz4R/FwyYpZolEUKyNEwHCHRLCg4djWz/cZJvQB4zjXQ6rjkJ0tUPT Hsb+c7JH/DNFZHD33V1xVEvsZCZNEyozZiRCwe0/yNrS8I5fPUUC7mCBMAIoOnrJ EqfOOq57M5w0s5IFFBwHWDUuVxW4ZjGjUlqNCcWVnET7iwgen0edfw3b8ErVKyFs OQkQmoyqaWzNHhcdZ3M7outWMFyVptIK013akfyH1kWjp8SElXq7+bF3eprE/FSI bqhqLtEFfmolRnHU0XP/wD5BxU1hAjVnnclBE7/R0gda2MlJ1XSHX0gRtrOsmw8K L8uGTk+xzYL6YXUrH3UBkrytxEpfGrIjvctIc1OOFlN6883nSceWHFCF6v/1UiMJ ioqUKtHryoL4nRpeepEHQU4VknDa6MFnieEOOpsNdforVJKwdkA\xf61C -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0372",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.0"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.5"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.4"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.5"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.5"
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013511"
},
{
"db": "NVD",
"id": "CVE-2021-1884"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "162820"
},
{
"db": "PACKETSTORM",
"id": "162821"
}
],
"trust": 0.2
},
"cve": "CVE-2021-1884",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-1884",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-376544",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2021-1884",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-1884",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-1884",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-1884",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-1950",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-376544",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376544"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013511"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1950"
},
{
"db": "NVD",
"id": "CVE-2021-1884"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service. plural Apple The product contains a race condition vulnerability.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: macOS: 11.0 20A2411, 11.0.1 20B29, 11.0.1 20B50, 11.1 20C69, 11.2 20D64, 11.2.1 20D74, 11.2.1 20D75, 11.2.2 20D80, 11.2.3 2. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212530. \n\nAMD\nAvailable for: macOS Catalina\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30676: shrek_wzw\n\nAMD\nAvailable for: macOS Catalina\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30678: Yu Wang of Didi Research America\n\nAppleScript\nAvailable for: macOS Catalina\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30669: Yair Hoffmann\n\nAudio\nAvailable for: macOS Catalina\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information\nDescription: This issue was addressed with improved checks. \nCVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro\n\nCore Services\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to gain root privileges\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2021-30681: Zhongcheng Li (CK01)\n\nCVMS\nAvailable for: macOS Catalina\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro\n\nDock\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to access a user\u0027s call\nhistory\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2021-30673: Josh Parnham (@joshparnham)\n\nGraphics Drivers\nAvailable for: macOS Catalina\nImpact: A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30684: Liu Long of Ant Security Light-Year Lab\n\nHeimdal\nAvailable for: macOS Catalina\nImpact: A malicious application may cause a denial of service or\npotentially disclose memory contents\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-1884: Gabe Kirkpatrick (@gabe_k)\n\nHeimdal\nAvailable for: macOS Catalina\nImpact: Processing maliciously crafted server messages may lead to\nheap corruption\nDescription: This issue was addressed with improved checks. \nCVE-2021-1883: Gabe Kirkpatrick (@gabe_k)\n\nHeimdal\nAvailable for: macOS Catalina\nImpact: A local user may be able to leak sensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30697: Gabe Kirkpatrick (@gabe_k)\n\nHeimdal\nAvailable for: macOS Catalina\nImpact: A malicious application could execute arbitrary code leading\nto compromise of user information\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30683: Gabe Kirkpatrick (@gabe_k)\n\nImageIO\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted image may lead to disclosure\nof user information\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360\n\nImageIO\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of\nBaidu Security\n\nImageIO\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-30743: CFF of Topsec Alpha Team, an anonymous researcher,\nand Jeonghoon Shin(@singi21a) of THEORI working with Trend Micro Zero\nDay Initiative\n\nImageIO\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted ASTC file may disclose\nmemory contents\nDescription: This issue was addressed with improved checks. \nCVE-2021-30705: Ye Zhang of Baidu Security\n\nIntel Graphics Driver\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-30728: Liu Long of Ant Security Light-Year Lab\n\nKernel\nAvailable for: macOS Catalina\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30704: an anonymous researcher\n\nKernel\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted message may lead to a denial\nof service\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30715: The UK\u0027s National Cyber Security Centre (NCSC)\n\nLogin Window\nAvailable for: macOS Catalina\nImpact: A person with physical access to a Mac may be able to bypass\nLogin Window\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30702: Jewel Lambert of Original Spin, LLC. \n\nModel I/O\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro\nCVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro\nCVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro\nCVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro\n\nModel I/O\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro\n\nModel I/O\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-30693: Mickey Jin (@patch1t) \u0026 Junzhi Lu (@pwn0rz) of Trend\nMicro\n\nModel I/O\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30695: Mickey Jin (@patch1t) \u0026 Junzhi Lu (@pwn0rz) of Trend\nMicro\n\nModel I/O\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30708: Mickey Jin (@patch1t) \u0026 Junzhi Lu (@pwn0rz) of Trend\nMicro\n\nModel I/O\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: This issue was addressed with improved checks. \nCVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro\n\nModel I/O\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro\n\nNSOpenPanel\nAvailable for: macOS Catalina\nImpact: An application may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2020-36226\nCVE-2020-36229\nCVE-2020-36225\nCVE-2020-36224\nCVE-2020-36223\nCVE-2020-36227\nCVE-2020-36228\nCVE-2020-36221\nCVE-2020-36222\nCVE-2020-36230\n\nsmbx\nAvailable for: macOS Catalina\nImpact: An attacker in a privileged network position may be able to\nperform denial of service\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30716: Aleksandar Nikolic of Cisco Talos\n\nsmbx\nAvailable for: macOS Catalina\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30717: Aleksandar Nikolic of Cisco Talos\n\nsmbx\nAvailable for: macOS Catalina\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30712: Aleksandar Nikolic of Cisco Talos\n\nsmbx\nAvailable for: macOS Catalina\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2021-30721: Aleksandar Nikolic of Cisco Talos\n\nsmbx\nAvailable for: macOS Catalina\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2021-30722: Aleksandar Nikolic of Cisco Talos\n\nTCC\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to send unauthorized\nApple events to Finder\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-30671: