Search criteria
3646 vulnerabilities found for iOS by Apple
CERTFR-2026-AVI-0563
Vulnerability from certfr_avis - Published: 2026-05-12 - Updated: 2026-05-12
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iPadOS | iPadOS versions antérieures à 26.5 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.7 | ||
| Apple | iPadOS | iPadOS versions antérieures à 15.8.8 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.7 | ||
| Apple | iPadOS | iPadOS versions antérieures à 17.7.11 | ||
| Apple | iPadOS | iPadOS versions antérieures à 18.7.9 | ||
| Apple | tvOS | tvOS versions antérieures à 26.5 | ||
| Apple | visionOS | visionOS versions antérieures à 26.5 | ||
| Apple | iPadOS | iPadOS versions antérieures à 16.7.16 | ||
| Apple | iOS | iOS versions antérieures à 16.7.16 | ||
| Apple | iOS | iOS versions antérieures à 18.7.9 | ||
| Apple | iOS | iOS versions antérieures à 26.5 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26.5 | ||
| Apple | watchOS | watchOS versions antérieures à 26.5 | ||
| Apple | iOS | iOS versions antérieures à 15.8.8 |
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.7",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 15.8.8",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.7",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 17.7.11",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.7.9",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 16.7.16",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 16.7.16",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.7.9",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": " iOS versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "watchOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 15.8.8",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-43668",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43668"
},
{
"name": "CVE-2026-28944",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28944"
},
{
"name": "CVE-2026-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1837"
},
{
"name": "CVE-2026-28930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28930"
},
{
"name": "CVE-2026-28976",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28976"
},
{
"name": "CVE-2026-43656",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43656"
},
{
"name": "CVE-2026-28988",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28988"
},
{
"name": "CVE-2026-28951",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28951"
},
{
"name": "CVE-2026-28901",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28901"
},
{
"name": "CVE-2026-28915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28915"
},
{
"name": "CVE-2026-28965",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28965"
},
{
"name": "CVE-2026-28913",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28913"
},
{
"name": "CVE-2026-28987",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28987"
},
{
"name": "CVE-2026-28994",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28994"
},
{
"name": "CVE-2026-28919",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28919"
},
{
"name": "CVE-2026-28882",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28882"
},
{
"name": "CVE-2026-43661",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43661"
},
{
"name": "CVE-2026-28959",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28959"
},
{
"name": "CVE-2026-28873",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28873"
},
{
"name": "CVE-2026-28947",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28947"
},
{
"name": "CVE-2026-43658",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43658"
},
{
"name": "CVE-2026-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28840"
},
{
"name": "CVE-2026-28920",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28920"
},
{
"name": "CVE-2026-28878",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28878"
},
{
"name": "CVE-2026-39871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39871"
},
{
"name": "CVE-2026-28961",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28961"
},
{
"name": "CVE-2026-28907",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28907"
},
{
"name": "CVE-2026-39869",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39869"
},
{
"name": "CVE-2025-43524",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43524"
},
{
"name": "CVE-2026-28953",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28953"
},
{
"name": "CVE-2026-39870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39870"
},
{
"name": "CVE-2026-28963",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28963"
},
{
"name": "CVE-2026-28936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28936"
},
{
"name": "CVE-2026-28955",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28955"
},
{
"name": "CVE-2026-28977",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28977"
},
{
"name": "CVE-2026-28940",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28940"
},
{
"name": "CVE-2026-28903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28903"
},
{
"name": "CVE-2026-28969",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28969"
},
{
"name": "CVE-2026-28848",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28848"
},
{
"name": "CVE-2026-28957",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28957"
},
{
"name": "CVE-2026-28819",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28819"
},
{
"name": "CVE-2026-28872",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28872"
},
{
"name": "CVE-2026-28846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28846"
},
{
"name": "CVE-2026-28902",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28902"
},
{
"name": "CVE-2026-28917",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28917"
},
{
"name": "CVE-2026-28964",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28964"
},
{
"name": "CVE-2026-28894",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28894"
},
{
"name": "CVE-2026-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28950"
},
{
"name": "CVE-2026-28986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28986"
},
{
"name": "CVE-2026-28925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28925"
},
{
"name": "CVE-2026-28943",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28943"
},
{
"name": "CVE-2026-28993",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28993"
},
{
"name": "CVE-2026-28924",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28924"
},
{
"name": "CVE-2026-28990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28990"
},
{
"name": "CVE-2026-28918",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28918"
},
{
"name": "CVE-2026-28996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28996"
},
{
"name": "CVE-2026-28905",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28905"
},
{
"name": "CVE-2026-28906",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28906"
},
{
"name": "CVE-2026-43655",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43655"
},
{
"name": "CVE-2026-28972",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28972"
},
{
"name": "CVE-2026-28941",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28941"
},
{
"name": "CVE-2026-28954",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28954"
},
{
"name": "CVE-2026-28877",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28877"
},
{
"name": "CVE-2026-28956",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28956"
},
{
"name": "CVE-2026-28974",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28974"
},
{
"name": "CVE-2026-43652",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43652"
},
{
"name": "CVE-2026-28908",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28908"
},
{
"name": "CVE-2026-43654",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43654"
},
{
"name": "CVE-2026-28929",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28929"
},
{
"name": "CVE-2026-28971",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28971"
},
{
"name": "CVE-2026-28985",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28985"
},
{
"name": "CVE-2026-28958",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28958"
},
{
"name": "CVE-2026-28995",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28995"
},
{
"name": "CVE-2026-28922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28922"
},
{
"name": "CVE-2026-43653",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43653"
},
{
"name": "CVE-2026-28914",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28914"
},
{
"name": "CVE-2026-28942",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28942"
},
{
"name": "CVE-2026-28946",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28946"
},
{
"name": "CVE-2026-28991",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28991"
},
{
"name": "CVE-2026-28952",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28952"
},
{
"name": "CVE-2026-28962",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28962"
},
{
"name": "CVE-2026-28983",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28983"
},
{
"name": "CVE-2026-43660",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43660"
},
{
"name": "CVE-2026-28904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28904"
},
{
"name": "CVE-2026-28978",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28978"
},
{
"name": "CVE-2026-28992",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28992"
},
{
"name": "CVE-2026-43659",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43659"
},
{
"name": "CVE-2026-28923",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28923"
},
{
"name": "CVE-2026-28870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28870"
},
{
"name": "CVE-2026-43666",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43666"
},
{
"name": "CVE-2026-28897",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28897"
},
{
"name": "CVE-2026-28883",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28883"
},
{
"name": "CVE-2026-28847",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28847"
}
],
"initial_release_date": "2026-05-12T00:00:00",
"last_revision_date": "2026-05-12T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0563",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127114",
"url": "https://support.apple.com/en-us/127114"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127117",
"url": "https://support.apple.com/en-us/127117"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127115",
"url": "https://support.apple.com/en-us/127115"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127118",
"url": "https://support.apple.com/en-us/127118"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127110",
"url": "https://support.apple.com/en-us/127110"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127111",
"url": "https://support.apple.com/en-us/127111"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127113",
"url": "https://support.apple.com/en-us/127113"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127116",
"url": "https://support.apple.com/en-us/127116"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127119",
"url": "https://support.apple.com/en-us/127119"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127120",
"url": "https://support.apple.com/en-us/127120"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127112",
"url": "https://support.apple.com/en-us/127112"
}
]
}
CERTFR-2026-AVI-0481
Vulnerability from certfr_avis - Published: 2026-04-23 - Updated: 2026-04-23
Une vulnérabilité a été découverte dans les produits Apple. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.7.8",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 26.4.2",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26.4.2",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.7.8",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28950"
}
],
"initial_release_date": "2026-04-23T00:00:00",
"last_revision_date": "2026-04-23T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0481",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Apple. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2026-04-22",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127003",
"url": "https://support.apple.com/en-us/127003"
},
{
"published_at": "2026-04-22",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127002",
"url": "https://support.apple.com/en-us/127002"
}
]
}
CERTFR-2026-AVI-0355
Vulnerability from certfr_avis - Published: 2026-03-25 - Updated: 2026-03-25
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iOS | iOS versions antérieures à 26.4 | ||
| Apple | iPadOS | iPadOS versions antérieures à 26.4 | ||
| Apple | iPadOS | iPadOS versions antérieures à 18.7.7 | ||
| Apple | Xcode | Xcode versions antérieures à 26.4 | ||
| Apple | visionOS | visionOS versions antérieures à 26.4 | ||
| Apple | watchOS | watchOS versions antérieures à 26.4 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26.4 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.5 | ||
| Apple | Safari | Safari versions antérieures à 26.4 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.5 | ||
| Apple | tvOS | tvOS versions antérieures à 26.4 | ||
| Apple | iOS | iOS versions antérieures à 18.7.7 |
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions ant\u00e9rieures \u00e0 26.4",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26.4",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.7.7",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 26.4",
"product": {
"name": "Xcode",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.4",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.4",
"product": {
"name": "watchOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 26.4",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.4",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.7.7",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-20684",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20684"
},
{
"name": "CVE-2026-28875",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28875"
},
{
"name": "CVE-2026-28862",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28862"
},
{
"name": "CVE-2026-20698",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20698"
},
{
"name": "CVE-2025-59775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59775"
},
{
"name": "CVE-2026-20664",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20664"
},
{
"name": "CVE-2026-20692",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20692"
},
{
"name": "CVE-2025-43376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43376"
},
{
"name": "CVE-2026-28879",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28879"
},
{
"name": "CVE-2026-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28834"
},
{
"name": "CVE-2026-28882",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28882"
},
{
"name": "CVE-2026-20631",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20631"
},
{
"name": "CVE-2025-55753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55753"
},
{
"name": "CVE-2026-28874",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28874"
},
{
"name": "CVE-2026-20665",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20665"
},
{
"name": "CVE-2026-28822",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28822"
},
{
"name": "CVE-2026-28827",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28827"
},
{
"name": "CVE-2026-28892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28892"
},
{
"name": "CVE-2026-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28895"
},
{
