(800) 989-2647

[email protected]

Security Advisories

Apple Products Could Allow for Arbitrary Code Execution

Fortify Security Team
Dec 14, 2021

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

  • iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
  • iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
  • macOS Monterey is the 18th and current major release of macOS.
  • macOS Big Sur is the 17th release of macOS.
  • macOS Catalina is the 16th major release of macOS
  • watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system.
  • tvOS is an operating system for fourth-generation Apple TV digital media player.

Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

THREAT INTELLIGENCE: There are no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • iOS and iPadOS prior to 15.2
  • macOS Monterey prior to 12.1
  • macOS Big Sur prior to 11.6.2
  • macOS Catalina prior to security update 2021-008
  • watchOS prior to 8.3
  • tvOS prior to 15.2

RISK:
Government:

  • Large and medium government entities: High
  • Small government entities: Medium

Businesses:

  • Large and medium business entities: High
  • Small business entities: Medium

Home users: Low

TECHNICAL SUMMARY:
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution in the context of the affected user. Details of these vulnerabilities are as follows:

  • iOS 15.2 and iPadOS 15.2
    • Audio
      • Parsing a maliciously crafted audio file may lead to disclosure of user information. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30960)
    • CFNetwork Profiles
      • User traffic might unexpectedly be leaked to a proxy server despite PAC configurations. A logic issue was addressed with improved state management. (CVE-2021-30966)
    • ColorSync
      • Processing a maliciously crafted image may lead to arbitrary code execution. A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. (CVE-2021-30926, CVE-2021-30942)
    • CoreAudio
      • Processing a maliciously crafted audio file may lead to arbitrary code execution. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30957)
      • Playing a malicious audio file may lead to arbitrary code execution. An out-of-bounds read was addressed with improved input validation. (CVE-2021-30958)
    • Crash Reporter
      • A local attacker may be able to elevate their privileges. This issue was addressed with improved checks. (CVE-2021-30945)
    • FaceTime
      • A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata. This issue was addressed with improved handling of file metadata. (CVE-2021-30992)
    • ImageIO
      • Processing a maliciously crafted image may lead to arbitrary code execution. An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30939)
    • IOMobileFrameBuffer
      • A malicious application may be able to execute arbitrary code with kernel privileges.
        1. A race condition was addressed with improved state handling. (CVE-2021-30996)
        2. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30983)
        3. An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2021-30985)
        4. An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30991)
    • Kernel
      • A malicious application may be able to execute arbitrary code with kernel privileges.
        1. A use after free issue was addressed with improved memory management. (CVE-2021-30937)
        2. A memory corruption issue was addressed with improved state management. (CVE-2021-30949)
        3. A race condition was addressed with improved state handling. (CVE-2021-30955)
      • An application may be able to execute arbitrary code with kernel privileges. A use after free issue was addressed with improved memory management. (CVE-2021-30927, CVE-2021-30980)
      • An attacker in a privileged network position may be able to execute arbitrary code. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30993)
    • Model I/O
      • Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
        1. An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2021-30971)
        2. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30979)
      • Processing a maliciously crafted file may disclose user information. An out-of-bounds read was addressed with improved input validation. (CVE-2021-30973)
      • Processing a maliciously crafted USD file may disclose memory contents.
        1. An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2021-30929)
        2. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30940, CVE-2021-30941)
    • NetworkExtension
      • A local attacker may be able to read sensitive information. A permissions issue was addressed with improved validation. (CVE-2021-30967)
      • A malicious application may be able to identify what other applications a user has installed. A permissions issue was addressed with improved validation. (CVE-2021-30988)
    • Notes
      • A person with physical access to an iOS device may be able to access contacts from the lock screen. The issue was addressed with improved permissions logic. (CVE-2021-30932)
    • Password Manager
      • A person with physical access to an iOS device may be able to access stored passwords without authentication. An inconsistent user interface issue was addressed with improved state management. (CVE-2021-30948)
    • Preferences
      • A malicious application may be able to elevate privileges. A race condition was addressed with improved state handling. (CVE-2021-30995)
    • Sandbox
      • A malicious application may be able to bypass certain Privacy preferences.
        1. A validation issue related to hard link behavior was addressed with improved sandbox restrictions. (CVE-2021-30968)
        2. A logic issue was addressed with improved restrictions. (CVE-2021-30946)
      • An application may be able to access a user’s files. An access issue was addressed with additional sandbox restrictions. (CVE-2021-30947)
    • TCC
      • A local user may be able to modify protected parts of the file system. A logic issue was addressed with improved state management. (CVE-2021-30767)
      • A malicious application may be able to bypass Privacy preferences. An inherited permissions issue was addressed with additional restrictions. (CVE-2021-30964)
    • WebKit
      • Processing maliciously crafted web content may lead to arbitrary code execution.
        1. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30934)
        2. A use after free issue was addressed with improved memory management. (CVE-2021-30936, CVE-2021-30951)
        3. An integer overflow was addressed with improved input validation. (CVE-2021-30952)
        4. A race condition was addressed with improved state handling. (CVE-2021-30984)
        5. An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30953)
        6. A type confusion issue was addressed with improved memory handling. (CVE-2021-30954)