Ryan Bell (@iRyanBell)\n\nAdditional recognition\n\nApp Store\nWe would like to acknowledge Thijs Alkemade of Computest Research\nDivision for their assistance. \n\nCFString\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nCoreCapture\nWe would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-\nfinancial TianQiong Security Lab for their assistance. \n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9EACgkQZcsbuWJ6\njjD30A//Y8naJNtsWjb81/k7PogzAk9k+9JXaW42pICvHllxSybcOt+hH8p59vsc\nUaNjdJOLjkkG0R4yRR0yU9vDlMu+cXmexmhMb8+dQ49PDjOXu4yqFXOUhezohGCP\nTHgTqgTX5iItY57uF/AQfPpZK1zC39xBPfWbtRVNkzGkHX/OEoI1VheK1gXaZcDv\nq35GpiB3N28M+5U0sn4rqhNyQobNltCtAx/EEbDmfT+m7EwSuDYiCuH/bEQM0tzB\ndpLAp0w9Tjrz4R/FwyYpZolEUKyNEwHCHRLCg4djWz/cZJvQB4zjXQ6rjkJ0tUPT\nHsb+c7JH/DNFZHD33V1xVEvsZCZNEyozZiRCwe0/yNrS8I5fPUUC7mCBMAIoOnrJ\nEqfOOq57M5w0s5IFFBwHWDUuVxW4ZjGjUlqNCcWVnET7iwgen0edfw3b8ErVKyFs\nOQkQmoyqaWzNHhcdZ3M7outWMFyVptIK013akfyH1kWjp8SElXq7+bF3eprE/FSI\nbqhqLtEFfmolRnHU0XP/wD5BxU1hAjVnnclBE7/R0gda2MlJ1XSHX0gRtrOsmw8K\nL8uGTk+xzYL6YXUrH3UBkrytxEpfGrIjvctIc1OOFlN6883nSceWHFCF6v/1UiMJ\nioqUKtHryoL4nRpeepEHQU4VknDa6MFnieEOOpsNdforVJKwdkA\\xf61C\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1884"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013511"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-376544"
},
{
"db": "PACKETSTORM",
"id": "162820"
},
{
"db": "PACKETSTORM",
"id": "162821"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-1884",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "162820",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013511",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1408.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1794",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052502",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042704",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1950",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162821",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-376544",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-1884",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376544"
},
{
"db": "VULMON",
"id": "CVE-2021-1884"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013511"
},
{
"db": "PACKETSTORM",
"id": "162820"
},
{
"db": "PACKETSTORM",
"id": "162821"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1950"
},
{
"db": "NVD",
"id": "CVE-2021-1884"
}
]
},
"id": "VAR-202109-0372",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-376544"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:16:08.678000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212530 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT212317"
},
{
"title": "Apple macOS Repair measures for the competition condition problem loophole",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148627"
},
{
"title": "Apple: macOS Big Sur 11.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=c631c09ebe15d0799205eda727cdfeb3"
},
{
"title": "pocs",
"trust": 0.1,
"url": "https://github.com/gabe-k/pocs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-1884"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013511"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1950"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.1
},
{
"problemtype": "Race condition (CWE-362) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376544"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013511"
},
{
"db": "NVD",
"id": "CVE-2021-1884"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212317"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212323"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212324"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212325"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212530"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212531"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1884"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162820/apple-security-advisory-2021-05-25-4.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1408.2"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1794"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052502"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-35171"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042704"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36228"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36222"
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30669"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36221"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36225"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30676"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36226"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36224"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36229"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36223"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30679"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30693"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30678"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30687"
},
{
"trust": 0.2,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36230"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30681"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36227"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30683"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30691"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30692"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1883"
},
{
"trust": 0.1,
"url": "https://github.com/gabe-k/pocs"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht212325"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30685"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212530."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30673"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30695"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30694"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212531."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30690"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376544"
},
{
"db": "VULMON",
"id": "CVE-2021-1884"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013511"
},
{
"db": "PACKETSTORM",
"id": "162820"
},
{
"db": "PACKETSTORM",
"id": "162821"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1950"
},
{
"db": "NVD",
"id": "CVE-2021-1884"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-376544"
},
{
"db": "VULMON",
"id": "CVE-2021-1884"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013511"
},
{
"db": "PACKETSTORM",
"id": "162820"
},
{
"db": "PACKETSTORM",
"id": "162821"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1950"
},
{
"db": "NVD",
"id": "CVE-2021-1884"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-376544"
},
{
"date": "2022-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-013511"
},
{
"date": "2021-05-26T17:46:02",
"db": "PACKETSTORM",
"id": "162820"
},
{
"date": "2021-05-26T17:46:16",
"db": "PACKETSTORM",
"id": "162821"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-1950"
},
{
"date": "2021-09-08T15:15:12.567000",
"db": "NVD",
"id": "CVE-2021-1884"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-376544"
},
{
"date": "2022-09-14T08:07:00",
"db": "JVNDB",
"id": "JVNDB-2021-013511"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-1950"
},
{
"date": "2023-01-09T16:41:59.350000",
"db": "NVD",
"id": "CVE-2021-1884"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-1950"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Apple\u00a0 Product race condition vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013511"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.