VARIoT IoT vulnerabilities database
| VAR-202101-1836 | CVE-2021-3186 | Tenda AC5 AC1200 Cross-site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: 5.4 Severity: MEDIUM |
A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter. Tenda AC5 AC1200 Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Tenda AC5 is an AC1200 smart dual-band WiFi router
| VAR-202101-0897 | CVE-2021-22653 | V-Simulator and V-Server Lite Out-of-bounds Vulnerability in Microsoft |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments. The software can collect information about PLCs, temperature controllers, inverters and other equipment.
Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite have an out-of-bounds write vulnerability, which can be exploited by attackers to execute arbitrary code
| VAR-202101-0898 | CVE-2021-22655 | V-Simulator and V-Server Lite Out-of-bounds read vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds read.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments. The software can collect information about PLCs, temperature controllers, inverters and other equipment.
Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite have an out-of-bounds read vulnerability. Attackers can use this vulnerability to execute arbitrary code
| VAR-202102-0479 | CVE-2021-20638 | Multiple vulnerabilities in multiple Logitec products |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: Medium |
LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors. The following multiple vulnerabilities exist in multiple products provided by Logitec Co., Ltd. -Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2021-20635 ・ Cross-site request forgery (CWE-352) - CVE-2021-20636, CVE-2021-20641 • Improper checking or handling for exceptional situations (CWE-703) - CVE-2021-20637, CVE-2021-20642 ・ OS Command injection (CWE-78) - CVE-2021-20638 ・ OS Command injection (CWE-78) - CVE-2021-20639 ・ Buffer overflow (CWE-119) - CVE-2021-20640 CVE-2021-20635 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Kanagawa Institute of Technology Minegishi Takaaki Mr. Okamoto Tsuyoshi Mr CVE-2021-20636, CVE-2021-20637, CVE-2021-20642 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr CVE-2021-20638, CVE-2021-20639, CVE-2021-20640 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tsukamoto Taizo Mr CVE-2021-20641 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr. Techmatrix Corporation Atsuo Sakurai MrThe expected impact depends on each vulnerability, but it may be affected as follows. ・ Wireless of the corresponding device LAN By a third party within reach PIN Is decrypted and the network provided by the device is accessed. - CVE-2021-20635 ・ Of the product Web The user logged in to the admin page has been crafted URL You can unintentionally change the settings of the product by accessing - CVE-2021-20636, CVE-2021-20641 ・ Of the product Web The user logged in to the admin page has been crafted URL Interfering with service operations by accessing (DoS) Be attacked - CVE-2021-20637, CVE-2021-20642 ・ Of the product Web Arbitrary by an attacker with access to the admin page OS Command is executed - CVE-2021-20638, CVE-2021-20639, CVE-2021-20640. LOGITEC CORPORATION LAN-W300N/PGRB is a wireless router device.
LOGITEC CORPORATION LAN-W300N/PGRB has an operating system command injection vulnerability
| VAR-202102-0480 | CVE-2021-20639 | LOGITEC CORPORATION LAN-W300N/PGRB operating system command injection vulnerability |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: Medium |
LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors. The following multiple vulnerabilities exist in multiple products provided by Logitec Co., Ltd. -Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2021-20635 ・ Cross-site request forgery (CWE-352) - CVE-2021-20636, CVE-2021-20641 • Improper checking or handling for exceptional situations (CWE-703) - CVE-2021-20637, CVE-2021-20642 ・ OS Command injection (CWE-78) - CVE-2021-20638 ・ OS Command injection (CWE-78) - CVE-2021-20639 ・ Buffer overflow (CWE-119) - CVE-2021-20640 CVE-2021-20635 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Kanagawa Institute of Technology Minegishi Takaaki Mr. Okamoto Tsuyoshi Mr CVE-2021-20636, CVE-2021-20637, CVE-2021-20642 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr CVE-2021-20638, CVE-2021-20639, CVE-2021-20640 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tsukamoto Taizo Mr CVE-2021-20641 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr. Techmatrix Corporation Atsuo Sakurai MrThe expected impact depends on each vulnerability, but it may be affected as follows. ・ Wireless of the corresponding device LAN By a third party within reach PIN Is decrypted and the network provided by the device is accessed. - CVE-2021-20635 ・ Of the product Web The user logged in to the admin page has been crafted URL You can unintentionally change the settings of the product by accessing - CVE-2021-20636, CVE-2021-20641 ・ Of the product Web The user logged in to the admin page has been crafted URL Interfering with service operations by accessing (DoS) Be attacked - CVE-2021-20637, CVE-2021-20642 ・ Of the product Web Arbitrary by an attacker with access to the admin page OS Command is executed - CVE-2021-20638, CVE-2021-20639, CVE-2021-20640. LOGITEC CORPORATION LAN-W300N/PGRB is a wireless router device.
LOGITEC CORPORATION LAN-W300N/PGRB has an operating system command injection vulnerability
| VAR-202101-1926 | CVE-2021-3156 | Sensormatic Electronics Made Illustra Vulnerability related to judgment of boundary conditions |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. Sensormatic Electronics Company ( Johnson Controls subsidiary) Illustra is a surveillance and security camera system. Illustra includes vulnerabilities related to boundary condition determination ( CWE-193 , CVE-2021-3156 ) exists.Installed in the product by a third party under certain conditions Linux Operating system administrator privileges can be obtained. Relevant releases/architectures:
RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64
Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch
3. These packages include redhat-release-virtualization-host,
ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user
interface for monitoring the host's resources and performing administrative
tasks.
Bug Fix(es):
* Previously, the Red Hat Virtualization Host (RHV-H) repository
(rhvh-4-for-rhel-8-x86_64-rpms) did not include the libsmbclient package,
which is a dependency for the sssd-ad package. Consequently, the sssd-ad
package failed to install.