macOS Monterey 12.1

    • Airport
      • A device may be passively tracked via BSSIDs. An access issue was addressed with improved access restrictions. (CVE-2021-30987)
    • Archive Utility
      • A malicious application may bypass Gatekeeper checks. A logic issue was addressed with improved state management. (CVE-2021-30950)
    • Audio
      • Parsing a maliciously crafted audio file may lead to disclosure of user information. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30960)
    • Bluetooth
      • A device may be passively tracked by its Bluetooth MAC address. A device configuration issue was addressed with an updated configuration. (CVE-2021-30986)
    • CFNetwork Proxies
      • User traffic might unexpectedly be leaked to a proxy server despite PAC configurations. A logic issue was addressed with improved state management. (CVE-2021-30966)
    • ColorSync
      • Processing a maliciously crafted image may lead to arbitrary code execution. A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. (CVE-2021-30926, CVE-2021-30942)
    • CoreAudio
      • Processing a maliciously crafted audio file may lead to arbitrary code execution. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30957)
      • Playing a malicious audio file may lead to arbitrary code execution. An out-of-bounds read was addressed with improved input validation. (CVE-2021-30958)
    • Crash Reporter
      • A local attacker may be able to elevate their privileges. This issue was addressed with improved checks. (CVE-2021-30945)
    • Graphics Divers
      • A malicious application may be able to execute arbitrary code with kernel privileges. A buffer overflow was addressed with improved bounds checking. (CVE-2021-30977)
    • ImageIO
      • Processing a maliciously crafted image may lead to arbitrary code execution. An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30939)
    • Intel Graphics Driver
      • An application may be able to execute arbitrary code with kernel privileges. A buffer overflow was addressed with improved bounds checking. (CVE-2021-30981)
    • IOMobileFrameBuffer
      • A malicious application may be able to execute arbitrary code with kernel privileges. A race condition was addressed with improved state handling. (CVE-2021-30996)
    • IOUSBHostFamily
      • A remote attacker may be able to cause unexpected application termination or heap corruption. A race condition was addressed with improved locking. (CVE-2021-30982)
    • Kernel
      • A malicious application may be able to execute arbitrary code with kernel privileges.
        1. A memory corruption vulnerability was addressed with improved locking. (CVE-2021-30937)
        2. A memory corruption issue was addressed with improved state management. (CVE-2021-30949)
        3. A race condition was addressed with improved state handling. (CVE-2021-30955)
      • An application may be able to execute arbitrary code with kernel privileges. A use after free issue was addressed with improved memory management. (CVE-2021-30927, CVE-2021-30980)
      • An attacker in a privileged network position may be able to execute arbitrary code. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30993)
    • LaunchServices
      • A malicious application may bypass Gatekeeper checks.
        1. A logic issue was addressed with improved state management. (CVE-2021-30976)
        2. A logic issue was addressed with improved validation. (CVE-2021-30990)
    • Model I/O
      • Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
        1. An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2021-30971)
        2. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30979)
      • Processing a maliciously crafted file may disclose user information. An out-of-bounds read was addressed with improved input validation. (CVE-2021-30973)
      • Processing a maliciously crafted USD file may disclose memory contents.
        1. An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2021-30929)
        2. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30940, CVE-2021-30941)
    • Preferences
      • A malicious application may be able to elevate privileges. A race condition was addressed with improved state handling. (CVE-2021-30995)
    • Sandbox
      • A malicious application may be able to bypass certain Privacy preferences.
        1. A validation issue related to hard link behavior was addressed with improved sandbox restrictions. (CVE-2021-30968)
        2. A logic issue was addressed with improved restrictions. (CVE-2021-30946)
      • An application may be able to access a user’s files. An access issue was addressed with additional sandbox restrictions. (CVE-2021-30947)
    • Script Editor
      • A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions. This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. (CVE-2021-30975)
    • TCC
      • A local user may be able to modify protected parts of the file system. A logic issue was addressed with improved state management. (CVE-2021-30767)
      • A malicious application may be able to bypass Privacy preferences.
        1. An inherited permissions issue was addressed with additional restrictions. (CVE-2021-30964)
        2. A logic issue was addressed with improved state management. (CVE-2021-30970)
      • A malicious application may be able to cause a denial of service to Endpoint Security clients. A logic issue was addressed with improved state management. (CVE-2021-30965)
