CVE-2021-30952 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 55%

Affected Products (NVD)

Vendor	Product	Version
apple	safari	𝑥 < 15.2
apple	ipados	𝑥 < 15.2
apple	iphone_os	𝑥 < 15.2
apple	macos	12.0 ≤ 𝑥 < 12.1
apple	tvos	𝑥 < 15.2
apple	watchos	𝑥 < 8.3
debian	debian_linux	10.0
debian	debian_linux	11.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

webkit2gtk

bookworm	2.44.2-1~deb12u1 fixed
bookworm (security)	2.46.0-2~deb12u1 fixed
bullseye	2.44.2-1~deb11u1 fixed
bullseye (security)	2.44.3-1~deb11u1 fixed
sid	2.46.3-1 fixed
stretch	ignored
trixie	2.46.2-1 fixed

wpewebkit

bookworm	2.38.6-1 fixed
bullseye	2.38.6-1~deb11u1 fixed
bullseye (security)	2.38.6-1~deb11u1 fixed
sid	2.46.3-1 fixed
stretch	ignored
trixie	2.46.3-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

qtwebkit-opensource-src

bionic	ignored
focal	ignored
impish	ignored
jammy	ignored
kinetic	ignored
lunar	ignored
mantic	ignored
noble	ignored
trusty	dne
xenial	ignored

qtwebkit-source

bionic	ignored
focal	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	dne
xenial	ignored

webkit2gtk

bionic	ignored
focal	Fixed 2.34.4-0ubuntu0.20.04.1 released
impish	Fixed 2.34.4-0ubuntu0.21.10.1 released
jammy	Fixed 2.35.2-1 released
kinetic	Fixed 2.35.2-1 released
lunar	Fixed 2.35.2-1 released
mantic	Fixed 2.35.2-1 released
noble	Fixed 2.35.2-1 released
trusty	dne
xenial	ignored

webkitgtk

bionic	ignored
focal	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	dne
xenial	ignored

wpewebkit

bionic	dne
focal	ignored
impish	ignored
jammy	ignored
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	dne
xenial	dne

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Vulnerability Media Exposure

[ENGLISH] Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
Google said it identified a "new and powerful" exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five full iOS exploit chains and a total of 23 exploits, Google Threat Intelligence Group (GTIG) said. It's not effective against the latest version of iOS. The findings were first reported by WIRED. "The
Published: 2026-03-04T18:58:00+05:30

References

http://www.openwall.com/lists/oss-security/2022/01/21/2

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/

https://support.apple.com/en-us/HT212975

https://support.apple.com/en-us/HT212976

https://support.apple.com/en-us/HT212978

https://support.apple.com/en-us/HT212980

https://support.apple.com/en-us/HT212982

https://www.debian.org/security/2022/dsa-5060

https://www.debian.org/security/2022/dsa-5061

http://www.openwall.com/lists/oss-security/2022/01/21/2

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/

https://support.apple.com/en-us/HT212975

https://support.apple.com/en-us/HT212976

https://support.apple.com/en-us/HT212978

https://support.apple.com/en-us/HT212980

https://support.apple.com/en-us/HT212982

https://www.debian.org/security/2022/dsa-5060

https://www.debian.org/security/2022/dsa-5061