"name": "CVE-2026-28837",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28837"
},
{
"name": "CVE-2026-28878",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28878"
},
{
"name": "CVE-2026-28823",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28823"
},
{
"name": "CVE-2026-28845",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28845"
},
{
"name": "CVE-2026-28826",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28826"
},
{
"name": "CVE-2026-28886",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28886"
},
{
"name": "CVE-2026-28880",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28880"
},
{
"name": "CVE-2025-66200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66200"
},
{
"name": "CVE-2026-20687",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20687"
},
{
"name": "CVE-2026-28866",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28866"
},
{
"name": "CVE-2026-20697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20697"
},
{
"name": "CVE-2026-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28863"
},
{
"name": "CVE-2026-28817",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28817"
},
{
"name": "CVE-2026-20637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20637"
},
{
"name": "CVE-2026-20607",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20607"
},
{
"name": "CVE-2026-28889",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28889"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2026-28824",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28824"
},
{
"name": "CVE-2026-28844",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28844"
},
{
"name": "CVE-2026-20632",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20632"
},
{
"name": "CVE-2026-20668",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20668"
},
{
"name": "CVE-2026-28888",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28888"
},
{
"name": "CVE-2026-28852",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28852"
},
{
"name": "CVE-2026-28829",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28829"
},
{
"name": "CVE-2025-65082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65082"
},
{
"name": "CVE-2026-28861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28861"
},
{
"name": "CVE-2026-28894",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28894"
},
{
"name": "CVE-2026-28828",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28828"
},
{
"name": "CVE-2025-58098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58098"
},
{
"name": "CVE-2026-28871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28871"
},
{
"name": "CVE-2026-20688",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20688"
},
{
"name": "CVE-2026-20699",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20699"
},
{
"name": "CVE-2026-28831",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28831"
},
{
"name": "CVE-2026-28859",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28859"
},
{
"name": "CVE-2026-20694",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20694"
},
{
"name": "CVE-2026-20633",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20633"
},
{
"name": "CVE-2026-20657",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20657"
},
{
"name": "CVE-2026-28890",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28890"
},
{
"name": "CVE-2026-20651",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20651"
},
{
"name": "CVE-2026-20701",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20701"
},
{
"name": "CVE-2026-28816",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28816"
},
{
"name": "CVE-2026-28877",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28877"
},
{
"name": "CVE-2025-14524",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14524"
},
{
"name": "CVE-2026-20691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20691"
},
{
"name": "CVE-2026-28820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28820"
},
{
"name": "CVE-2026-28838",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28838"
},
{
"name": "CVE-2026-28842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28842"
},
{
"name": "CVE-2025-43534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43534"
},
{
"name": "CVE-2026-28825",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28825"
},
{
"name": "CVE-2026-28865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28865"
},
{
"name": "CVE-2026-20660",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20660"
},
{
"name": "CVE-2026-28857",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28857"
},
{
"name": "CVE-2026-20639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20639"
},
{
"name": "CVE-2026-20643",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20643"
},
{
"name": "CVE-2026-28818",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28818"
},
{
"name": "CVE-2026-20690",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20690"
},
{
"name": "CVE-2026-20693",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20693"
},
{
"name": "CVE-2026-28833",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28833"
},
{
"name": "CVE-2026-28876",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28876"
},
{
"name": "CVE-2026-20695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20695"
},
{
"name": "CVE-2026-28856",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28856"
},
{
"name": "CVE-2026-28891",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28891"
},
{
"name": "CVE-2026-28868",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28868"
},
{
"name": "CVE-2026-28841",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28841"
},
{
"name": "CVE-2026-28821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28821"
},
{
"name": "CVE-2026-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28835"
},
{
"name": "CVE-2026-28839",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28839"
},
{
"name": "CVE-2026-28867",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28867"
},
{
"name": "CVE-2026-28864",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28864"
},
{
"name": "CVE-2026-28832",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28832"
},
{
"name": "CVE-2026-28858",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28858"
},
{
"name": "CVE-2026-28870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28870"
},
{
"name": "CVE-2026-28893",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28893"
},
{
"name": "CVE-2026-28881",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28881"
}
],
"initial_release_date": "2026-03-25T00:00:00",
"last_revision_date": "2026-03-25T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0355",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126793",
"url": "https://support.apple.com/en-us/126793"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126794",
"url": "https://support.apple.com/en-us/126794"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126798",
"url": "https://support.apple.com/en-us/126798"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126800",
"url": "https://support.apple.com/en-us/126800"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126796",
"url": "https://support.apple.com/en-us/126796"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126792",
"url": "https://support.apple.com/en-us/126792"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126795",
"url": "https://support.apple.com/en-us/126795"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126799",
"url": "https://support.apple.com/en-us/126799"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126797",
"url": "https://support.apple.com/en-us/126797"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126801",
"url": "https://support.apple.com/en-us/126801"
}
]
}
CERTFR-2026-AVI-0313
Vulnerability from certfr_avis - Published: 2026-03-18 - Updated: 2026-03-18
Une vulnérabilité a été découverte dans les produits Apple. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26.3.1 (a)",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS versions ant\u00e9rieures \u00e0 26.3.1 (a)",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS versions ant\u00e9rieures \u00e0 26.3.2 (a)",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 26.3.1 (a)",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-20643",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20643"
}
],
"initial_release_date": "2026-03-18T00:00:00",
"last_revision_date": "2026-03-18T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0313",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Apple. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126604",
"url": "https://support.apple.com/en-us/126604"
}
]
}
CERTFR-2026-AVI-0280
Vulnerability from certfr_avis - Published: 2026-03-12 - Updated: 2026-03-12
De multiples vulnérabilités ont été découvertes dans les produits Apple. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 15.8.7",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 15.8.7",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 16.7.15",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 16.7.15",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23222"
},
{
"name": "CVE-2023-43010",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43010"
},
{
"name": "CVE-2023-41974",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41974"
},
{
"name": "CVE-2023-43000",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43000"
}
],
"initial_release_date": "2026-03-12T00:00:00",
"last_revision_date": "2026-03-12T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0280",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126646",
"url": "https://support.apple.com/en-us/126646"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126632",
"url": "https://support.apple.com/en-us/126632"
}
]
}
CERTFR-2026-AVI-0158
Vulnerability from certfr_avis - Published: 2026-02-12 - Updated: 2026-02-12
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Apple indique que la vulnérabilité CVE-2026-20700 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iOS | iOS versions antérieures à 26.3 | ||
| Apple | iPadOS | iPadOS versions antérieures à 18.7.5 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.4 | ||
| Apple | Safari | Safari versions antérieures à 26.3 | ||
| Apple | iOS | iOS versions antérieures à 18.7.5 | ||
| Apple | N/A | watchOS versions antérieures à 26.3 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.4 | ||
| Apple | N/A | tvOS versions antérieures à 26.3 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26.3 | ||
| Apple | iPadOS | iPadOS versions antérieures à 26.3 | ||
| Apple | N/A | visionOS versions antérieures à 26.3 |
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.7.5",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.7.5",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-20624",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20624"
},
{
"name": "CVE-2026-20652",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20652"
},
{
"name": "CVE-2026-20619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20619"
},
{
"name": "CVE-2026-20606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20606"
},
{
"name": "CVE-2026-20611",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20611"
},
{
"name": "CVE-2026-20617",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20617"
},
{
"name": "CVE-2025-43417",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43417"
},
{
"name": "CVE-2025-46310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46310"
},
{
"name": "CVE-2026-20625",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20625"
},
{
"name": "CVE-2026-20650",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20650"
},
{
"name": "CVE-2026-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20676"
},
{
"name": "CVE-2026-20626",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20626"
},
{
"name": "CVE-2026-20666",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20666"
},
{
"name": "CVE-2026-20662",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20662"
},
{
"name": "CVE-2025-43402",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43402"
},
{
"name": "CVE-2026-20658",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20658"
},
{
"name": "CVE-2026-20612",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20612"
},
{
"name": "CVE-2026-20655",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20655"
},
{
"name": "CVE-2026-20638",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20638"
},
{
"name": "CVE-2026-20682",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20682"
},
{
"name": "CVE-2026-20605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20605"
},
{
"name": "CVE-2026-20674",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20674"
},
{
"name": "CVE-2026-20642",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20642"
},
{
"name": "CVE-2026-20647",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20647"
},
{
"name": "CVE-2026-20628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20628"
},
{
"name": "CVE-2026-20646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20646"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2026-20608",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20608"
},
{
"name": "CVE-2026-20623",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20623"
},
{
"name": "CVE-2026-20615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20615"
},
{
"name": "CVE-2026-20630",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20630"
},
{
"name": "CVE-2026-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20677"
},
{
"name": "CVE-2026-20680",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20680"
},
{
"name": "CVE-2026-20661",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20661"
},
{
"name": "CVE-2026-20654",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20654"
},
{
"name": "CVE-2026-20673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20673"
},
{
"name": "CVE-2026-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20636"
},
{
"name": "CVE-2025-46305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46305"
},
{
"name": "CVE-2025-46283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46283"
},
{
"name": "CVE-2025-14174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
},
{
"name": "CVE-2026-20635",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20635"
},
{
"name": "CVE-2025-46303",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46303"
},
{
"name": "CVE-2025-46301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46301"
},
{
"name": "CVE-2026-20616",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20616"
},
{
"name": "CVE-2026-20653",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20653"
},
{
"name": "CVE-2026-20602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20602"
},
{
"name": "CVE-2025-46300",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46300"
},
{
"name": "CVE-2026-20656",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20656"
},
{
"name": "CVE-2026-20609",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20609"
},
{
"name": "CVE-2025-43338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43338"
},
{
"name": "CVE-2026-20627",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20627"
},
{
"name": "CVE-2026-20663",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20663"
},
{
"name": "CVE-2026-20621",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20621"
},
{
"name": "CVE-2026-20681",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20681"
},
{