With this update, the libsmbclient is now in the RHV-H repository, and
sssd-ad now installs on RHV-H. (BZ#1868967)
4. Bugs fixed (https://bugzilla.redhat.com/):
1850939 - Hosted engine deployment does not properly show iSCSI LUN errors
1868967 - sssd-ad installation fails on RHV-H 4.4 due to missing libsmbclient from samba package in rhvh-4-for-rhel-8-x86_64-rpms channel
1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker
1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker
1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker
1902315 - Rebase RHV-H 4.4 to RHV 4.4.4
1902646 - ssh connection fails due to overly permissive openssh.config file permissions
1909644 - HE deploy failed with "Failed to download metadata for repo 'rhel-8-for-x86_64-baseos-beta-rpms': Cannot download repomd.xml
1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
1921553 - RHVH upgrade to the latest 4.4.4-1 build will fail due to FileNotFoundError
1923126 - Hosted Engine setup fails on storage selection - Retrieval of iSCSI targets failed. 6 ELS) - i386, s390x, x86_64
3. ==========================================================================
Ubuntu Security Notice USN-4705-1
January 26, 2021
sudo vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Sudo. A local attacker could possibly use this issue to obtain unintended
access to the administrator account. (CVE-2021-3156)
It was discovered that the Sudo sudoedit utility incorrectly handled
checking directory permissions. A local attacker could possibly use this
issue to bypass file permissions and determine if a directory exists or
not. (CVE-2021-23239)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
sudo 1.9.1-1ubuntu1.1
sudo-ldap 1.9.1-1ubuntu1.1
Ubuntu 20.04 LTS:
sudo 1.8.31-1ubuntu1.2
sudo-ldap 1.8.31-1ubuntu1.2
Ubuntu 18.04 LTS:
sudo 1.8.21p2-3ubuntu1.4
sudo-ldap 1.8.21p2-3ubuntu1.4
Ubuntu 16.04 LTS:
sudo 1.8.16-0ubuntu1.10
sudo-ldap 1.8.16-0ubuntu1.10
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: sudo security update
Advisory ID: RHSA-2021:0223-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0223
Issue date: 2021-01-26
CVE Names: CVE-2021-3156
====================================================================
1. Summary:
An update for sudo is now available for Red Hat Enterprise Linux 7.6
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x
3. Description:
The sudo packages contain the sudo utility which allows system
administrators to provide certain users with the permission to execute
privileged commands, which are used for system management purposes, without
having to log in as root.
Security Fix(es):
* sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
6. Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):
Source:
sudo-1.8.23-3.el7_6.2.src.rpm
x86_64:
sudo-1.8.23-3.el7_6.2.x86_64.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):
x86_64:
sudo-debuginfo-1.8.23-3.el7_6.2.i686.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.x86_64.rpm
sudo-devel-1.8.23-3.el7_6.2.i686.rpm
sudo-devel-1.8.23-3.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.6):
Source:
sudo-1.8.23-3.el7_6.2.src.rpm
ppc64:
sudo-1.8.23-3.el7_6.2.ppc64.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.ppc64.rpm
ppc64le:
sudo-1.8.23-3.el7_6.2.ppc64le.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.ppc64le.rpm
s390x:
sudo-1.8.23-3.el7_6.2.s390x.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.s390x.rpm
x86_64:
sudo-1.8.23-3.el7_6.2.x86_64.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source:
sudo-1.8.23-3.el7_6.2.src.rpm
aarch64:
sudo-1.8.23-3.el7_6.2.aarch64.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.aarch64.rpm
ppc64le:
sudo-1.8.23-3.el7_6.2.ppc64le.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.ppc64le.rpm
s390x:
sudo-1.8.23-3.el7_6.2.s390x.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.s390x.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.6):
ppc64:
sudo-debuginfo-1.8.23-3.el7_6.2.ppc.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.ppc64.rpm
sudo-devel-1.8.23-3.el7_6.2.ppc.rpm
sudo-devel-1.8.23-3.el7_6.2.ppc64.rpm
ppc64le:
sudo-debuginfo-1.8.23-3.el7_6.2.ppc64le.rpm
sudo-devel-1.8.23-3.el7_6.2.ppc64le.rpm
s390x:
sudo-debuginfo-1.8.23-3.el7_6.2.s390.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.s390x.rpm
sudo-devel-1.8.23-3.el7_6.2.s390.rpm
sudo-devel-1.8.23-3.el7_6.2.s390x.rpm
x86_64:
sudo-debuginfo-1.8.23-3.el7_6.2.i686.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.x86_64.rpm
sudo-devel-1.8.23-3.el7_6.2.i686.rpm
sudo-devel-1.8.23-3.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64:
sudo-debuginfo-1.8.23-3.el7_6.2.aarch64.rpm
sudo-devel-1.8.23-3.el7_6.2.aarch64.rpm
ppc64le:
sudo-debuginfo-1.8.23-3.el7_6.2.ppc64le.rpm
sudo-devel-1.8.23-3.el7_6.2.ppc64le.rpm
s390x:
sudo-debuginfo-1.8.23-3.el7_6.2.s390.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.s390x.rpm
sudo-devel-1.8.23-3.el7_6.2.s390.rpm
sudo-devel-1.8.23-3.el7_6.2.s390x.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3156
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYBCATtzjgjWX9erEAQiDkQ/8CyCFW0G3itmCMGwXsP5atS6Tgqc4zwbC
ofAgAgWoKKlwelFIMra1XlbcwSiqDKyxRvZVXiberbmvsecRShd7y29CMf75R2FO
P7qGv5BY8BLX0zDwHHNTSCdX4EXoMi4OUUzmO4JEgys8Vc0QfLyEpQJbIPJaeE/C
OI6niwwsSKeB06CjOpmHef/xoltdiCRkAJ84A3wBN8L603Lbl7Ou1PpomXFTmBpx
1ZI+vHe+rGXLMLYsJOyZSi87spHiXX7ZUwHwf3LOpQvIEP3tTU7QVykAsB2nIWIh
VVqjPwOeK4wxM1xn2DtBAeBE1m3QG9xBirIQosAUqh8v7coWyy+kNZxxnFKS8v5F
ZuQpsM2c0EbEcz7QL703in6m/1fG8oT6QI/K0PQvAQBlxt4XG0N1Shz1XfCa884z
0xF5C31bd8tDOuakZNPg7ePLXpaZtyn/CZ5kyWIaSkMV5J1vYZIHPyJpb83QecUr
c9vjQgD49kz2FzwJkGPcWAeqjBVFrRbE7TJQ8IAzkM08x6XeKuLp8sXixzhXzboy
9TBb65s22fEiHlMCcqW62QJGELPDLSwVvjasnX0tzkSE5t6NYV6HDbHRYcHJEG2b
BWwYRlTvgfK1sodYoCGs6IeJVD8nHIeflNgkn0WQIbOznJjmBjgXXGGdj0XPDDuD
l3p+edOWn0U=GeG5
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. 8) - aarch64, ppc64le, s390x, x86_64
3
| VAR-202101-1249 | CVE-2020-36230 | OpenLDAP Reachable assertion vulnerabilities in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. OpenLDAP Exists in a reachable assertion vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There are security vulnerabilities in OpenLDAP versions prior to 2.4.57. An attacker could exploit this vulnerability to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-05-25-2 macOS Big Sur 11.4
macOS Big Sur 11.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212529.
