From 5bd5febe9a3802b5778b9d9260a4b0f1e5a84ffe Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Dec 2021 21:01:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/30xxx/CVE-2021-30965.json | 83 ++++++++++++++++++++- 2021/30xxx/CVE-2021-30967.json | 51 ++++++++++++- 2021/30xxx/CVE-2021-30968.json | 131 ++++++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30969.json | 67 ++++++++++++++++- 2021/30xxx/CVE-2021-30971.json | 99 ++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30973.json | 99 ++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30975.json | 83 ++++++++++++++++++++- 2021/30xxx/CVE-2021-30976.json | 83 ++++++++++++++++++++- 2021/30xxx/CVE-2021-30977.json | 83 ++++++++++++++++++++- 2021/30xxx/CVE-2021-30979.json | 99 ++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30980.json | 131 ++++++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30981.json | 83 ++++++++++++++++++++- 2021/30xxx/CVE-2021-30982.json | 83 ++++++++++++++++++++- 2021/30xxx/CVE-2021-30983.json | 51 ++++++++++++- 2021/30xxx/CVE-2021-30984.json | 115 ++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30985.json | 51 ++++++++++++- 2021/30xxx/CVE-2021-30986.json | 51 ++++++++++++- 2021/30xxx/CVE-2021-30987.json | 51 ++++++++++++- 2021/30xxx/CVE-2021-30988.json | 51 ++++++++++++- 2021/30xxx/CVE-2021-30990.json | 83 ++++++++++++++++++++- 2021/30xxx/CVE-2021-30991.json | 51 ++++++++++++- 2021/30xxx/CVE-2021-30992.json | 51 ++++++++++++- 2021/30xxx/CVE-2021-30993.json | 99 ++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30995.json | 131 ++++++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30996.json | 67 ++++++++++++++++- 2021/3xxx/CVE-2021-3621.json | 55 +++++++++++++- 2021/3xxx/CVE-2021-3622.json | 70 +++++++++++++++++- 2021/45xxx/CVE-2021-45470.json | 72 ++++++++++++++++++ 28 files changed, 2143 insertions(+), 81 deletions(-) create mode 100644 2021/45xxx/CVE-2021-45470.json diff --git a/2021/30xxx/CVE-2021-30965.json b/2021/30xxx/CVE-2021-30965.json index 8d16b9f9d2c..a631cddd4a5 100644 --- a/2021/30xxx/CVE-2021-30965.json +++ b/2021/30xxx/CVE-2021-30965.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30965", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to cause a denial of service to Endpoint Security clients" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to cause a denial of service to Endpoint Security clients." } ] } diff --git a/2021/30xxx/CVE-2021-30967.json b/2021/30xxx/CVE-2021-30967.json index b4286ab03a3..da34e1a41e2 100644 --- a/2021/30xxx/CVE-2021-30967.json +++ b/2021/30xxx/CVE-2021-30967.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30967", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local attacker may be able to read sensitive information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A local attacker may be able to read sensitive information." } ] } diff --git a/2021/30xxx/CVE-2021-30968.json b/2021/30xxx/CVE-2021-30968.json index 505651f6a7a..ce0a7f70a16 100644 --- a/2021/30xxx/CVE-2021-30968.json +++ b/2021/30xxx/CVE-2021-30968.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30968", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to bypass certain Privacy preferences" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A validation issue related to hard link behavior was addressed with improved sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to bypass certain Privacy preferences." } ] } diff --git a/2021/30xxx/CVE-2021-30969.json b/2021/30xxx/CVE-2021-30969.json index 0897f051b47..900f231caa8 100644 --- a/2021/30xxx/CVE-2021-30969.json +++ b/2021/30xxx/CVE-2021-30969.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30969", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A path handling issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk." } ] } diff --git a/2021/30xxx/CVE-2021-30971.json b/2021/30xxx/CVE-2021-30971.json index d987592d335..424daefd8aa 100644 --- a/2021/30xxx/CVE-2021-30971.json +++ b/2021/30xxx/CVE-2021-30971.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30971", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution." } ] } diff --git a/2021/30xxx/CVE-2021-30973.json b/2021/30xxx/CVE-2021-30973.json index bc82cca907c..d891479ef2f 100644 --- a/2021/30xxx/CVE-2021-30973.json +++ b/2021/30xxx/CVE-2021-30973.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30973", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted file may disclose user information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted file may disclose user information." } ] } diff --git a/2021/30xxx/CVE-2021-30975.json b/2021/30xxx/CVE-2021-30975.json index 0c402090c07..66c0f34e72f 100644 --- a/2021/30xxx/CVE-2021-30975.json +++ b/2021/30xxx/CVE-2021-30975.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30975", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions." } ] } diff --git a/2021/30xxx/CVE-2021-30976.json b/2021/30xxx/CVE-2021-30976.json index b566503566d..872e76df716 100644 --- a/2021/30xxx/CVE-2021-30976.json +++ b/2021/30xxx/CVE-2021-30976.