"name": "CVE-2026-20678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20678"
},
{
"name": "CVE-2026-20667",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20667"
},
{
"name": "CVE-2025-43403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43403"
},
{
"name": "CVE-2026-20603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20603"
},
{
"name": "CVE-2025-46304",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46304"
},
{
"name": "CVE-2025-43537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43537"
},
{
"name": "CVE-2026-20620",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20620"
},
{
"name": "CVE-2026-20644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20644"
},
{
"name": "CVE-2025-43529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43529"
},
{
"name": "CVE-2025-46290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46290"
},
{
"name": "CVE-2026-20641",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20641"
},
{
"name": "CVE-2026-20649",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20649"
},
{
"name": "CVE-2025-46302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46302"
},
{
"name": "CVE-2026-20660",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20660"
},
{
"name": "CVE-2026-20648",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20648"
},
{
"name": "CVE-2026-20671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20671"
},
{
"name": "CVE-2026-20610",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20610"
},
{
"name": "CVE-2026-20618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20618"
},
{
"name": "CVE-2026-20700",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20700"
},
{
"name": "CVE-2026-20640",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20640"
},
{
"name": "CVE-2026-20601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20601"
},
{
"name": "CVE-2025-43533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43533"
},
{
"name": "CVE-2026-20629",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20629"
},
{
"name": "CVE-2026-20634",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20634"
},
{
"name": "CVE-2026-20669",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20669"
},
{
"name": "CVE-2026-20645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20645"
},
{
"name": "CVE-2026-20675",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20675"
},
{
"name": "CVE-2026-20614",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20614"
}
],
"initial_release_date": "2026-02-12T00:00:00",
"last_revision_date": "2026-02-12T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0158",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2026-20700 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126346",
"url": "https://support.apple.com/en-us/126346"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126353",
"url": "https://support.apple.com/en-us/126353"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126347",
"url": "https://support.apple.com/en-us/126347"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126352",
"url": "https://support.apple.com/en-us/126352"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126348",
"url": "https://support.apple.com/en-us/126348"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126349",
"url": "https://support.apple.com/en-us/126349"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126351",
"url": "https://support.apple.com/en-us/126351"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126350",
"url": "https://support.apple.com/en-us/126350"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126354",
"url": "https://support.apple.com/en-us/126354"
}
]
}
CERTFR-2025-AVI-1110
Vulnerability from certfr_avis - Published: 2025-12-15 - Updated: 2025-12-15
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Apple indique que les vulnérabilités CVE-2025-14174 et CVE-2025-43529 sont activement exploitées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.3 | ||
| Apple | watchOS | watchOS versions antérieures à 26.2 | ||
| Apple | iOS | iOS versions 26.x antérieures à 26.2 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26.2 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.3 | ||
| Apple | tvOS | tvOS versions antérieures à 26.2 | ||
| Apple | Safari | Safari versions antérieures à 26.2 | ||
| Apple | iOS | iOS versions 18.7.x antérieures à 18.7.3 | ||
| Apple | iPadOS | iPadOS versions 18.7.x antérieures à 18.7.3 | ||
| Apple | visionOS | visionOS versions antérieures à 26.2 | ||
| Apple | iPadOS | iPadOS versions 26.x antérieures à 26.2 |
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "watchOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 26.x ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 18.7.x ant\u00e9rieures \u00e0 18.7.3",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 18.7.x ant\u00e9rieures \u00e0 18.7.3",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 26.x ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-43517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43517"
},
{
"name": "CVE-2025-46291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46291"
},
{
"name": "CVE-2025-46282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46282"
},
{
"name": "CVE-2025-46292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46292"
},
{
"name": "CVE-2025-43539",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43539"
},
{
"name": "CVE-2025-43320",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43320"
},
{
"name": "CVE-2025-43536",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43536"
},
{
"name": "CVE-2025-43514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43514"
},
{
"name": "CVE-2025-46289",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46289"
},
{
"name": "CVE-2025-43511",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43511"
},
{
"name": "CVE-2025-46278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46278"
},
{
"name": "CVE-2025-43523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43523"
},
{
"name": "CVE-2024-8906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8906"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-43513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43513"
},
{
"name": "CVE-2025-43522",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43522"
},
{
"name": "CVE-2025-46279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46279"
},
{
"name": "CVE-2025-43416",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43416"
},
{
"name": "CVE-2025-43410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43410"
},
{
"name": "CVE-2025-43475",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43475"
},
{
"name": "CVE-2025-43542",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43542"
},
{
"name": "CVE-2025-46283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46283"
},
{
"name": "CVE-2025-14174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
},
{
"name": "CVE-2025-43519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43519"
},
{
"name": "CVE-2025-5918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5918"
},
{
"name": "CVE-2025-43526",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43526"
},
{
"name": "CVE-2025-46277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46277"
},
{
"name": "CVE-2025-43518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43518"
},
{
"name": "CVE-2025-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43527"
},
{
"name": "CVE-2025-46285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46285"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-43482",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43482"
},
{
"name": "CVE-2025-43532",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43532"
},
{
"name": "CVE-2025-43538",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43538"
},
{
"name": "CVE-2025-46288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46288"
},
{
"name": "CVE-2025-43541",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43541"
},
{
"name": "CVE-2025-43529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43529"
},
{
"name": "CVE-2025-43516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43516"
},
{
"name": "CVE-2025-46281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46281"
},
{
"name": "CVE-2025-43530",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43530"
},
{
"name": "CVE-2025-43501",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43501"
},
{
"name": "CVE-2025-46276",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46276"
},
{
"name": "CVE-2025-43533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43533"
},
{
"name": "CVE-2025-43428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43428"
},
{
"name": "CVE-2025-43512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43512"
},
{
"name": "CVE-2025-43535",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43535"
},
{
"name": "CVE-2025-43521",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43521"
},
{
"name": "CVE-2025-43531",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43531"
},
{
"name": "CVE-2025-46287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46287"
},
{
"name": "CVE-2025-43509",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43509"
},
{
"name": "CVE-2025-43463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43463"
}
],
"initial_release_date": "2025-12-15T00:00:00",
"last_revision_date": "2025-12-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1110",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que les vuln\u00e9rabilit\u00e9s CVE-2025-14174 et CVE-2025-43529 sont activement exploit\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125887",
"url": "https://support.apple.com/en-us/125887"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125891",
"url": "https://support.apple.com/en-us/125891"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125884",
"url": "https://support.apple.com/en-us/125884"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125886",
"url": "https://support.apple.com/en-us/125886"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125885",
"url": "https://support.apple.com/en-us/125885"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125889",
"url": "https://support.apple.com/en-us/125889"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125890",
"url": "https://support.apple.com/en-us/125890"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125892",
"url": "https://support.apple.com/en-us/125892"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125888",
"url": "https://support.apple.com/en-us/125888"
}
]
}
CERTFR-2025-AVI-0974
Vulnerability from certfr_avis - Published: 2025-11-06 - Updated: 2025-11-06
De multiples vulnérabilités ont été découvertes dans Apple iOS et iPadOS. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.7.2",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.7.2",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-43441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43441"
},
{
"name": "CVE-2025-43443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43443"
},
{
"name": "CVE-2025-43448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43448"
},
{
"name": "CVE-2025-43431",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43431"
},
{
"name": "CVE-2025-43496",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43496"
},
{
"name": "CVE-2025-43450",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43450"
},
{
"name": "CVE-2025-43384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43384"
},
{
"name": "CVE-2025-43434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43434"
},
{
"name": "CVE-2025-43503",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43503"
},
{
"name": "CVE-2025-43458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43458"
},
{
"name": "CVE-2025-43423",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43423"
},
{
"name": "CVE-2025-43392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43392"
},
{
"name": "CVE-2025-43386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43386"
},
{
"name": "CVE-2025-43493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43493"
},
{
"name": "CVE-2025-43418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43418"
},
{
"name": "CVE-2025-43435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43435"
},
{
"name": "CVE-2025-43442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43442"
},
{
"name": "CVE-2025-43377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43377"
},
{
"name": "CVE-2025-43438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43438"
},
{
"name": "CVE-2025-43429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43429"
},
{
"name": "CVE-2025-43385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43385"
},
{
"name": "CVE-2025-43444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43444"
},
{
"name": "CVE-2025-43365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43365"
},
{
"name": "CVE-2025-43495",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43495"
},
{
"name": "CVE-2025-43499",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43499"
},
{
"name": "CVE-2025-43445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43445"
},
{
"name": "CVE-2025-43399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43399"
},
{
"name": "CVE-2025-43383",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43383"
},
{
"name": "CVE-2025-43507",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43507"
},
{
"name": "CVE-2025-43433",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43433"
},
{
"name": "CVE-2025-43454",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43454"
},
{
"name": "CVE-2025-43439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43439"
},
{
"name": "CVE-2025-43389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43389"
},
{
"name": "CVE-2025-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43398"
}
],
"initial_release_date": "2025-11-06T00:00:00",
"last_revision_date": "2025-11-06T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0974",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple iOS et iPadOS. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS et iPadOS",
"vendor_advisories": [
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125633",
"url": "https://support.apple.com/en-us/125633"
}
]
}
CERTFR-2025-AVI-0961
Vulnerability from certfr_avis - Published: 2025-11-04 - Updated: 2025-11-04
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | macOS | macOS Tahoe versions antérieures à 26.1 | ||
| Apple | iPadOS | iPadOS versions antérieures à 26.1 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.2 | ||
| Apple | Safari | Safari versions antérieures à 26.1 | ||
| Apple | Xcode | Xcode versions antérieures à 26.1 | ||
| Apple | watchOS | watchOS versions antérieures à 26.1 | ||
| Apple | iOS | iOS versions antérieures à 26.1 | ||
| Apple | tvOS | tvOS versions antérieures à 26.1 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.2 | ||
| Apple | visionOS | visionOS versions antérieures à 26.1 |
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "Xcode",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "watchOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-43292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43292"
},
{
"name": "CVE-2025-43505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43505"
},
{
"name": "CVE-2025-43432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43432"
},
{
"name": "CVE-2025-43372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43372"
},
{