AMD
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30678: Yu Wang of Didi Research America
AMD
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30676: shrek_wzw
App Store
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30688: Thijs Alkemade of Computest Research Division
AppleScript
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30669: Yair Hoffmann
Audio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day
Initiative
Audio
Available for: macOS Big Sur
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
Core Services
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock
Available for: macOS Big Sur
Impact: A malicious application may be able to access a user's call
history
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers
Available for: macOS Big Sur
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Graphics Drivers
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
Heimdal
Available for: macOS Big Sur
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue was addressed by removing
the vulnerable code.
CVE-2021-30719: an anonymous researcher working with Trend Micro Zero
Day Initiative
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: macOS Big Sur
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2021-30736: Ian Beer of Google Project Zero
Kernel
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kext Management
Available for: macOS Big Sur
Impact: A local user may be able to load unsigned kernel extensions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security
LaunchServices
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Login Window
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window
Description: A logic issue was addressed with improved state
management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Mail
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
misrepresent application state
Description: A logic issue was addressed with improved state
management.
CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster
University of Applied Sciences
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Big Sur
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36227
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36221
CVE-2020-36228
CVE-2020-36222
CVE-2020-36230
CVE-2020-36229
PackageKit
Available for: macOS Big Sur
Impact: A malicious application may be able to overwrite arbitrary
files
Description: An issue with path validation logic for hardlinks was
addressed with improved path sanitization.
CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl
(@theevilbit) of Offensive Security
Security
Available for: macOS Big Sur
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was
addressed by removing the vulnerable code.
CVE-2021-30737: xerub
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
perform denial of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
Software Update
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window during a software update
Description: This issue was addressed with improved checks.
CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro
SoftwareUpdate
Available for: macOS Big Sur
Impact: A non-privileged user may be able to modify restricted
settings
Description: This issue was addressed with improved checks.
CVE-2021-30718: SiQian Wei of ByteDance Security
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to send unauthorized
Apple events to Finder
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy
preferences. Apple is aware of a report that this issue may have been
actively exploited.
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30713: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed
with improved tracking of security origins.
CVE-2021-30744: Dan Hite of jsontop
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: macOS Big Sur
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: an anonymous researcher and 1lastBr3ath
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30689: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
WebKit
Available for: macOS Big Sur
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)
WebRTC
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference was addressed with improved
input validation.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google
Additional recognition
App Store
We would like to acknowledge Thijs Alkemade of Computest Research
Division for their assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-
financial TianQiong Security Lab for their assistance.
ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day
Initiative and an anonymous researcher for their assistance.
Mail Drafts
We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their
assistance.
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6
jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q
vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ
8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o
muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3
CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM
hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv
esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB
mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ
rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa
WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98
od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk=
=Avma
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4845-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 03, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openldap
CVE ID : CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224
CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228
CVE-2020-36229 CVE-2020-36230
Several vulnerabilities were discovered in OpenLDAP, a free
implementation of the Lightweight Directory Access Protocol. An
unauthenticated remote attacker can take advantage of these flaws to
cause a denial of service (slapd daemon crash, infinite loops) via
specially crafted packets.
For the stable distribution (buster), these problems have been fixed in
version 2.4.47+dfsg-3+deb10u5.
We recommend that you upgrade your openldap packages
| VAR-202101-1245 | CVE-2020-36226 | OpenLDAP Vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. OpenLDAP Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There are security vulnerabilities in OpenLDAP versions prior to 2.4.57. The vulnerability stems from a miscalculation of mesl->bv_len and a crash during saslAuthzTo processing. An attacker could exploit this vulnerability to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-05-25-2 macOS Big Sur 11.4
macOS Big Sur 11.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212529.
AMD
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30678: Yu Wang of Didi Research America
AMD
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30676: shrek_wzw
App Store
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30688: Thijs Alkemade of Computest Research Division
AppleScript
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30669: Yair Hoffmann
Audio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day
Initiative
Audio
Available for: macOS Big Sur
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
Core Services
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock
Available for: macOS Big Sur
Impact: A malicious application may be able to access a user's call
history
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers
Available for: macOS Big Sur
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Graphics Drivers
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
Heimdal
Available for: macOS Big Sur
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue was addressed by removing
the vulnerable code.
CVE-2021-30719: an anonymous researcher working with Trend Micro Zero
Day Initiative
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: macOS Big Sur
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2021-30736: Ian Beer of Google Project Zero
Kernel
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kext Management
Available for: macOS Big Sur
Impact: A local user may be able to load unsigned kernel extensions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security
LaunchServices
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Login Window
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window
Description: A logic issue was addressed with improved state
management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Mail
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
misrepresent application state
Description: A logic issue was addressed with improved state
management.
CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster
University of Applied Sciences
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Big Sur
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36227
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36221
CVE-2020-36228
CVE-2020-36222
CVE-2020-36230
CVE-2020-36229
PackageKit
Available for: macOS Big Sur
Impact: A malicious application may be able to overwrite arbitrary
files
Description: An issue with path validation logic for hardlinks was
addressed with improved path sanitization.
CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl
(@theevilbit) of Offensive Security
Security
Available for: macOS Big Sur
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was
addressed by removing the vulnerable code.
CVE-2021-30737: xerub
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
perform denial of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
Software Update
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window during a software update
Description: This issue was addressed with improved checks.
CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro
SoftwareUpdate
Available for: macOS Big Sur
Impact: A non-privileged user may be able to modify restricted
settings
Description: This issue was addressed with improved checks.
CVE-2021-30718: SiQian Wei of ByteDance Security
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to send unauthorized
Apple events to Finder
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy
preferences. Apple is aware of a report that this issue may have been
actively exploited.
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30713: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed
with improved tracking of security origins.
CVE-2021-30744: Dan Hite of jsontop
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: macOS Big Sur
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: an anonymous researcher and 1lastBr3ath
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30689: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
WebKit
Available for: macOS Big Sur
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)
WebRTC
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference was addressed with improved
input validation.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google
Additional recognition
App Store
We would like to acknowledge Thijs Alkemade of Computest Research
Division for their assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-
financial TianQiong Security Lab for their assistance.
ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day
Initiative and an anonymous researcher for their assistance.
Mail Drafts
We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their
assistance.
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6
jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q
vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ
8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o
muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3
CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM
hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv
esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB
mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ
rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa
WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98
od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk=
=Avma
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4845-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 03, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openldap
CVE ID : CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224
CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228
CVE-2020-36229 CVE-2020-36230
Several vulnerabilities were discovered in OpenLDAP, a free
implementation of the Lightweight Directory Access Protocol. An
unauthenticated remote attacker can take advantage of these flaws to
cause a denial of service (slapd daemon crash, infinite loops) via
specially crafted packets.
For the stable distribution (buster), these problems have been fixed in
version 2.4.47+dfsg-3+deb10u5.