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30976", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may bypass Gatekeeper checks" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks." } ] } diff --git a/2021/30xxx/CVE-2021-30977.json b/2021/30xxx/CVE-2021-30977.json index 3aed6c2ed45..1673d25ae5c 100644 --- a/2021/30xxx/CVE-2021-30977.json +++ b/2021/30xxx/CVE-2021-30977.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30977", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2021/30xxx/CVE-2021-30979.json b/2021/30xxx/CVE-2021-30979.json index 94687477074..8c3129f4782 100644 --- a/2021/30xxx/CVE-2021-30979.json +++ b/2021/30xxx/CVE-2021-30979.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30979", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution." } ] } diff --git a/2021/30xxx/CVE-2021-30980.json b/2021/30xxx/CVE-2021-30980.json index e37c039ab0c..afdac4db0ef 100644 --- a/2021/30xxx/CVE-2021-30980.json +++ b/2021/30xxx/CVE-2021-30980.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30980", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2021/30xxx/CVE-2021-30981.json b/2021/30xxx/CVE-2021-30981.json index 01d7b5f1c2b..893b6918bf5 100644 --- a/2021/30xxx/CVE-2021-30981.json +++ b/2021/30xxx/CVE-2021-30981.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30981", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2021/30xxx/CVE-2021-30982.json b/2021/30xxx/CVE-2021-30982.json index bfb05cc854d..409bd3d4b43 100644 --- a/2021/30xxx/CVE-2021-30982.json +++ b/2021/30xxx/CVE-2021-30982.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30982", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause unexpected application termination or heap corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A remote attacker may be able to cause unexpected application termination or heap corruption." } ] } diff --git a/2021/30xxx/CVE-2021-30983.json b/2021/30xxx/CVE-2021-30983.json index 4939c419671..f6b909c28f9 100644 --- a/2021/30xxx/CVE-2021-30983.json +++ b/2021/30xxx/CVE-2021-30983.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30983", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2021/30xxx/CVE-2021-30984.json b/2021/30xxx/CVE-2021-30984.json index e4caf247782..2decc9d70e1 100644 --- a/2021/30xxx/CVE-2021-30984.json +++ b/2021/30xxx/CVE-2021-30984.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30984", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212982", + "name": "https://support.apple.com/en-us/HT212982" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2021/30xxx/CVE-2021-30985.json b/2021/30xxx/CVE-2021-30985.json index debc246af6b..a0b987eadf0 100644 --- a/2021/30xxx/CVE-2021-30985.json +++ b/2021/30xxx/CVE-2021-30985.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30985", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2021/30xxx/CVE-2021-30986.json b/2021/30xxx/CVE-2021-30986.json index f125bfde9a8..9d51e631670 100644 --- a/2021/30xxx/CVE-2021-30986.json +++ b/2021/30xxx/CVE-2021-30986.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30986", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A device may be passively tracked by its Bluetooth MAC address" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A device configuration issue was addressed with an updated configuration. This issue is fixed in macOS Monterey 12.1. A device may be passively tracked by its Bluetooth MAC address." } ] } diff --git a/2021/30xxx/CVE-2021-30987.json b/2021/30xxx/CVE-2021-30987.json index 7eb64064322..d828daaefbe 100644 --- a/2021/30xxx/CVE-2021-30987.json +++ b/2021/30xxx/CVE-2021-30987.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30987", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A device may be passively tracked via BSSIDs" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.1. A device may be passively tracked via BSSIDs." } ] } diff --git a/2021/30xxx/CVE-2021-30988.json b/2021/30xxx/CVE-2021-30988.json index 90db6da1612..3ad7439a801 100644 --- a/2021/30xxx/CVE-2021-30988.json +++ b/2021/30xxx/CVE-2021-30988.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30988", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to identify what other applications a user has installed" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to identify what other applications a user has installed." } ] } diff --git a/2021/30xxx/CVE-2021-30990.json b/2021/30xxx/CVE-2021-30990.json index c36dc481e72..3c1a96fbf8e 100644 --- a/2021/30xxx/CVE-2021-30990.json +++ b/2021/30xxx/CVE-2021-30990.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30990", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may bypass Gatekeeper checks" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks." } ] } diff --git a/2021/30xxx/CVE-2021-30991.json b/2021/30xxx/CVE-2021-30991.json index 60e3ac8e309..810d5ef4ad2 100644 --- a/2021/30xxx/CVE-2021-30991.json +++ b/2021/30xxx/CVE-2021-30991.