    • WebKit
      • Processing maliciously crafted web content may lead to arbitrary code execution.
        1. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30934)
        2. A use after free issue was addressed with improved memory management. (CVE-2021-30936, CVE-2021-30951)
        3. An integer overflow was addressed with improved input validation. (CVE-2021-30952)
        4. A race condition was addressed with improved state handling. (CVE-2021-30984)
        5. An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30953)
        6. A type confusion issue was addressed with improved memory handling. (CVE-2021-30954)
    • Wi-Fi
      • A local user may be able to cause unexpected system termination or read kernel memory. This issue was addressed with improved checks. (CVE-2021-30938)
  • macOS Big Sur 11.6.2 and 2021-008 Catalina
    • Archive Utility
      • A malicious application may bypass Gatekeeper checks. A logic issue was addressed with improved state management. (CVE-2021-30950)
    • Bluetooth
      • A malicious application may be able to disclose kernel memory. A logic issue was addressed with improved validation. (CVE-2021-30931)
      • An application may be able to execute arbitrary code with kernel privileges. A logic issue was addressed with improved validation. (CVE-2021-30935)
    • ColorSync
      • Processing a maliciously crafted image may lead to arbitrary code execution. A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. (CVE-2021-30942)
    • CoreAudio
      • Playing a malicious audio file may lead to arbitrary code execution. An out-of-bounds read was addressed with improved input validation. (CVE-2021-30958)
      • Parsing a maliciously crafted audio file may lead to disclosure of user information. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30959, CVE-2021-30961, CVE-2021-30963)
    • Crash Reporter
      • A local attacker may be able to elevate their privileges. This issue was addressed with improved checks. (CVE-2021-30945)
    • Graphics Drivers
      • A malicious application may be able to execute arbitrary code with kernel privileges. A buffer overflow was addressed with improved bounds checking. (CVE-2021-30977)
    • Help Viewer
      • Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk. A path handling issue was addressed with improved validation. (CVE-2021-30969)
    • ImageIO
      • Processing a maliciously crafted image may lead to arbitrary code execution. An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30939)
    • Intel Graphics Driver
      • An application may be able to execute arbitrary code with kernel privileges. A buffer overflow was addressed with improved bounds checking. (CVE-2021-30981)
    • IOUSBHostFamily
      • A remote attacker may be able to cause unexpected application termination or heap corruption. A race condition was addressed with improved locking. (CVE-2021-30982)
    • Kernel
      • An application may be able to execute arbitrary code with kernel privileges. A use after free issue was addressed with improved memory management. (CVE-2021-30927, CVE-2021-30980)
      • A malicious application may be able to execute arbitrary code with kernel privileges.
        1. A memory corruption vulnerability was addressed with improved locking. (CVE-2021-30937)
        2. A memory corruption issue was addressed with improved state management. (CVE-2021-30949)
    • Launch Services
      • A malicious application may bypass Gatekeeper checks.
        1. A logic issue was addressed with improved validation. (CVE-2021-30990)
        2. A logic issue was addressed with improved state management. (CVE-2021-30976)
    • Model I/O
      • Processing a maliciously crafted USD file may disclose memory contents.
        1. An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2021-30929)
        2. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30940, CVE-2021-30941)
      • Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
        1. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30979)
        2. An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2021-30971)
      • Processing a maliciously crafted file may disclose user information. An out-of-bounds read was addressed with improved input validation. (CVE-2021-30973)
    • Preferences
      • A malicious application may be able to elevate privileges. A race condition was addressed with improved state handling. (CVE-2021-30995)
    • Sandbox
      • A malicious application may be able to bypass certain Privacy preferences. A validation issue related to hard link behavior was addressed with improved sandbox restrictions. (CVE-2021-30968)
    • Script Editor
      • A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions. This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. (CVE-2021-30975)
    • TCC
      • A local user may be able to modify protected parts of the file system. A logic issue was addressed with improved state management. (CVE-2021-30767)
      • A malicious application may be able to cause a denial of service to Endpoint Security clients. A logic issue was addressed with improved state management. (CVE-2021-30965)
    • Wi-Fi
      • A local user may be able to cause unexpected system termination or read kernel memory. This issue was addressed with improved checks. (CVE-2021-30938)