We recommend that you upgrade your openldap packages
| VAR-202101-1244 | CVE-2020-36225 | OpenLDAP Double release vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. OpenLDAP There is a double release vulnerability in.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There are security vulnerabilities in OpenLDAP versions prior to 2.4.57. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-05-25-2 macOS Big Sur 11.4
macOS Big Sur 11.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212529.
AMD
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30678: Yu Wang of Didi Research America
AMD
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30676: shrek_wzw
App Store
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30688: Thijs Alkemade of Computest Research Division
AppleScript
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30669: Yair Hoffmann
Audio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day
Initiative
Audio
Available for: macOS Big Sur
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
Core Services
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock
Available for: macOS Big Sur
Impact: A malicious application may be able to access a user's call
history
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers
Available for: macOS Big Sur
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Graphics Drivers
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
Heimdal
Available for: macOS Big Sur
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue was addressed by removing
the vulnerable code.
CVE-2021-30719: an anonymous researcher working with Trend Micro Zero
Day Initiative
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: macOS Big Sur
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2021-30736: Ian Beer of Google Project Zero
Kernel
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kext Management
Available for: macOS Big Sur
Impact: A local user may be able to load unsigned kernel extensions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security
LaunchServices
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Login Window
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window
Description: A logic issue was addressed with improved state
management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Mail
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
misrepresent application state
Description: A logic issue was addressed with improved state
management.
CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster
University of Applied Sciences
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Big Sur
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36227
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36221
CVE-2020-36228
CVE-2020-36222
CVE-2020-36230
CVE-2020-36229
PackageKit
Available for: macOS Big Sur
Impact: A malicious application may be able to overwrite arbitrary
files
Description: An issue with path validation logic for hardlinks was
addressed with improved path sanitization.
CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl
(@theevilbit) of Offensive Security
Security
Available for: macOS Big Sur
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was
addressed by removing the vulnerable code.
CVE-2021-30737: xerub
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
perform denial of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
Software Update
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window during a software update
Description: This issue was addressed with improved checks.
CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro
SoftwareUpdate
Available for: macOS Big Sur
Impact: A non-privileged user may be able to modify restricted
settings
Description: This issue was addressed with improved checks.
CVE-2021-30718: SiQian Wei of ByteDance Security
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to send unauthorized
Apple events to Finder
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy
preferences. Apple is aware of a report that this issue may have been
actively exploited.
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30713: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed
with improved tracking of security origins.
CVE-2021-30744: Dan Hite of jsontop
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: macOS Big Sur
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: an anonymous researcher and 1lastBr3ath
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30689: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
WebKit
Available for: macOS Big Sur
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)
WebRTC
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference was addressed with improved
input validation.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google
Additional recognition
App Store
We would like to acknowledge Thijs Alkemade of Computest Research
Division for their assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-
financial TianQiong Security Lab for their assistance.
ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day
Initiative and an anonymous researcher for their assistance.
Mail Drafts
We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their
assistance.
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6
jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q
vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ
8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o
muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3
CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM
hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv
esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB
mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ
rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa
WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98
od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk=
=Avma
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-4724-1
February 08, 2021
openldap vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in OpenLDAP.
Software Description:
- openldap: Lightweight Directory Access Protocol
Details:
It was discovered that OpenLDAP incorrectly handled Certificate Exact
Assertion processing. (CVE-2020-36221)
It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing.
(CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
It was discovered that OpenLDAP incorrectly handled Return Filter control
handling. (CVE-2020-36223)
It was discovered that OpenLDAP incorrectly handled certain cancel
operations. (CVE-2020-36227)
It was discovered that OpenLDAP incorrectly handled Certificate List
Extract Assertion processing.
(CVE-2020-36228)
It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. (CVE-2020-36229, CVE-2020-36230)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
slapd 2.4.53+dfsg-1ubuntu1.3
Ubuntu 20.04 LTS:
slapd 2.4.49+dfsg-2ubuntu1.6
Ubuntu 18.04 LTS:
slapd 2.4.45+dfsg-1ubuntu1.9
Ubuntu 16.04 LTS:
slapd 2.4.42+dfsg-2ubuntu3.12
In general, a standard system update will make all the necessary changes.
For the stable distribution (buster), these problems have been fixed in
version 2.4.47+dfsg-3+deb10u5.
We recommend that you upgrade your openldap packages
| VAR-202101-1243 | CVE-2020-36224 | OpenLDAP Vulnerability in releasing invalid pointers and references in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. OpenLDAP There is a vulnerability in freeing invalid pointers and references.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There are security vulnerabilities in OpenLDAP versions prior to 2.4.57. An attacker could exploit this vulnerability to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-05-25-2 macOS Big Sur 11.4
macOS Big Sur 11.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212529.
AMD
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30678: Yu Wang of Didi Research America
AMD
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30676: shrek_wzw
App Store
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30688: Thijs Alkemade of Computest Research Division
AppleScript
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30669: Yair Hoffmann
Audio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day
Initiative
Audio
Available for: macOS Big Sur
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
Core Services
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock
Available for: macOS Big Sur
Impact: A malicious application may be able to access a user's call
history
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers
Available for: macOS Big Sur
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Graphics Drivers
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
Heimdal
Available for: macOS Big Sur
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue was addressed by removing
the vulnerable code.
CVE-2021-30719: an anonymous researcher working with Trend Micro Zero
Day Initiative
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: macOS Big Sur
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2021-30736: Ian Beer of Google Project Zero
Kernel
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kext Management
Available for: macOS Big Sur
Impact: A local user may be able to load unsigned kernel extensions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security
LaunchServices
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Login Window
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window
Description: A logic issue was addressed with improved state
management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Mail
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
misrepresent application state
Description: A logic issue was addressed with improved state
management.
CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster
University of Applied Sciences
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Big Sur
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36227
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36221
CVE-2020-36228
CVE-2020-36222
CVE-2020-36230
CVE-2020-36229
PackageKit
Available for: macOS Big Sur
Impact: A malicious application may be able to overwrite arbitrary
files
Description: An issue with path validation logic for hardlinks was
addressed with improved path sanitization.
CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl
(@theevilbit) of Offensive Security
Security
Available for: macOS Big Sur
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was
addressed by removing the vulnerable code.
CVE-2021-30737: xerub
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
perform denial of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
Software Update
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window during a software update
Description: This issue was addressed with improved checks.
CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro
SoftwareUpdate
Available for: macOS Big Sur
Impact: A non-privileged user may be able to modify restricted
settings
Description: This issue was addressed with improved checks.
CVE-2021-30718: SiQian Wei of ByteDance Security
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to send unauthorized
Apple events to Finder
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy
preferences. Apple is aware of a report that this issue may have been
actively exploited.