"name": "CVE-2025-43426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43426"
},
{
"name": "CVE-2025-43480",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43480"
},
{
"name": "CVE-2025-43449",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43449"
},
{
"name": "CVE-2025-43348",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43348"
},
{
"name": "CVE-2025-43351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43351"
},
{
"name": "CVE-2025-43373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43373"
},
{
"name": "CVE-2025-43441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43441"
},
{
"name": "CVE-2025-43443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43443"
},
{
"name": "CVE-2025-43476",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43476"
},
{
"name": "CVE-2025-30465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30465"
},
{
"name": "CVE-2025-43448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43448"
},
{
"name": "CVE-2025-43497",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43497"
},
{
"name": "CVE-2025-43446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43446"
},
{
"name": "CVE-2025-43500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43500"
},
{
"name": "CVE-2025-43431",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43431"
},
{
"name": "CVE-2025-43452",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43452"
},
{
"name": "CVE-2025-43504",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43504"
},
{
"name": "CVE-2025-43467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43467"
},
{
"name": "CVE-2025-43496",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43496"
},
{
"name": "CVE-2025-43420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43420"
},
{
"name": "CVE-2025-43450",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43450"
},
{
"name": "CVE-2025-43406",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43406"
},
{
"name": "CVE-2025-43402",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43402"
},
{
"name": "CVE-2025-43384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43384"
},
{
"name": "CVE-2025-43434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43434"
},
{
"name": "CVE-2025-43422",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43422"
},
{
"name": "CVE-2025-43503",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43503"
},
{
"name": "CVE-2025-43502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43502"
},
{
"name": "CVE-2025-43440",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43440"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2025-43427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43427"
},
{
"name": "CVE-2025-43394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43394"
},
{
"name": "CVE-2025-43335",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43335"
},
{
"name": "CVE-2025-43458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43458"
},
{
"name": "CVE-2025-43411",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43411"
},
{
"name": "CVE-2025-43469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43469"
},
{
"name": "CVE-2025-43498",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43498"
},
{
"name": "CVE-2025-43424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43424"
},
{
"name": "CVE-2025-43423",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43423"
},
{
"name": "CVE-2025-43472",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43472"
},
{
"name": "CVE-2025-43459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43459"
},
{
"name": "CVE-2025-43392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43392"
},
{
"name": "CVE-2025-43462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43462"
},
{
"name": "CVE-2025-43401",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43401"
},
{
"name": "CVE-2025-43386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43386"
},
{
"name": "CVE-2025-43493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43493"
},
{
"name": "CVE-2025-43481",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43481"
},
{
"name": "CVE-2025-43405",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43405"
},
{
"name": "CVE-2025-43506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43506"
},
{
"name": "CVE-2025-43322",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43322"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-43400",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43400"
},
{
"name": "CVE-2025-43468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43468"
},
{
"name": "CVE-2025-43395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43395"
},
{
"name": "CVE-2025-43421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43421"
},
{
"name": "CVE-2025-43435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43435"
},
{
"name": "CVE-2025-43464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43464"
},
{
"name": "CVE-2025-43442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43442"
},
{
"name": "CVE-2025-43377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43377"
},
{
"name": "CVE-2025-43438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43438"
},
{
"name": "CVE-2025-43460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43460"
},
{
"name": "CVE-2025-43429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43429"
},
{
"name": "CVE-2025-43407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43407"
},
{
"name": "CVE-2025-43334",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43334"
},
{
"name": "CVE-2025-43414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43414"
},
{
"name": "CVE-2025-43385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43385"
},
{
"name": "CVE-2025-43444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43444"
},
{
"name": "CVE-2025-43404",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43404"
},
{
"name": "CVE-2025-43495",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43495"
},
{
"name": "CVE-2025-43465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43465"
},
{
"name": "CVE-2025-43461",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43461"
},
{
"name": "CVE-2025-43294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43294"
},
{
"name": "CVE-2025-43390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43390"
},
{
"name": "CVE-2025-43499",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43499"
},
{
"name": "CVE-2025-43350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43350"
},
{
"name": "CVE-2025-43391",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43391"
},
{
"name": "CVE-2025-43378",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43378"
},
{
"name": "CVE-2025-43473",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43473"
},
{
"name": "CVE-2025-43445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43445"
},
{
"name": "CVE-2025-43338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43338"
},
{
"name": "CVE-2025-43409",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43409"
},
{
"name": "CVE-2025-43399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43399"
},
{
"name": "CVE-2025-43383",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43383"
},
{
"name": "CVE-2025-43474",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43474"
},
{
"name": "CVE-2025-43471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43471"
},
{
"name": "CVE-2025-43387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43387"
},
{
"name": "CVE-2025-43479",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43479"
},
{
"name": "CVE-2025-43447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43447"
},
{
"name": "CVE-2025-43477",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43477"
},
{
"name": "CVE-2025-43413",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43413"
},
{
"name": "CVE-2025-43507",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43507"
},
{
"name": "CVE-2025-43336",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43336"
},
{
"name": "CVE-2025-43433",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43433"
},
{
"name": "CVE-2025-43430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43430"
},
{
"name": "CVE-2025-43337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43337"
},
{
"name": "CVE-2025-43380",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43380"
},
{
"name": "CVE-2025-43397",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43397"
},
{
"name": "CVE-2025-43455",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43455"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2025-43412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43412"
},
{
"name": "CVE-2025-43388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43388"
},
{
"name": "CVE-2025-43396",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43396"
},
{
"name": "CVE-2025-43454",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43454"
},
{
"name": "CVE-2025-43439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43439"
},
{
"name": "CVE-2025-43381",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43381"
},
{
"name": "CVE-2025-43382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43382"
},
{
"name": "CVE-2025-43466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43466"
},
{
"name": "CVE-2025-43364",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43364"
},
{
"name": "CVE-2025-43393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43393"
},
{
"name": "CVE-2025-43389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43389"
},
{
"name": "CVE-2025-43457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43457"
},
{
"name": "CVE-2025-43361",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43361"
},
{
"name": "CVE-2025-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43398"
},
{
"name": "CVE-2025-31199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31199"
},
{
"name": "CVE-2025-43408",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43408"
},
{
"name": "CVE-2025-43379",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43379"
},
{
"name": "CVE-2025-6442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
},
{
"name": "CVE-2025-43425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43425"
},
{
"name": "CVE-2025-43478",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43478"
},
{
"name": "CVE-2025-43436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43436"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2025-43463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43463"
}
],
"initial_release_date": "2025-11-04T00:00:00",
"last_revision_date": "2025-11-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0961",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125639",
"url": "https://support.apple.com/en-us/125639"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125640",
"url": "https://support.apple.com/en-us/125640"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125634",
"url": "https://support.apple.com/en-us/125634"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125632",
"url": "https://support.apple.com/en-us/125632"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125638",
"url": "https://support.apple.com/en-us/125638"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125635",
"url": "https://support.apple.com/en-us/125635"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125641",
"url": "https://support.apple.com/en-us/125641"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125636",
"url": "https://support.apple.com/en-us/125636"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125637",
"url": "https://support.apple.com/en-us/125637"
}
]
}
CERTFR-2025-AVI-0831
Vulnerability from certfr_avis - Published: 2025-09-30 - Updated: 2025-09-30
Une vulnérabilité a été découverte dans les produits Apple. Elle permet à un attaquant de provoquer un déni de service à distance et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iPadOS | iPadOS versions antérieures à 26.0.1 | ||
| Apple | iOS | iOS versions antérieures à 18.7.1 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26.0.1 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.1 | ||
| Apple | iPadOS | iPadOS versions antérieures à 18.7.1 | ||
| Apple | iOS | iOS versions antérieures à 26.0.1 | ||
| Apple | visionOS | visionOS versions antérieures à 26.0.1 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.1 |
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26.0.1",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.7.1",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.0.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.7.1",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 26.0.1",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.0.1",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-43400",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43400"
}
],
"initial_release_date": "2025-09-30T00:00:00",
"last_revision_date": "2025-09-30T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0831",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Apple. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-09-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125327",
"url": "https://support.apple.com/en-us/125327"
},
{
"published_at": "2025-09-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125330",
"url": "https://support.apple.com/en-us/125330"
},
{
"published_at": "2025-09-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125329",
"url": "https://support.apple.com/en-us/125329"
},
{
"published_at": "2025-09-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125338",
"url": "https://support.apple.com/en-us/125338"
},
{
"published_at": "2025-09-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125328",
"url": "https://support.apple.com/en-us/125328"
},
{
"published_at": "2025-09-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125326",
"url": "https://support.apple.com/en-us/125326"
}
]
}
CERTFR-2025-AVI-0791
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Apple indique que la vulnérabilité CVE-2025-43300 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iOS | iOS versions 15.x antérieures à 15.8.5 | ||
| Apple | iOS | iOS versions 16.x antérieures à 16.7.12 | ||
| Apple | iOS | iOS versions 18.x antérieures à 18.7 | ||
| Apple | iOS | iOS versions antérieures à 26 | ||
| Apple | iPadOS | iPadOS versions 15.x antérieures à 15.8.5 | ||
| Apple | iPadOS | iPadOS versions 16.x antérieures à 16.7.12 | ||
| Apple | iPadOS | iPadOS versions 18.x antérieures à 18.7 | ||
| Apple | iPadOS | iPadOS versions antérieures à 26 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.8 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26 | ||
| Apple | Safari | Safari versions antérieures à 26 | ||
| Apple | tvOS | tvOS versions antérieures à 26 | ||
| Apple | visionOS | visionOS versions antérieures à 26 | ||
| Apple | watchOS | watchOS versions antérieures à 26 | ||
| Apple | Xcode | Xcode versions antérieures à 26 |
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions 15.x ant\u00e9rieures \u00e0 15.8.5",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 16.x ant\u00e9rieures \u00e0 16.7.12",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 18.x ant\u00e9rieures \u00e0 18.7",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 26",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 15.x ant\u00e9rieures \u00e0 15.8.5",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 16.x ant\u00e9rieures \u00e0 16.7.12",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 18.x ant\u00e9rieures \u00e0 18.7",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 26",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26",