WatchOS 8.3 and tvOS 15.2

    • Audio
      • Parsing a maliciously crafted audio file may lead to disclosure of user information. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30960)
    • CFNetwork Proxies
      • User traffic might unexpectedly be leaked to a proxy server despite PAC configurations. A logic issue was addressed with improved state management. (CVE-2021-30966)
    • ColorSync
      • Processing a maliciously crafted image may lead to arbitrary code execution. A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. (CVE-2021-30926, CVE-2021-30942)
    • CoreAudio
      • Processing a maliciously crafted audio file may lead to arbitrary code execution. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30957)
      • Playing a malicious audio file may lead to arbitrary code execution. An out-of-bounds read was addressed with improved input validation. (CVE-2021-30958)
    • Crash Reporter
      • A local attacker may be able to elevate their privileges.
        1. This issue was addressed with improved checks. (CVE-2021-30945)
    • ImageIO
      • Processing a maliciously crafted image may lead to arbitrary code execution. An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30939)
    • Kernel
      • A malicious application may be able to execute arbitrary code with kernel privileges.
        1. A memory corruption issue was addressed with improved memory handling. (CVE-2021-30916)
        2. A memory corruption vulnerability was addressed with improved locking. (CVE-2021-30937)
        3. A use after free issue was addressed with improved memory management. (CVE-2021-30927, CVE-2021-30980)
        4. A memory corruption issue was addressed with improved state management. (CVE-2021-30949)
      • An attacker in a privileged network position may be able to execute arbitrary code. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30993)
      • A malicious application may be able to execute arbitrary code with kernel privileges. A race condition was addressed with improved state handling. (CVE-2021-30955)
    • Preferences
      • A malicious application may be able to elevate privileges. A race condition was addressed with improved state handling. (CVE-2021-30995)
    • Sandbox
      • A malicious application may be able to bypass certain Privacy preferences.
        1. A validation issue related to hard link behavior was addressed with improved sandbox restrictions. (CVE-2021-30968)
        2. A logic issue was addressed with improved restrictions. (CVE-2021-30946)
      • An application may be able to access a user’s files. An access issue was addressed with additional sandbox restrictions. (CVE-2021-30947)
    • TCC
      • A local user may be able to modify protected parts of the file system. A logic issue was addressed with improved state management. (CVE-2021-30767)
      • A malicious application may be able to bypass Privacy preferences. An inherited permissions issue was addressed with additional restrictions. (CVE-2021-30964)
    • WebKit
      • Processing maliciously crafted web content may lead to arbitrary code execution.
        1. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30934)
        2. A use after free issue was addressed with improved memory management. (CVE-2021-30936, CVE-2021-30951)
        3. An integer overflow was addressed with improved input validation. (CVE-2021-30952)
        4. A race condition was addressed with improved state handling. (CVE-2021-30984)
        5. An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30953)
        6. A type confusion issue was addressed with improved memory handling. (CVE-2021-30954)

Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate patches provided by Apple to vulnerable systems immediately after appropriate testing.
  • Run all software as a nonprivileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to download, accept or execute files from untrusted and unknown sources.
  • Remind users not to visit untrusted websites or follow links provided by untrusted or unknown sources.
  • Evaluate read, write, and execute permissions on all newly installed software.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:
Apple:
https://support.apple.com/en-us/HT212981
https://support.apple.com/en-us/HT212980
https://support.apple.com/en-us/HT212979
https://support.apple.com/en-us/HT212978
https://support.apple.com/en-us/HT212976
https://support.apple.com/en-us/HT212975

CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30985
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30948
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30767

Recent Posts

July 17, 2023

Jul 17, 2023 | ,

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Jul 14, 2023 | ,

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

Increased Truebot Activity Infects U.S. and Canada Based Networks

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) are releasing this joint Cybersecurity Advisory...