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30713: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed
with improved tracking of security origins.
CVE-2021-30744: Dan Hite of jsontop
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: macOS Big Sur
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: an anonymous researcher and 1lastBr3ath
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30689: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
WebKit
Available for: macOS Big Sur
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)
WebRTC
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference was addressed with improved
input validation.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google
Additional recognition
App Store
We would like to acknowledge Thijs Alkemade of Computest Research
Division for their assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-
financial TianQiong Security Lab for their assistance.
ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day
Initiative and an anonymous researcher for their assistance.
Mail Drafts
We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their
assistance.
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6
jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q
vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ
8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o
muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3
CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM
hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv
esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB
mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ
rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa
WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98
od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk=
=Avma
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4845-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 03, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openldap
CVE ID : CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224
CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228
CVE-2020-36229 CVE-2020-36230
Several vulnerabilities were discovered in OpenLDAP, a free
implementation of the Lightweight Directory Access Protocol. An
unauthenticated remote attacker can take advantage of these flaws to
cause a denial of service (slapd daemon crash, infinite loops) via
specially crafted packets.
For the stable distribution (buster), these problems have been fixed in
version 2.4.47+dfsg-3+deb10u5.
We recommend that you upgrade your openldap packages
| VAR-202101-1247 | CVE-2020-36228 | OpenLDAP Integer underflow vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. OpenLDAP Exists in an integer underflow vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There is a denial of service vulnerability in OpenLDAP versions prior to 2.4.57. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-05-25-2 macOS Big Sur 11.4
macOS Big Sur 11.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212529.
AMD
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30678: Yu Wang of Didi Research America
AMD
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30676: shrek_wzw
App Store
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30688: Thijs Alkemade of Computest Research Division
AppleScript
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30669: Yair Hoffmann
Audio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day
Initiative
Audio
Available for: macOS Big Sur
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
Core Services
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock
Available for: macOS Big Sur
Impact: A malicious application may be able to access a user's call
history
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers
Available for: macOS Big Sur
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Graphics Drivers
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
Heimdal
Available for: macOS Big Sur
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue was addressed by removing
the vulnerable code.
CVE-2021-30719: an anonymous researcher working with Trend Micro Zero
Day Initiative
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: macOS Big Sur
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2021-30736: Ian Beer of Google Project Zero
Kernel
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kext Management
Available for: macOS Big Sur
Impact: A local user may be able to load unsigned kernel extensions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security
LaunchServices
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Login Window
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window
Description: A logic issue was addressed with improved state
management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Mail
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
misrepresent application state
Description: A logic issue was addressed with improved state
management.
CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster
University of Applied Sciences
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Big Sur
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36227
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36221
CVE-2020-36228
CVE-2020-36222
CVE-2020-36230
CVE-2020-36229
PackageKit
Available for: macOS Big Sur
Impact: A malicious application may be able to overwrite arbitrary
files
Description: An issue with path validation logic for hardlinks was
addressed with improved path sanitization.
CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl
(@theevilbit) of Offensive Security
Security
Available for: macOS Big Sur
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was
addressed by removing the vulnerable code.
CVE-2021-30737: xerub
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
perform denial of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
Software Update
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window during a software update
Description: This issue was addressed with improved checks.
CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro
SoftwareUpdate
Available for: macOS Big Sur
Impact: A non-privileged user may be able to modify restricted
settings
Description: This issue was addressed with improved checks.
CVE-2021-30718: SiQian Wei of ByteDance Security
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to send unauthorized
Apple events to Finder
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy
preferences. Apple is aware of a report that this issue may have been
actively exploited.
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30713: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed
with improved tracking of security origins.
CVE-2021-30744: Dan Hite of jsontop
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: macOS Big Sur
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: an anonymous researcher and 1lastBr3ath
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30689: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
WebKit
Available for: macOS Big Sur
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)
WebRTC
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference was addressed with improved
input validation.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google
Additional recognition
App Store
We would like to acknowledge Thijs Alkemade of Computest Research
Division for their assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-
financial TianQiong Security Lab for their assistance.
ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day
Initiative and an anonymous researcher for their assistance.
Mail Drafts
We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their
assistance.
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6
jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q
vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ
8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o
muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3
CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM
hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv
esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB
mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ
rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa
WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98
od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk=
=Avma
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-4724-1
February 08, 2021
openldap vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in OpenLDAP. (CVE-2020-36221)
It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing.
(CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
It was discovered that OpenLDAP incorrectly handled Return Filter control
handling. (CVE-2020-36223)
It was discovered that OpenLDAP incorrectly handled certain cancel
operations.
(CVE-2020-36228)
It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. (CVE-2020-36229, CVE-2020-36230)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
slapd 2.4.53+dfsg-1ubuntu1.3
Ubuntu 20.04 LTS:
slapd 2.4.49+dfsg-2ubuntu1.6
Ubuntu 18.04 LTS:
slapd 2.4.45+dfsg-1ubuntu1.9
Ubuntu 16.04 LTS:
slapd 2.4.42+dfsg-2ubuntu3.12
In general, a standard system update will make all the necessary changes.
For the stable distribution (buster), these problems have been fixed in
version 2.4.47+dfsg-3+deb10u5.
We recommend that you upgrade your openldap packages
| VAR-202101-1241 | CVE-2020-36222 | OpenLDAP Reachable assertion vulnerabilities in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. OpenLDAP Exists in a reachable assertion vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There are security vulnerabilities in OpenLDAP versions prior to 2.4.57. An attacker could exploit this vulnerability to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-05-25-2 macOS Big Sur 11.4
macOS Big Sur 11.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212529.
AMD
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30678: Yu Wang of Didi Research America
AMD
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30676: shrek_wzw
App Store
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30688: Thijs Alkemade of Computest Research Division
AppleScript
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30669: Yair Hoffmann
Audio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day
Initiative
Audio
Available for: macOS Big Sur
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
Core Services
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock
Available for: macOS Big Sur
Impact: A malicious application may be able to access a user's call
history
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers
Available for: macOS Big Sur
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Graphics Drivers
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
Heimdal
Available for: macOS Big Sur
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue was addressed by removing
the vulnerable code.
CVE-2021-30719: an anonymous researcher working with Trend Micro Zero
Day Initiative
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: macOS Big Sur
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2021-30736: Ian Beer of Google Project Zero
Kernel
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kext Management
Available for: macOS Big Sur
Impact: A local user may be able to load unsigned kernel extensions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security
LaunchServices
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Login Window
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window
Description: A logic issue was addressed with improved state
management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Mail
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
misrepresent application state
Description: A logic issue was addressed with improved state
management.
CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster
University of Applied Sciences
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Big Sur
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36227
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36221
CVE-2020-36228
CVE-2020-36222
CVE-2020-36230
CVE-2020-36229
PackageKit
Available for: macOS Big Sur
Impact: A malicious application may be able to overwrite arbitrary
files
Description: An issue with path validation logic for hardlinks was
addressed with improved path sanitization.
CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl
(@theevilbit) of Offensive Security
Security
Available for: macOS Big Sur
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was
addressed by removing the vulnerable code.
CVE-2021-30737: xerub
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
perform denial of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
Software Update
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window during a software update
Description: This issue was addressed with improved checks.
CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro
SoftwareUpdate
Available for: macOS Big Sur
Impact: A non-privileged user may be able to modify restricted
settings
Description: This issue was addressed with improved checks.
CVE-2021-30718: SiQian Wei of ByteDance Security
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to send unauthorized
Apple events to Finder
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy
preferences. Apple is aware of a report that this issue may have been
actively exploited.
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30713: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed
with improved tracking of security origins.
CVE-2021-30744: Dan Hite of jsontop
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: macOS Big Sur
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: an anonymous researcher and 1lastBr3ath
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30689: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
WebKit
Available for: macOS Big Sur
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)
WebRTC
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference was addressed with improved
input validation.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google
Additional recognition
App Store
We would like to acknowledge Thijs Alkemade of Computest Research
Division for their assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-
financial TianQiong Security Lab for their assistance.
ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day
Initiative and an anonymous researcher for their assistance.
Mail Drafts
We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their
assistance.
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6
jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q
vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ
8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o
muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3
CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM
hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv
esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB
mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ
rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa
WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98
od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk=
=Avma
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4845-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 03, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openldap
CVE ID : CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224
CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228
CVE-2020-36229 CVE-2020-36230
Several vulnerabilities were discovered in OpenLDAP, a free
implementation of the Lightweight Directory Access Protocol. An
unauthenticated remote attacker can take advantage of these flaws to
cause a denial of service (slapd daemon crash, infinite loops) via
specially crafted packets.
For the stable distribution (buster), these problems have been fixed in
version 2.4.47+dfsg-3+deb10u5.
We recommend that you upgrade your openldap packages
| VAR-202101-1248 | CVE-2020-36229 | OpenLDAP Vulnerability regarding mistyping in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. OpenLDAP Exists in a mistyped vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There are security vulnerabilities in OpenLDAP versions prior to 2.4.57. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-05-25-2 macOS Big Sur 11.4
macOS Big Sur 11.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212529.
AMD
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30678: Yu Wang of Didi Research America
AMD
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30676: shrek_wzw
App Store
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30688: Thijs Alkemade of Computest Research Division
AppleScript
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30669: Yair Hoffmann
Audio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day
Initiative
Audio
Available for: macOS Big Sur
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
Core Services
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock
Available for: macOS Big Sur
Impact: A malicious application may be able to access a user's call
history
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers
Available for: macOS Big Sur
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Graphics Drivers
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
Heimdal
Available for: macOS Big Sur
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue was addressed by removing
the vulnerable code.
CVE-2021-30719: an anonymous researcher working with Trend Micro Zero
Day Initiative
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: macOS Big Sur
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2021-30736: Ian Beer of Google Project Zero
Kernel
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kext Management
Available for: macOS Big Sur
Impact: A local user may be able to load unsigned kernel extensions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security
LaunchServices
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Login Window
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window
Description: A logic issue was addressed with improved state
management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Mail
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
misrepresent application state
Description: A logic issue was addressed with improved state
management.
CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster
University of Applied Sciences
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Big Sur
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36227
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36221
CVE-2020-36228
CVE-2020-36222
CVE-2020-36230
CVE-2020-36229
PackageKit
Available for: macOS Big Sur
Impact: A malicious application may be able to overwrite arbitrary
files
Description: An issue with path validation logic for hardlinks was
addressed with improved path sanitization.
CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl
(@theevilbit) of Offensive Security
Security
Available for: macOS Big Sur
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was
addressed by removing the vulnerable code.
CVE-2021-30737: xerub
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
perform denial of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
Software Update
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window during a software update
Description: This issue was addressed with improved checks.
CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro
SoftwareUpdate
Available for: macOS Big Sur
Impact: A non-privileged user may be able to modify restricted
settings
Description: This issue was addressed with improved checks.
CVE-2021-30718: SiQian Wei of ByteDance Security
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to send unauthorized
Apple events to Finder
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy
preferences. Apple is aware of a report that this issue may have been
actively exploited.
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30713: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed
with improved tracking of security origins.
CVE-2021-30744: Dan Hite of jsontop
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: macOS Big Sur
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: an anonymous researcher and 1lastBr3ath
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30689: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
WebKit
Available for: macOS Big Sur
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)
WebRTC
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference was addressed with improved
input validation.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google
Additional recognition
App Store
We would like to acknowledge Thijs Alkemade of Computest Research
Division for their assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-
financial TianQiong Security Lab for their assistance.
ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day
Initiative and an anonymous researcher for their assistance.
Mail Drafts
We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their
assistance.
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6
jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q
vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ
8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o
muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3
CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM
hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv
esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB
mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ
rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa
WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98
od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk=
=Avma
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-4724-1
February 08, 2021
openldap vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in OpenLDAP.
Software Description:
- openldap: Lightweight Directory Access Protocol
Details:
It was discovered that OpenLDAP incorrectly handled Certificate Exact
Assertion processing. (CVE-2020-36221)
It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing.
(CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
It was discovered that OpenLDAP incorrectly handled Return Filter control
handling. (CVE-2020-36223)
It was discovered that OpenLDAP incorrectly handled certain cancel
operations. (CVE-2020-36227)
It was discovered that OpenLDAP incorrectly handled Certificate List
Extract Assertion processing. (CVE-2020-36229, CVE-2020-36230)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
slapd 2.4.53+dfsg-1ubuntu1.3
Ubuntu 20.04 LTS:
slapd 2.4.49+dfsg-2ubuntu1.6
Ubuntu 18.04 LTS:
slapd 2.4.45+dfsg-1ubuntu1.9
Ubuntu 16.04 LTS:
slapd 2.4.42+dfsg-2ubuntu3.12
In general, a standard system update will make all the necessary changes.
For the stable distribution (buster), these problems have been fixed in
version 2.4.47+dfsg-3+deb10u5.
We recommend that you upgrade your openldap packages
| VAR-202101-1246 | CVE-2020-36227 | OpenLDAP Infinite loop vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There are security vulnerabilities in OpenLDAP versions prior to 2.4.57. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-05-25-2 macOS Big Sur 11.4
macOS Big Sur 11.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212529.