"product": {
"name": "watchOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 26",
"product": {
"name": "Xcode",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-43292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43292"
},
{
"name": "CVE-2025-43372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43372"
},
{
"name": "CVE-2025-43332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43332"
},
{
"name": "CVE-2025-31270",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31270"
},
{
"name": "CVE-2025-43362",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43362"
},
{
"name": "CVE-2025-43319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43319"
},
{
"name": "CVE-2025-43340",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43340"
},
{
"name": "CVE-2025-43327",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43327"
},
{
"name": "CVE-2025-30468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30468"
},
{
"name": "CVE-2025-43359",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43359"
},
{
"name": "CVE-2025-43262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43262"
},
{
"name": "CVE-2024-27280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
},
{
"name": "CVE-2025-31269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31269"
},
{
"name": "CVE-2025-43354",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43354"
},
{
"name": "CVE-2025-43326",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43326"
},
{
"name": "CVE-2025-43204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43204"
},
{
"name": "CVE-2025-43273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43273"
},
{
"name": "CVE-2025-43347",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43347"
},
{
"name": "CVE-2025-43302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43302"
},
{
"name": "CVE-2025-43321",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43321"
},
{
"name": "CVE-2025-31254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31254"
},
{
"name": "CVE-2025-43299",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43299"
},
{
"name": "CVE-2025-43316",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43316"
},
{
"name": "CVE-2025-43263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43263"
},
{
"name": "CVE-2025-31255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31255"
},
{
"name": "CVE-2025-43375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43375"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-43355",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43355"
},
{
"name": "CVE-2025-43207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43207"
},
{
"name": "CVE-2025-43285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43285"
},
{
"name": "CVE-2025-43370",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43370"
},
{
"name": "CVE-2025-43312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43312"
},
{
"name": "CVE-2025-43317",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43317"
},
{
"name": "CVE-2025-31271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31271"
},
{
"name": "CVE-2025-43208",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43208"
},
{
"name": "CVE-2025-43283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43283"
},
{
"name": "CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"name": "CVE-2025-43277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43277"
},
{
"name": "CVE-2025-43325",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43325"
},
{
"name": "CVE-2025-43231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43231"
},
{
"name": "CVE-2025-24197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24197"
},
{
"name": "CVE-2025-43358",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43358"
},
{
"name": "CVE-2025-43328",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43328"
},
{
"name": "CVE-2025-43368",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43368"
},
{
"name": "CVE-2025-43315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43315"
},
{
"name": "CVE-2025-43331",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43331"
},
{
"name": "CVE-2025-43310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43310"
},
{
"name": "CVE-2025-43333",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43333"
},
{
"name": "CVE-2025-43203",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43203"
},
{
"name": "CVE-2025-43307",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43307"
},
{
"name": "CVE-2025-43297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43297"
},
{
"name": "CVE-2025-43190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43190"
},
{
"name": "CVE-2025-24088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24088"
},
{
"name": "CVE-2025-43293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43293"
},
{
"name": "CVE-2025-43343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43343"
},
{
"name": "CVE-2025-43294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43294"
},
{
"name": "CVE-2025-43286",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43286"
},
{
"name": "CVE-2025-43353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43353"
},
{
"name": "CVE-2025-43356",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43356"
},
{
"name": "CVE-2025-43330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43330"
},
{
"name": "CVE-2025-43272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43272"
},
{
"name": "CVE-2025-31259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31259"
},
{
"name": "CVE-2025-31268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31268"
},
{
"name": "CVE-2025-43366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43366"
},
{
"name": "CVE-2025-43298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43298"
},
{
"name": "CVE-2025-43369",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43369"
},
{
"name": "CVE-2025-43308",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43308"
},
{
"name": "CVE-2025-43346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43346"
},
{
"name": "CVE-2025-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
},
{
"name": "CVE-2025-43337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43337"
},
{
"name": "CVE-2025-24133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24133"
},
{
"name": "CVE-2025-43279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43279"
},
{
"name": "CVE-2025-43314",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43314"
},
{
"name": "CVE-2025-43300",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43300"
},
{
"name": "CVE-2025-43342",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43342"
},
{
"name": "CVE-2025-43349",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43349"
},
{
"name": "CVE-2025-43341",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43341"
},
{
"name": "CVE-2025-43301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43301"
},
{
"name": "CVE-2025-43318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43318"
},
{
"name": "CVE-2025-43344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43344"
},
{
"name": "CVE-2025-43311",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43311"
},
{
"name": "CVE-2025-43287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43287"
},
{
"name": "CVE-2025-43303",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43303"
},
{
"name": "CVE-2025-43304",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43304"
},
{
"name": "CVE-2025-43291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43291"
},
{
"name": "CVE-2025-43329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43329"
},
{
"name": "CVE-2025-43357",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43357"
},
{
"name": "CVE-2025-43367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43367"
},
{
"name": "CVE-2025-43371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43371"
},
{
"name": "CVE-2025-43295",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43295"
},
{
"name": "CVE-2025-43305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43305"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0791",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2025-43300 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125112",
"url": "https://support.apple.com/en-us/125112"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125116",
"url": "https://support.apple.com/en-us/125116"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125110",
"url": "https://support.apple.com/en-us/125110"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125115",
"url": "https://support.apple.com/en-us/125115"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125141",
"url": "https://support.apple.com/en-us/125141"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125117",
"url": "https://support.apple.com/en-us/125117"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125114",
"url": "https://support.apple.com/en-us/125114"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125108",
"url": "https://support.apple.com/en-us/125108"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125111",
"url": "https://support.apple.com/en-us/125111"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125109",
"url": "https://support.apple.com/en-us/125109"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125142",
"url": "https://support.apple.com/en-us/125142"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125113",
"url": "https://support.apple.com/en-us/125113"
}
]
}
CERTFR-2025-AVI-0716
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans les produits Apple. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Apple indique que la vulnérabilité CVE-2025-43300 est activement exploitée dans le cadre d'attaques ciblées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | macOS | macOS Sonoma versions antérieures à 14.7.8 | ||
| Apple | iPadOS | iPadOS versions antérieures à 17.7.10 | ||
| Apple | iOS | iOS versions antérieures à 18.6.2 | ||
| Apple | iPadOS | iPadOS versions antérieures à 18.6.2 | ||
| Apple | macOS | macOS Ventura versions antérieures à 13.7.8 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.6.1 |
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.7.8",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 17.7.10",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.6.2",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.6.2",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.7.8",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.6.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-43300",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43300"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0716",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Apple. Elle permet \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2025-43300 est activement exploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 124925",
"url": "https://support.apple.com/en-us/124925"
},
{
"published_at": "2025-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 124928",
"url": "https://support.apple.com/en-us/124928"
},
{
"published_at": "2025-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 124926",
"url": "https://support.apple.com/en-us/124926"
},
{
"published_at": "2025-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 124929",
"url": "https://support.apple.com/en-us/124929"
},
{
"published_at": "2025-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 124927",
"url": "https://support.apple.com/en-us/124927"
}
]
}
CERTFR-2025-AVI-0640
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.
Google indique que la vulnérabilité CVE-2025-6558 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | tvOS versions antérieures à 18.6 | ||
| Apple | iOS | iOS versions antérieures à 18.6 | ||
| Apple | N/A | visionOS versions antérieures à 2.6 | ||
| Apple | iPadOS | iPadOS versions 18.x antérieures à 18.6 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.6 | ||
| Apple | iPadOS | iPadOS versions antérieures à 17.7.9 | ||
| Apple | macOS | macOS Ventura versions antérieures à 13.7.7 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.7.7 | ||
| Apple | N/A | watchOS versions antérieures à 11.6 |
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "tvOS versions ant\u00e9rieures \u00e0 18.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.6",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 2.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 18.x ant\u00e9rieures \u00e0 18.6",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.6",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 17.7.9",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.7.7",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.7.7",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 11.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-24224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24224"
},
{
"name": "CVE-2025-43241",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43241"
},
{
"name": "CVE-2025-31277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31277"
},
{
"name": "CVE-2025-43206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43206"
},
{
"name": "CVE-2025-43222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43222"
},
{
"name": "CVE-2025-43251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43251"
},
{
"name": "CVE-2025-31273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31273"
},
{
"name": "CVE-2025-43191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43191"
},
{
"name": "CVE-2025-43189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43189"
},
{
"name": "CVE-2025-43234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43234"
},
{
"name": "CVE-2025-43254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43254"
},
{
"name": "CVE-2025-43245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43245"
},
{
"name": "CVE-2025-43214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43214"
},
{
"name": "CVE-2025-43212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43212"
},
{
"name": "CVE-2025-43274",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43274"
},
{
"name": "CVE-2025-43192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43192"
},
{
"name": "CVE-2025-43266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43266"
},
{
"name": "CVE-2025-43273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43273"
},
{
"name": "CVE-2025-43275",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43275"
},
{
"name": "CVE-2025-43224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43224"
},
{
"name": "CVE-2025-43252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43252"
},
{
"name": "CVE-2025-43239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43239"
},
{
"name": "CVE-2025-43197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43197"
},
{
"name": "CVE-2025-43235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43235"
},
{
"name": "CVE-2025-43243",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43243"
},
{
"name": "CVE-2025-43240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43240"
},
{
"name": "CVE-2025-43256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43256"
},
{
"name": "CVE-2025-43236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43236"
},
{
"name": "CVE-2025-31279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31279"
},
{