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30991", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2021/30xxx/CVE-2021-30992.json b/2021/30xxx/CVE-2021-30992.json index 78a626de528..875bfcaf136 100644 --- a/2021/30xxx/CVE-2021-30992.json +++ b/2021/30xxx/CVE-2021-30992.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30992", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "This issue was addressed with improved handling of file metadata. This issue is fixed in iOS 15.2 and iPadOS 15.2. A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata." } ] } diff --git a/2021/30xxx/CVE-2021-30993.json b/2021/30xxx/CVE-2021-30993.json index 8325a3fa752..cb6ba8c78ec 100644 --- a/2021/30xxx/CVE-2021-30993.json +++ b/2021/30xxx/CVE-2021-30993.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30993", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An attacker in a privileged network position may be able to execute arbitrary code" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. An attacker in a privileged network position may be able to execute arbitrary code." } ] } diff --git a/2021/30xxx/CVE-2021-30995.json b/2021/30xxx/CVE-2021-30995.json index cd3571ccd20..9b1bbc2aaf1 100644 --- a/2021/30xxx/CVE-2021-30995.json +++ b/2021/30xxx/CVE-2021-30995.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30995", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to elevate privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to elevate privileges." } ] } diff --git a/2021/30xxx/CVE-2021-30996.json b/2021/30xxx/CVE-2021-30996.json index 843fee41dfb..67740092a3c 100644 --- a/2021/30xxx/CVE-2021-30996.json +++ b/2021/30xxx/CVE-2021-30996.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30996", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2021/3xxx/CVE-2021-3621.json b/2021/3xxx/CVE-2021-3621.json index f8af5c9728d..33c9ba6409f 100644 --- a/2021/3xxx/CVE-2021-3621.json +++ b/2021/3xxx/CVE-2021-3621.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3621", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "sssd", + "version": { + "version_data": [ + { + "version_value": "sssd 2.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://sssd.io/release-notes/sssd-2.6.0.html", + "url": "https://sssd.io/release-notes/sssd-2.6.0.html" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1975142", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975142" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." } ] } diff --git a/2021/3xxx/CVE-2021-3622.json b/2021/3xxx/CVE-2021-3622.json index b2b2e82571a..236c6547c96 100644 --- a/2021/3xxx/CVE-2021-3622.json +++ b/2021/3xxx/CVE-2021-3622.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3622", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "hivex", + "version": { + "version_data": [ + { + "version_value": "hivex-1.3.21" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FEDORA", + "name": "FEDORA-2021-372d83d54e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USD4OEV6L3RPHE32V2MJ4JPFBODINWSU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-775b170f95", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S35TVTAPHORSUIFYNFBHKLQRPVFUPXBE/" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1975489", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975489" + }, + { + "refsource": "MISC", + "name": "https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255", + "url": "https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255" + }, + { + "refsource": "MISC", + "name": "https://listman.redhat.com/archives/libguestfs/2021-August/msg00002.html", + "url": "https://listman.redhat.com/archives/libguestfs/2021-August/msg00002.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability." } ] } diff --git a/2021/45xxx/CVE-2021-45470.json b/2021/45xxx/CVE-2021-45470.json new file mode 100644 index 00000000000..85e8646eda0 --- /dev/null +++ b/2021/45xxx/CVE-2021-45470.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-45470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS (regular expression denial of service) or other impacts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cve-search/cve-search/pull/629", + "refsource": "MISC", + "name": "https://github.com/cve-search/cve-search/pull/629" + }, + { + "url": "https://github.com/cve-search/cve-search/commit/c621f9f0693a728b93ff3b964f948a1d25917207", + "refsource": "MISC", + "name": "https://github.com/cve-search/cve-search/commit/c621f9f0693a728b93ff3b964f948a1d25917207" + }, + { + "url": "https://github.com/cve-search/cve-search/compare/v4.0...v4.1.0", + "refsource": "MISC", + "name": "https://github.com/cve-search/cve-search/compare/v4.0...v4.1.0" + } + ] + } +} \ No newline at end of file