AMD
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30678: Yu Wang of Didi Research America
AMD
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30676: shrek_wzw
App Store
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30688: Thijs Alkemade of Computest Research Division
AppleScript
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30669: Yair Hoffmann
Audio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day
Initiative
Audio
Available for: macOS Big Sur
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
Core Services
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock
Available for: macOS Big Sur
Impact: A malicious application may be able to access a user's call
history
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers
Available for: macOS Big Sur
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Graphics Drivers
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
Heimdal
Available for: macOS Big Sur
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue was addressed by removing
the vulnerable code.
CVE-2021-30719: an anonymous researcher working with Trend Micro Zero
Day Initiative
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: macOS Big Sur
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2021-30736: Ian Beer of Google Project Zero
Kernel
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kext Management
Available for: macOS Big Sur
Impact: A local user may be able to load unsigned kernel extensions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security
LaunchServices
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Login Window
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window
Description: A logic issue was addressed with improved state
management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Mail
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
misrepresent application state
Description: A logic issue was addressed with improved state
management.
CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster
University of Applied Sciences
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Big Sur
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36227
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36221
CVE-2020-36228
CVE-2020-36222
CVE-2020-36230
CVE-2020-36229
PackageKit
Available for: macOS Big Sur
Impact: A malicious application may be able to overwrite arbitrary
files
Description: An issue with path validation logic for hardlinks was
addressed with improved path sanitization.
CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl
(@theevilbit) of Offensive Security
Security
Available for: macOS Big Sur
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was
addressed by removing the vulnerable code.
CVE-2021-30737: xerub
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
perform denial of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
Software Update
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window during a software update
Description: This issue was addressed with improved checks.
CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro
SoftwareUpdate
Available for: macOS Big Sur
Impact: A non-privileged user may be able to modify restricted
settings
Description: This issue was addressed with improved checks.
CVE-2021-30718: SiQian Wei of ByteDance Security
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to send unauthorized
Apple events to Finder
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy
preferences. Apple is aware of a report that this issue may have been
actively exploited.
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30713: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed
with improved tracking of security origins.
CVE-2021-30744: Dan Hite of jsontop
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: macOS Big Sur
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: an anonymous researcher and 1lastBr3ath
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30689: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
WebKit
Available for: macOS Big Sur
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)
WebRTC
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference was addressed with improved
input validation.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google
Additional recognition
App Store
We would like to acknowledge Thijs Alkemade of Computest Research
Division for their assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-
financial TianQiong Security Lab for their assistance.
ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day
Initiative and an anonymous researcher for their assistance.
Mail Drafts
We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their
assistance.
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6
jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q
vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ
8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o
muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3
CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM
hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv
esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB
mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ
rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa
WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98
od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk=
=Avma
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-4724-1
February 08, 2021
openldap vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in OpenLDAP.
Software Description:
- openldap: Lightweight Directory Access Protocol
Details:
It was discovered that OpenLDAP incorrectly handled Certificate Exact
Assertion processing. (CVE-2020-36221)
It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing.
(CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
It was discovered that OpenLDAP incorrectly handled Return Filter control
handling. (CVE-2020-36227)
It was discovered that OpenLDAP incorrectly handled Certificate List
Extract Assertion processing.
(CVE-2020-36228)
It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. (CVE-2020-36229, CVE-2020-36230)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
slapd 2.4.53+dfsg-1ubuntu1.3
Ubuntu 20.04 LTS:
slapd 2.4.49+dfsg-2ubuntu1.6
Ubuntu 18.04 LTS:
slapd 2.4.45+dfsg-1ubuntu1.9
Ubuntu 16.04 LTS:
slapd 2.4.42+dfsg-2ubuntu3.12
In general, a standard system update will make all the necessary changes.
For the stable distribution (buster), these problems have been fixed in
version 2.4.47+dfsg-3+deb10u5.
We recommend that you upgrade your openldap packages
| VAR-202101-1242 | CVE-2020-36223 | OpenLDAP Out-of-bounds read vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). OpenLDAP There are out-of-bounds read vulnerabilities and double release vulnerabilities.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There are security vulnerabilities in OpenLDAP versions prior to 2.4.57. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-05-25-2 macOS Big Sur 11.4
macOS Big Sur 11.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212529.
AMD
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30678: Yu Wang of Didi Research America
AMD
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30676: shrek_wzw
App Store
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30688: Thijs Alkemade of Computest Research Division
AppleScript
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30669: Yair Hoffmann
Audio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day
Initiative
Audio
Available for: macOS Big Sur
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
Core Services
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock
Available for: macOS Big Sur
Impact: A malicious application may be able to access a user's call
history
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers
Available for: macOS Big Sur
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Graphics Drivers
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
Heimdal
Available for: macOS Big Sur
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue was addressed by removing
the vulnerable code.
CVE-2021-30719: an anonymous researcher working with Trend Micro Zero
Day Initiative
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: macOS Big Sur
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2021-30736: Ian Beer of Google Project Zero
Kernel
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kext Management
Available for: macOS Big Sur
Impact: A local user may be able to load unsigned kernel extensions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security
LaunchServices
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Login Window
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window
Description: A logic issue was addressed with improved state
management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Mail
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
misrepresent application state
Description: A logic issue was addressed with improved state
management.
CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster
University of Applied Sciences
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Big Sur
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36227
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36221
CVE-2020-36228
CVE-2020-36222
CVE-2020-36230
CVE-2020-36229
PackageKit
Available for: macOS Big Sur
Impact: A malicious application may be able to overwrite arbitrary
files
Description: An issue with path validation logic for hardlinks was
addressed with improved path sanitization.
CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl
(@theevilbit) of Offensive Security
Security
Available for: macOS Big Sur
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was
addressed by removing the vulnerable code.
CVE-2021-30737: xerub
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
perform denial of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
Software Update
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window during a software update
Description: This issue was addressed with improved checks.
CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro
SoftwareUpdate
Available for: macOS Big Sur
Impact: A non-privileged user may be able to modify restricted
settings
Description: This issue was addressed with improved checks.
CVE-2021-30718: SiQian Wei of ByteDance Security
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to send unauthorized
Apple events to Finder
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy
preferences. Apple is aware of a report that this issue may have been
actively exploited.
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30713: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed
with improved tracking of security origins.
CVE-2021-30744: Dan Hite of jsontop
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: macOS Big Sur
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: an anonymous researcher and 1lastBr3ath
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30689: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
WebKit
Available for: macOS Big Sur
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)
WebRTC
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference was addressed with improved
input validation.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google
Additional recognition
App Store
We would like to acknowledge Thijs Alkemade of Computest Research
Division for their assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-
financial TianQiong Security Lab for their assistance.
ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day
Initiative and an anonymous researcher for their assistance.
Mail Drafts
We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their
assistance.
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6
jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q
vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ
8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o
muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3
CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM
hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv
esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB
mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ
rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa
WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98
od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk=
=Avma
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-4724-1
February 08, 2021
openldap vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in OpenLDAP.
Software Description:
- openldap: Lightweight Directory Access Protocol
Details:
It was discovered that OpenLDAP incorrectly handled Certificate Exact
Assertion processing. (CVE-2020-36221)
It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. (CVE-2020-36223)
It was discovered that OpenLDAP incorrectly handled certain cancel
operations. (CVE-2020-36227)
It was discovered that OpenLDAP incorrectly handled Certificate List
Extract Assertion processing.
(CVE-2020-36228)
It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. (CVE-2020-36229, CVE-2020-36230)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
slapd 2.4.53+dfsg-1ubuntu1.3
Ubuntu 20.04 LTS:
slapd 2.4.49+dfsg-2ubuntu1.6
Ubuntu 18.04 LTS:
slapd 2.4.45+dfsg-1ubuntu1.9
Ubuntu 16.04 LTS:
slapd 2.4.42+dfsg-2ubuntu3.12
In general, a standard system update will make all the necessary changes.
For the stable distribution (buster), these problems have been fixed in
version 2.4.47+dfsg-3+deb10u5.
We recommend that you upgrade your openldap packages
| VAR-202101-1240 | CVE-2020-36221 | OpenLDAP Integer underflow vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). OpenLDAP Exists in an integer underflow vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There are security vulnerabilities in OpenLDAP versions prior to 2.4.57. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-05-25-2 macOS Big Sur 11.4
macOS Big Sur 11.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212529.
AMD
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30678: Yu Wang of Didi Research America
AMD
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30676: shrek_wzw
App Store
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30688: Thijs Alkemade of Computest Research Division
AppleScript
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30669: Yair Hoffmann
Audio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day
Initiative
Audio
Available for: macOS Big Sur
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
Core Services
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock
Available for: macOS Big Sur
Impact: A malicious application may be able to access a user's call
history
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers
Available for: macOS Big Sur
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Graphics Drivers
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
Heimdal
Available for: macOS Big Sur
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue was addressed by removing
the vulnerable code.
CVE-2021-30719: an anonymous researcher working with Trend Micro Zero
Day Initiative
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: macOS Big Sur
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2021-30736: Ian Beer of Google Project Zero
Kernel
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kext Management
Available for: macOS Big Sur
Impact: A local user may be able to load unsigned kernel extensions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security
LaunchServices
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Login Window
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window
Description: A logic issue was addressed with improved state
management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Mail
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
misrepresent application state
Description: A logic issue was addressed with improved state
management.
CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster
University of Applied Sciences
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Big Sur
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36227
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36221
CVE-2020-36228
CVE-2020-36222
CVE-2020-36230
CVE-2020-36229
PackageKit
Available for: macOS Big Sur
Impact: A malicious application may be able to overwrite arbitrary
files
Description: An issue with path validation logic for hardlinks was
addressed with improved path sanitization.
CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl
(@theevilbit) of Offensive Security
Security
Available for: macOS Big Sur
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was
addressed by removing the vulnerable code.
CVE-2021-30737: xerub
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
perform denial of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
Software Update
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window during a software update
Description: This issue was addressed with improved checks.
CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro
SoftwareUpdate
Available for: macOS Big Sur
Impact: A non-privileged user may be able to modify restricted
settings
Description: This issue was addressed with improved checks.
CVE-2021-30718: SiQian Wei of ByteDance Security
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to send unauthorized
Apple events to Finder
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy
preferences. Apple is aware of a report that this issue may have been
actively exploited.
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30713: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed
with improved tracking of security origins.
CVE-2021-30744: Dan Hite of jsontop
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: macOS Big Sur
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: an anonymous researcher and 1lastBr3ath
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30689: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
WebKit
Available for: macOS Big Sur
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)
WebRTC
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference was addressed with improved
input validation.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google
Additional recognition
App Store
We would like to acknowledge Thijs Alkemade of Computest Research
Division for their assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-
financial TianQiong Security Lab for their assistance.
ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day
Initiative and an anonymous researcher for their assistance.
Mail Drafts
We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their
assistance.
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6
jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q
vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ
8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o
muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3
CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM
hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv
esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB
mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ
rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa
WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98
od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk=
=Avma
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-4724-1
February 08, 2021
openldap vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in OpenLDAP. (CVE-2020-36221)
It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing.
(CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
It was discovered that OpenLDAP incorrectly handled Return Filter control
handling. (CVE-2020-36223)
It was discovered that OpenLDAP incorrectly handled certain cancel
operations.
(CVE-2020-36228)
It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. (CVE-2020-36229, CVE-2020-36230)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
slapd 2.4.53+dfsg-1ubuntu1.3
Ubuntu 20.04 LTS:
slapd 2.4.49+dfsg-2ubuntu1.6
Ubuntu 18.04 LTS:
slapd 2.4.45+dfsg-1ubuntu1.9
Ubuntu 16.04 LTS:
slapd 2.4.42+dfsg-2ubuntu3.12
In general, a standard system update will make all the necessary changes.
For the stable distribution (buster), these problems have been fixed in
version 2.4.47+dfsg-3+deb10u5.
We recommend that you upgrade your openldap packages
| VAR-202101-0495 | CVE-2020-28999 | Geeni GNC-CW013 Trust Management Issue Vulnerability |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH |
An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into a shared library (libhipcam.so) used to provide the streaming camera service
| VAR-202101-0394 | CVE-2020-27542 | Rostelecom CS-C2SHW In OS Command injection vulnerability |
CVSS V2: 4.6 CVSS V3: 6.8 Severity: MEDIUM |
Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code (including network settings). The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command (without any escaping). So bash injection is possible. Camera doesn't parse QR codes if it's already successfully configured. Camera is always rebooted after successful configuration via QR code. Rostelecom CS-C2SHW Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202101-0391 | CVE-2020-27539 | Rostelecom CS-C2SHW Out-of-bounds Vulnerability in Microsoft |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow (OOB write). In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerable code is unreachable and one more bug required to reach it. Rostelecom CS-C2SHW Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202101-1980 | No CVE | INHECO On Deck Thermal Cycler 8100100 has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
On Deck Thermal Cycler 8100100 is a temperature controller produced by INHECO, Germany, which supports Ethernet communication.
INHECO On Deck Thermal Cycler 8100100 has a denial of service vulnerability. Attackers can use this vulnerability to initiate a denial of service attack.