"name": "CVE-2025-43202",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43202"
},
{
"name": "CVE-2025-43259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43259"
},
{
"name": "CVE-2025-43270",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43270"
},
{
"name": "CVE-2025-43210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43210"
},
{
"name": "CVE-2025-43193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43193"
},
{
"name": "CVE-2025-43227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43227"
},
{
"name": "CVE-2025-31278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31278"
},
{
"name": "CVE-2025-43237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43237"
},
{
"name": "CVE-2025-43225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43225"
},
{
"name": "CVE-2025-31243",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31243"
},
{
"name": "CVE-2025-43253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43253"
},
{
"name": "CVE-2025-43217",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43217"
},
{
"name": "CVE-2025-43257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43257"
},
{
"name": "CVE-2025-43277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43277"
},
{
"name": "CVE-2025-31281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31281"
},
{
"name": "CVE-2025-43219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43219"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2025-43233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43233"
},
{
"name": "CVE-2025-24220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24220"
},
{
"name": "CVE-2025-24119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24119"
},
{
"name": "CVE-2025-31275",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31275"
},
{
"name": "CVE-2025-31229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31229"
},
{
"name": "CVE-2025-43199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43199"
},
{
"name": "CVE-2025-43220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43220"
},
{
"name": "CVE-2025-31280",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31280"
},
{
"name": "CVE-2025-43255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43255"
},
{
"name": "CVE-2025-43229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43229"
},
{
"name": "CVE-2025-43211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43211"
},
{
"name": "CVE-2025-43209",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43209"
},
{
"name": "CVE-2025-43186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43186"
},
{
"name": "CVE-2025-6558",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6558"
},
{
"name": "CVE-2025-43249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43249"
},
{
"name": "CVE-2025-43228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43228"
},
{
"name": "CVE-2025-43188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43188"
},
{
"name": "CVE-2025-43265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43265"
},
{
"name": "CVE-2025-43264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43264"
},
{
"name": "CVE-2025-43268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43268"
},
{
"name": "CVE-2025-43248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43248"
},
{
"name": "CVE-2025-43247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43247"
},
{
"name": "CVE-2025-43213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43213"
},
{
"name": "CVE-2025-43216",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43216"
},
{
"name": "CVE-2025-43232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43232"
},
{
"name": "CVE-2025-31276",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31276"
},
{
"name": "CVE-2025-43261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43261"
},
{
"name": "CVE-2025-43276",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43276"
},
{
"name": "CVE-2025-43226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43226"
},
{
"name": "CVE-2025-43223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43223"
},
{
"name": "CVE-2025-43246",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43246"
},
{
"name": "CVE-2025-43260",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43260"
},
{
"name": "CVE-2025-43215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43215"
},
{
"name": "CVE-2025-43238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43238"
},
{
"name": "CVE-2025-43198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43198"
},
{
"name": "CVE-2025-43230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43230"
},
{
"name": "CVE-2025-43250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43250"
},
{
"name": "CVE-2025-43196",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43196"
},
{
"name": "CVE-2025-43218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43218"
},
{
"name": "CVE-2025-24188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24188"
},
{
"name": "CVE-2025-7424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7424"
},
{
"name": "CVE-2025-43194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43194"
},
{
"name": "CVE-2025-43267",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43267"
},
{
"name": "CVE-2025-43195",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43195"
},
{
"name": "CVE-2025-43185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43185"
},
{
"name": "CVE-2025-43184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43184"
},
{
"name": "CVE-2025-43244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43244"
},
{
"name": "CVE-2025-43187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43187"
},
{
"name": "CVE-2025-43221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43221"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0640",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-30T00:00:00.000000"
},
{
"description": "Google indique que la vuln\u00e9rabilit\u00e9 CVE-2025-6558 est activement exploit\u00e9e.",
"revision_date": "2025-07-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nGoogle indique que la vuln\u00e9rabilit\u00e9 CVE-2025-6558 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 124150",
"url": "https://support.apple.com/en-us/124150"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 124155",
"url": "https://support.apple.com/en-us/124155"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 124149",
"url": "https://support.apple.com/en-us/124149"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 124151",
"url": "https://support.apple.com/en-us/124151"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 124147",
"url": "https://support.apple.com/en-us/124147"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 124153",
"url": "https://support.apple.com/en-us/124153"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 124154",
"url": "https://support.apple.com/en-us/124154"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 124148",
"url": "https://support.apple.com/en-us/124148"
}
]
}
CERTFR-2025-AVI-0393
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Apple indique que la vulnérabilité CVE-2025-31200 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | macOS | macOS Sonoma versions antérieures à 14.7.6 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.5 | ||
| Apple | iPadOS | iPadOS versions 18.x antérieures à 18.5 | ||
| Apple | N/A | watchOS versions antérieures à 11.5 | ||
| Apple | Safari | Safari versions antérieures à 18.5 | ||
| Apple | N/A | visionOS versions antérieures à 2.5 | ||
| Apple | macOS | macOS Ventura versions antérieures à 13.7.6 | ||
| Apple | iPadOS | iPadOS versions antérieures à 17.7.7 | ||
| Apple | iOS | iOS versions antérieures à 18.5 | ||
| Apple | N/A | tvOS versions antérieures à 18.5 |
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.7.6",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 18.x ant\u00e9rieures \u00e0 18.5",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 11.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 18.5",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.7.6",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 17.7.7",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.5",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 18.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31240"
},
{
"name": "CVE-2025-31247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31247"
},
{
"name": "CVE-2025-26465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26465"
},
{
"name": "CVE-2025-31221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31221"
},
{
"name": "CVE-2025-31209",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31209"
},
{
"name": "CVE-2025-24155",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24155"
},
{
"name": "CVE-2025-31204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31204"
},
{
"name": "CVE-2025-31227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31227"
},
{
"name": "CVE-2025-31218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31218"
},
{
"name": "CVE-2025-31228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31228"
},
{
"name": "CVE-2025-31226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31226"
},
{
"name": "CVE-2025-31212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31212"
},
{
"name": "CVE-2025-26466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26466"
},
{
"name": "CVE-2025-31208",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31208"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-24144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24144"
},
{
"name": "CVE-2025-30440",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30440"
},
{
"name": "CVE-2025-24142",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24142"
},
{
"name": "CVE-2025-24225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24225"
},
{
"name": "CVE-2025-31219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31219"
},
{
"name": "CVE-2025-31251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31251"
},
{
"name": "CVE-2025-31217",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31217"
},
{
"name": "CVE-2025-31241",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31241"
},
{
"name": "CVE-2025-31196",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31196"
},
{
"name": "CVE-2025-31234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31234"
},
{
"name": "CVE-2025-31245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31245"
},
{
"name": "CVE-2025-31220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31220"
},
{
"name": "CVE-2025-30442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30442"
},
{
"name": "CVE-2025-31235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31235"
},
{
"name": "CVE-2025-31200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31200"
},
{
"name": "CVE-2025-24097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24097"
},
{
"name": "CVE-2025-30448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30448"
},
{
"name": "CVE-2025-31249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31249"
},
{
"name": "CVE-2025-24274",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24274"
},
{
"name": "CVE-2025-31238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31238"
},
{
"name": "CVE-2025-24220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24220"
},
{
"name": "CVE-2025-31210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31210"
},
{
"name": "CVE-2025-31207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31207"
},
{
"name": "CVE-2025-31242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31242"
},
{
"name": "CVE-2025-31206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31206"
},
{
"name": "CVE-2025-31244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31244"
},
{
"name": "CVE-2025-24259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24259"
},
{
"name": "CVE-2025-31259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31259"
},
{
"name": "CVE-2025-31232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31232"
},
{
"name": "CVE-2025-31250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31250"
},
{
"name": "CVE-2025-31223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31223"
},
{
"name": "CVE-2025-31224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31224"
},
{
"name": "CVE-2025-31214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31214"
},
{
"name": "CVE-2025-31246",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31246"
},
{
"name": "CVE-2025-31213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31213"
},
{
"name": "CVE-2025-31256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31256"
},
{
"name": "CVE-2025-24258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24258"
},
{
"name": "CVE-2025-24111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24111"
},
{
"name": "CVE-2025-24222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24222"
},
{
"name": "CVE-2025-31225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31225"
},
{
"name": "CVE-2025-31205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31205"
},
{
"name": "CVE-2025-24223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24223"
},
{
"name": "CVE-2025-24213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24213"
},
{
"name": "CVE-2025-31260",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31260"
},
{
"name": "CVE-2025-31236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31236"
},
{
"name": "CVE-2025-31222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31222"
},
{
"name": "CVE-2025-31237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31237"
},
{
"name": "CVE-2025-31257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31257"
},
{
"name": "CVE-2025-31239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31239"
},
{
"name": "CVE-2025-31233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31233"
},
{
"name": "CVE-2025-30453",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30453"
},
{
"name": "CVE-2025-31258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31258"
},
{
"name": "CVE-2025-31253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31253"
},
{
"name": "CVE-2025-31215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31215"
},
{
"name": "CVE-2025-30443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30443"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0393",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2025-31200 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122404",
"url": "https://support.apple.com/en-us/122404"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122717",
"url": "https://support.apple.com/en-us/122717"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122405",
"url": "https://support.apple.com/en-us/122405"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122716",
"url": "https://support.apple.com/en-us/122716"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122718",
"url": "https://support.apple.com/en-us/122718"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122721",
"url": "https://support.apple.com/en-us/122721"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122720",
"url": "https://support.apple.com/en-us/122720"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122719",
"url": "https://support.apple.com/en-us/122719"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122722",
"url": "https://support.apple.com/en-us/122722"
}
]
}
CERTFR-2025-AVI-0325
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un contournement de la politique de sécurité.
