Sign-up

ID

VAR-202110-0332


CVE

CVE-2021-30807


TITLE

plural  Apple  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-013781

DESCRIPTION

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple iPadOS is an operating system for iPad tablet computers developed by Apple. The affected products and versions are as follows: Apple iPadOS 11.5.1, iOS 14.7.1, iPadOS 14.7.1

Trust: 2.34

sources: NVD: CVE-2021-30807 // JVNDB: JVNDB-2021-013781 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390540 // VULMON: CVE-2021-30807

AFFECTED PRODUCTS

vendor:applemodel:watchosscope:ltversion:7.6.1

Trust: 1.0

vendor:applemodel:ipad osscope:ltversion:14.7.1

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.5.1

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.7.1

Trust: 1.0

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-013781 // NVD: CVE-2021-30807

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-30807
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-2067
value: HIGH

Trust: 0.6

VULHUB: VHN-390540
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2021-30807
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-390540
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-30807
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-390540 // JVNDB: JVNDB-2021-013781 // NVD: CVE-2021-30807 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-2067

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-013781 // NVD: CVE-2021-30807

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-2067

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-30807

PATCH
title:HT212623 Apple  Security updateurl:https://support.apple.com/en-us/ht212622
Trust: 0.8
title:Apple iPadOS Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=157767
Trust: 0.6
title:Apple: iOS 14.7.1 and iPadOS 14.7.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=7a74df613826ade9296a4465a191b36f
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-30807 // 
            
            
            
            JVNDB: JVNDB-2021-013781 // 
            
            
            
            CNNVD: CNNVD-202107-2067

EXTERNAL IDS
db:NVDid:CVE-2021-30807
Trust: 3.4
db:JVNDBid:JVNDB-2021-013781
Trust: 0.8
db:CNNVDid:CNNVD-202107-2067
Trust: 0.7
db:CS-HELPid:SB2021041363
Trust: 0.6
db:CNNVDid:CNNVD-202104-975
Trust: 0.6
db:CS-HELPid:SB2021072921
Trust: 0.6
db:CS-HELPid:SB2021072626
Trust: 0.6
db:VULHUBid:VHN-390540
Trust: 0.1
db:VULMONid:CVE-2021-30807
Trust: 0.1
sources:
            
            
            VULHUB: VHN-390540 // 
            
            
            
            VULMON: CVE-2021-30807 // 
            
            
            
            JVNDB: JVNDB-2021-013781 // 
            
            
            
            NVD: CVE-2021-30807 // 
            
            
            
            CNNVD: CNNVD-202104-975 // 
            
            
            
            CNNVD: CNNVD-202107-2067

REFERENCES
url:https://support.apple.com/en-us/ht212623
Trust: 2.3
url:https://support.apple.com/en-us/ht212713
Trust: 2.3
url:https://support.apple.com/en-us/ht212622
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2021-30807
Trust: 1.4
url:https://www.cybersecurity-help.cz/vdb/sb2021041363
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2021072626
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2021072921
Trust: 0.6
url:https://vigilance.fr/vulnerability/apple-ios-macos-memory-corruption-36003
Trust: 0.6
url:https://github.com/saaramar/iomobileframebuffer_lpe_poc
Trust: 0.1
url:https://support.apple.com/tr-tr/ht212623
Trust: 0.1
url:https://support.apple.com/kb/ht212623
Trust: 0.1
sources:
            
            
            VULHUB: VHN-390540 // 
            
            
            
            VULMON: CVE-2021-30807 // 
            
            
            
            JVNDB: JVNDB-2021-013781 // 
            
            
            
            NVD: CVE-2021-30807 // 
            
            
            
            CNNVD: CNNVD-202104-975 // 
            
            
            
            CNNVD: CNNVD-202107-2067

SOURCES
db:VULHUBid:VHN-390540
db:VULMONid:CVE-2021-30807
db:JVNDBid:JVNDB-2021-013781
db:NVDid:CVE-2021-30807
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-2067

LAST UPDATE DATE
2023-12-18T11:28:59.433000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-390540date:2021-10-20T00:00:00
db:JVNDBid:JVNDB-2021-013781date:2022-09-28T01:36:00
db:NVDid:CVE-2021-30807date:2023-08-08T14:21:49.707
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-2067date:2021-10-27T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-390540date:2021-10-19T00:00:00
db:JVNDBid:JVNDB-2021-013781date:2022-09-28T00:00:00
db:NVDid:CVE-2021-30807date:2021-10-19T14:15:08.313
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-2067date:2021-07-26T00:00:00