Apple indique que les vulnérabilités CVE-2025-31200 et CVE-2025-31201 sont activement exploitées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "tvOS versions ant\u00e9rieures \u00e0 18.4.1",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.4.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 2.4.1",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 18.4.1",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31200"
},
{
"name": "CVE-2025-31201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31201"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0325",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire et un contournement de la politique de s\u00e9curit\u00e9.\n\nApple indique que les vuln\u00e9rabilit\u00e9s CVE-2025-31200 et CVE-2025-31201 sont activement exploit\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-04-16",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122282",
"url": "https://support.apple.com/en-us/122282"
},
{
"published_at": "2025-04-16",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122402",
"url": "https://support.apple.com/en-us/122402"
},
{
"published_at": "2025-04-16",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122400",
"url": "https://support.apple.com/en-us/122400"
},
{
"published_at": "2025-04-16",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122401",
"url": "https://support.apple.com/en-us/122401"
}
]
}
CERTFR-2025-AVI-0258
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Apple indique que les vulnérabilités CVE-2025-24200 et CVE-2025-24201 sont activement exploitées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iPadOS | iPadOS versions antérieures à 17.7.6 | ||
| Apple | iOS | iOS versions antérieures à 18.4 | ||
| Apple | N/A | Xcode versions antérieures à 16.3 | ||
| Apple | iOS | iOS versions antérieures à 16.7.11 | ||
| Apple | visionOS | visionOS versions antérieures à 2.4 | ||
| Apple | macOS | macOS Ventura versions antérieures à 13.7.5 | ||
| Apple | tvOS | tvOS versions antérieures à 18.4 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.4 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.7.5 | ||
| Apple | iPadOS | iPadOS versions antérieures à 18.4 | ||
| Apple | iOS | iOS versions antérieures à 15.8.4 | ||
| Apple | iPadOS | iPadOS versions antérieures à 16.7.11 | ||
| Apple | iPadOS | iPadOS versions antérieures à 15.8.4 | ||
| Apple | Safari | Safari versions antérieures à 18.4 |
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 17.7.6",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.4",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 16.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 16.7.11",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 2.4",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.7.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 18.4",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.7.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.4",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 15.8.4",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 16.7.11",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 15.8.4",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 18.4",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-24206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24206"
},
{
"name": "CVE-2024-54508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54508"
},
{
"name": "CVE-2025-24205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24205"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2025-24266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24266"
},
{
"name": "CVE-2024-54502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54502"
},
{
"name": "CVE-2025-24273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24273"
},
{
"name": "CVE-2025-30425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30425"
},
{
"name": "CVE-2025-24200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24200"
},
{
"name": "CVE-2025-24228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24228"
},
{
"name": "CVE-2025-24210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24210"
},
{
"name": "CVE-2025-24265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24265"
},
{
"name": "CVE-2025-24260",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24260"
},
{
"name": "CVE-2025-24249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24249"
},
{
"name": "CVE-2025-30455",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30455"
},
{
"name": "CVE-2025-30471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30471"
},
{
"name": "CVE-2025-30465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30465"
},
{
"name": "CVE-2025-24253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24253"
},
{
"name": "CVE-2025-30447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30447"
},
{
"name": "CVE-2025-30445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30445"
},
{
"name": "CVE-2025-24207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24207"
},
{
"name": "CVE-2025-24240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24240"
},
{
"name": "CVE-2025-24229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24229"
},
{
"name": "CVE-2025-24246",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24246"
},
{
"name": "CVE-2025-24182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24182"
},
{
"name": "CVE-2025-24279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24279"
},
{
"name": "CVE-2025-24271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24271"
},
{
"name": "CVE-2025-30469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30469"
},
{
"name": "CVE-2025-24178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24178"
},
{
"name": "CVE-2025-30463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30463"
},
{
"name": "CVE-2025-30457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30457"
},
{
"name": "CVE-2025-24126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24126"
},
{
"name": "CVE-2025-24204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24204"
},
{
"name": "CVE-2025-24216",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24216"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2025-30462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30462"
},
{
"name": "CVE-2025-30467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30467"
},
{
"name": "CVE-2025-24262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24262"
},
{
"name": "CVE-2025-24270",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24270"
},
{
"name": "CVE-2025-24194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24194"
},
{
"name": "CVE-2025-24267",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24267"
},
{
"name": "CVE-2025-24235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24235"
},
{
"name": "CVE-2025-24193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24193"
},
{
"name": "CVE-2025-24281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24281"
},
{
"name": "CVE-2025-24221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24221"
},
{
"name": "CVE-2025-24257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24257"
},
{
"name": "CVE-2025-31187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31187"
},
{
"name": "CVE-2025-30449",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30449"
},
{
"name": "CVE-2025-24263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24263"
},
{
"name": "CVE-2025-24191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24191"
},
{
"name": "CVE-2025-30464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30464"
},
{
"name": "CVE-2025-30429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30429"
},
{
"name": "CVE-2025-24280",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24280"
},
{
"name": "CVE-2025-30452",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30452"
},
{
"name": "CVE-2025-24085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24085"
},
{
"name": "CVE-2025-24203",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24203"
},
{
"name": "CVE-2025-24247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24247"
},
{
"name": "CVE-2025-24211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24211"
},
{
"name": "CVE-2025-24198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24198"
},
{
"name": "CVE-2025-24131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24131"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2025-24164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24164"
},
{
"name": "CVE-2025-24255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24255"
},
{
"name": "CVE-2025-24283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24283"
},
{
"name": "CVE-2024-48958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48958"
},
{
"name": "CVE-2025-24170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24170"
},
{
"name": "CVE-2025-24093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24093"
},
{
"name": "CVE-2025-24173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24173"
},
{
"name": "CVE-2025-24218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24218"
},
{
"name": "CVE-2025-24097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24097"
},
{
"name": "CVE-2025-30435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30435"
},
{
"name": "CVE-2024-40864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40864"
},
{
"name": "CVE-2025-24157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24157"
},
{
"name": "CVE-2025-24278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24278"
},
{
"name": "CVE-2025-24264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24264"
},
{
"name": "CVE-2025-24172",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24172"
},
{
"name": "CVE-2025-30451",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30451"
},
{
"name": "CVE-2025-24212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24212"
},
{
"name": "CVE-2025-24252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24252"
},
{
"name": "CVE-2025-24199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24199"
},
{
"name": "CVE-2025-24239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24239"
},
{
"name": "CVE-2025-24139",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24139"
},
{
"name": "CVE-2025-24237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24237"
},
{
"name": "CVE-2025-24254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24254"
},
{
"name": "CVE-2025-24226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24226"
},
{
"name": "CVE-2025-24238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24238"
},
{
"name": "CVE-2025-30450",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30450"
},
{
"name": "CVE-2025-24192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24192"
},
{
"name": "CVE-2025-24236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24236"
},
{
"name": "CVE-2025-24167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24167"
},
{
"name": "CVE-2025-24232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24232"
},
{
"name": "CVE-2025-31194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31194"
},
{
"name": "CVE-2025-30458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30458"
},
{
"name": "CVE-2025-24261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24261"
},
{
"name": "CVE-2025-30424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30424"
},
{
"name": "CVE-2025-30430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30430"
},
{
"name": "CVE-2025-30444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30444"
},
{
"name": "CVE-2025-24282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24282"
},
{
"name": "CVE-2025-24256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24256"
},
{
"name": "CVE-2025-24259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24259"
},
{
"name": "CVE-2025-24181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24181"
},
{
"name": "CVE-2025-31197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31197"
},
{
"name": "CVE-2025-24233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24233"
},
{
"name": "CVE-2025-24241",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24241"
},
{
"name": "CVE-2025-24215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24215"
},
{
"name": "CVE-2025-24214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24214"
},
{
"name": "CVE-2025-30439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30439"
},
{
"name": "CVE-2025-24113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24113"
},
{
"name": "CVE-2025-30460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30460"
},
{
"name": "CVE-2025-30434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30434"
},
{
"name": "CVE-2025-31192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31192"
},
{
"name": "CVE-2025-30428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30428"
},
{
"name": "CVE-2025-24196",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24196"
},
{
"name": "CVE-2025-24242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24242"
},
{
"name": "CVE-2025-30438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30438"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2025-30437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30437"
},
{
"name": "CVE-2025-30432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30432"
},
{
"name": "CVE-2024-54533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54533"
},
{
"name": "CVE-2025-24129",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24129"
},
{
"name": "CVE-2025-24217",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24217"
},
{
"name": "CVE-2025-24272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24272"
},
{
"name": "CVE-2025-24213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24213"
},
{
"name": "CVE-2025-24095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24095"
},
{
"name": "CVE-2025-30456",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30456"
},
{
"name": "CVE-2025-24209",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24209"
},
{
"name": "CVE-2025-24276",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24276"
},
{
"name": "CVE-2025-24179",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24179"
},
{
"name": "CVE-2025-24208",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24208"
},
{
"name": "CVE-2025-24190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24190"
},
{
"name": "CVE-2025-30441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30441"
},
{
"name": "CVE-2025-24248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24248"
},
{
"name": "CVE-2025-24243",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24243"
},
{
"name": "CVE-2025-31191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31191"
},
{
"name": "CVE-2025-31184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31184"
},
{
"name": "CVE-2025-24245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24245"
},
{
"name": "CVE-2025-30470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30470"
},
{
"name": "CVE-2025-31182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31182"
},
{
"name": "CVE-2025-24251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24251"
},
{
"name": "CVE-2025-24195",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24195"
},
{
"name": "CVE-2024-54543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54543"
},
{
"name": "CVE-2025-24250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24250"
},
{
"name": "CVE-2025-24234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24234"
},
{
"name": "CVE-2025-24180",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24180"
},
{
"name": "CVE-2025-24177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24177"
},
{
"name": "CVE-2025-30454",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30454"
},
{
"name": "CVE-2025-30461",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30461"
},
{
"name": "CVE-2025-24244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24244"
},
{
"name": "CVE-2025-24230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24230"
},
{
"name": "CVE-2025-24148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24148"
},
{
"name": "CVE-2025-24163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24163"
},
{
"name": "CVE-2025-24231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24231"
},
{
"name": "CVE-2025-24277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24277"
},
{
"name": "CVE-2025-24269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24269"
},
{
"name": "CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"name": "CVE-2025-24201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24201"
},
{
"name": "CVE-2025-31188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31188"
},
{
"name": "CVE-2025-24202",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24202"
},
{
"name": "CVE-2025-30446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30446"
},
{
"name": "CVE-2025-30433",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30433"
},
{
"name": "CVE-2025-30443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30443"
},
{
"name": "CVE-2025-30426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30426"
},
{
"name": "CVE-2025-30427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30427"
},
{
"name": "CVE-2025-31183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31183"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0258",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-01T00:00:00.000000"
},
{
"description": "Ajout de multiples identifiants CVE.",
"revision_date": "2025-04-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nApple indique que les vuln\u00e9rabilit\u00e9s CVE-2025-24200 et CVE-2025-24201 sont activement exploit\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122378",
"url": "https://support.apple.com/en-us/122378"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122371",
"url": "https://support.apple.com/en-us/122371"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122380",
"url": "https://support.apple.com/en-us/122380"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122379",
"url": "https://support.apple.com/en-us/122379"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122345",
"url": "https://support.apple.com/en-us/122345"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122373",
"url": "https://support.apple.com/en-us/122373"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122372",
"url": "https://support.apple.com/en-us/122372"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122377",
"url": "https://support.apple.com/en-us/122377"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122346",
"url": "https://support.apple.com/en-us/122346"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122374",
"url": "https://support.apple.com/en-us/122374"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122375",
"url": "https://support.apple.com/en-us/122375"
}
]
}
CERTFR-2025-AVI-0199
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans les produits Apple. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Apple indique que la vulnérabilité CVE-2025-24201 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.3.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.3.2",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 18.3.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 2.3.2",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.3.2",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-24201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24201"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0199",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Apple. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2025-24201 est activement exploit\u00e9e.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122284",
"url": "https://support.apple.com/en-us/122284"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122285",
"url": "https://support.apple.com/en-us/122285"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122281",
"url": "https://support.apple.com/en-us/122281"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122283",
"url": "https://support.apple.com/en-us/122283"
}
]
}
CERTFR-2025-AVI-0110
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans les produits Apple. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Apple indique que la vulnérabilité CVE-2025-24200 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.3.1",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 17.7.5",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.3.1",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-24200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24200"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0110",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Apple. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2025-24200 est activement exploit\u00e9e.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-02-09",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122174",
"url": "https://support.apple.com/en-us/122174"
},
{
"published_at": "2025-02-09",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122173",
"url": "https://support.apple.com/en-us/122173"
}
]
}
CERTFR-2024-AVI-1072
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iOS | iOS versions antérieures à 18.2 | ||
| Apple | watchOS | watchOS versions antérieures à 11.2 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.7.2 | ||
| Apple | tvOS | tvOS versions antérieures à 18.2 | ||
| Apple | iPadOS | iPadOS versions antérieures à 18.2 | ||
| Apple | iPadOS | iPadOS versions antérieures à 17.7.3 | ||
| Apple | visionOS | visionOS versions antérieures à 2.2 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.2 | ||
| Apple | Safari | Safari versions antérieures à 18.2 | ||
| Apple | macOS | macOS Ventura versions antérieures à 13.7.2 |
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS\u00a0versions ant\u00e9rieures \u00e0 18.2",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS\u00a0versions ant\u00e9rieures \u00e0 11.2",
"product": {
"name": "watchOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS\u00a0Sonoma\u00a0versions ant\u00e9rieures \u00e0 14.7.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS\u00a0versions ant\u00e9rieures \u00e0 18.2",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS\u00a0 versions ant\u00e9rieures \u00e0 18.2",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS\u00a0 versions ant\u00e9rieures \u00e0 17.7.3",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS\u00a0versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS\u00a0Sequoia\u00a0versions ant\u00e9rieures \u00e0 15.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 18.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS\u00a0Ventura\u00a0versions ant\u00e9rieures \u00e0 13.7.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-54513",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54513"
},
{
"name": "CVE-2024-54508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54508"
},
{
"name": "CVE-2024-54502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54502"
},
{
"name": "CVE-2024-54515",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54515"
},
{
"name": "CVE-2024-44243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44243"
},
{
"name": "CVE-2024-54505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54505"
},
{
"name": "CVE-2024-54529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54529"
},
{
"name": "CVE-2024-54498",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54498"
},
{
"name": "CVE-2024-54479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54479"
},
{
"name": "CVE-2024-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44224"
},
{
"name": "CVE-2024-54495",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54495"
},
{
"name": "CVE-2024-54514",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54514"
},
{
"name": "CVE-2024-54526",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54526"
},
{
"name": "CVE-2023-32395",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32395"
},
{
"name": "CVE-2024-54477",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54477"
},
{
"name": "CVE-2024-54506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54506"
},
{
"name": "CVE-2024-54485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54485"
},
{
"name": "CVE-2024-44225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44225"
},
{
"name": "CVE-2024-54486",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54486"
},
{
"name": "CVE-2024-54490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54490"
},
{
"name": "CVE-2024-54489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54489"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2024-54500",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54500"
},
{
"name": "CVE-2024-54465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54465"
},
{
"name": "CVE-2024-54484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54484"
},
{
"name": "CVE-2024-44248",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44248"
},
{
"name": "CVE-2024-54466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54466"
},
{
"name": "CVE-2024-44246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44246"
},
{
"name": "CVE-2024-54531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54531"
},
{
"name": "CVE-2024-54493",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54493"
},
{
"name": "CVE-2024-54494",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54494"
},
{
"name": "CVE-2024-54476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54476"
},
{
"name": "CVE-2024-54528",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54528"
},
{
"name": "CVE-2024-44220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44220"
},
{
"name": "CVE-2024-54503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54503"
},
{
"name": "CVE-2024-44201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44201"
},
{
"name": "CVE-2024-44300",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44300"
},
{
"name": "CVE-2024-54491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54491"
},
{
"name": "CVE-2024-54510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54510"
},
{
"name": "CVE-2024-54504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54504"
},
{
"name": "CVE-2024-54474",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54474"
},
{
"name": "CVE-2024-44291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44291"
},
{
"name": "CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"name": "CVE-2024-54527",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54527"
},
{
"name": "CVE-2024-44245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44245"
},
{
"name": "CVE-2024-54524",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54524"
},
{
"name": "CVE-2024-54501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54501"
},
{
"name": "CVE-2024-54492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54492"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1072",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121845",
"url": "https://support.apple.com/en-us/121845"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121837",
"url": "https://support.apple.com/en-us/121837"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121840",
"url": "https://support.apple.com/en-us/121840"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121846",
"url": "https://support.apple.com/en-us/121846"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121839",
"url": "https://support.apple.com/en-us/121839"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121838",
"url": "https://support.apple.com/en-us/121838"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121842",
"url": "https://support.apple.com/en-us/121842"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121843",
"url": "https://support.apple.com/en-us/121843"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121844",
"url": "https://support.apple.com/en-us/121844"
}
]
}
CERTFR-2024-AVI-1004
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Apple indique que les vulnérabilités CVE-2024-44308 et CVE-2024-44309 sont activement exploitées.
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "visionOS versions ant\u00e9rieures \u00e0 2.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS\u00a0et iPadOS versions ant\u00e9rieures \u00e0 17.7.2",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS\u00a0Sequoia versions ant\u00e9rieures \u00e0 15.1.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS\u00a0et iPadOS versions ant\u00e9rieures \u00e0 18.1.1",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari\u00a0versions ant\u00e9rieures \u00e0 18.1.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "Apple indique que les vuln\u00e9rabilit\u00e9s CVE-2024-44308 et CVE-2024-44309 sont activement exploit\u00e9es.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-44309",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44309"
},
{
"name": "CVE-2024-44308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44308"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1004",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121756",
"url": "https://support.apple.com/en-us/121756"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121753",
"url": "https://support.apple.com/en-us/121753"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121755",
"url": "https://support.apple.com/en-us/121755"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121752",
"url": "https://support.apple.com/en-us/121752"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121754",
"url": "https://support.apple.com/en-us/121754"
}
]
}
CERTFR-2024-AVI-0929
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | tvOS 18.1 versions antérieures à 18.1 | ||
| Apple | iOS | iOS et iPadOS versions antérieures à 18.1 | ||
| Apple | iOS | iOS et iPadOS versions antérieures à 17.7.1 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.1 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.7.1 | ||
| Apple | N/A | watchOS 11.1 versions antérieures à 11.1 | ||
| Apple | macOS | macOS Ventura versions antérieures à 13.7.1 | ||
| Apple | N/A | visionOS 2.1 versions antérieures à 2.1 |
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "tvOS\u00a018.1 versions ant\u00e9rieures \u00e0 18.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 18.1",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 17.7.1",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.7.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS\u00a011.1 versions ant\u00e9rieures \u00e0 11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.7.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS\u00a02.1 versions ant\u00e9rieures \u00e0 2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-44194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44194"
},
{
"name": "CVE-2024-44296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44296"
},
{
"name": "CVE-2024-44257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44257"
},
{
"name": "CVE-2024-44289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44289"
},
{
"name": "CVE-2024-44155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44155"
},
{
"name": "CVE-2024-44280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44280"
},
{
"name": "CVE-2024-44254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44254"
},
{
"name": "CVE-2024-44256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44256"
},
{
"name": "CVE-2024-44235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44235"
},
{
"name": "CVE-2024-44195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44195"
},
{
"name": "CVE-2024-44281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44281"
},
{
"name": "CVE-2024-44251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44251"
},
{
"name": "CVE-2024-44287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44287"
},
{
"name": "CVE-2024-44284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44284"
},
{
"name": "CVE-2024-44277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44277"
},
{
"name": "CVE-2024-44237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44237"
},
{
"name": "CVE-2024-44261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44261"
},
{
"name": "CVE-2024-44213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44213"
},
{
"name": "CVE-2024-44293",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44293"
},
{
"name": "CVE-2024-44223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44223"
},
{
"name": "CVE-2024-44295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44295"
},
{
"name": "CVE-2024-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44270"
},
{
"name": "CVE-2024-44215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44215"
},
{
"name": "CVE-2024-44244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
},
{
"name": "CVE-2024-44275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44275"
},
{
"name": "CVE-2024-44156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44156"
},
{
"name": "CVE-2024-44255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44255"
},
{
"name": "CVE-2024-44247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44247"
},
{
"name": "CVE-2024-44159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44159"
},
{
"name": "CVE-2024-44175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44175"
},
{
"name": "CVE-2024-44218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44218"
},
{
"name": "CVE-2024-44252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44252"
},
{
"name": "CVE-2024-44197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44197"
},
{
"name": "CVE-2024-44264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44264"
},
{
"name": "CVE-2024-44259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44259"
},
{
"name": "CVE-2024-44216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44216"
},
{
"name": "CVE-2024-40851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40851"
},
{
"name": "CVE-2024-44302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44302"
},
{
"name": "CVE-2024-40855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40855"
},
{
"name": "CVE-2024-38476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38476"
},
{
"name": "CVE-2024-44267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44267"
},
{
"name": "CVE-2024-44258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44258"
},
{
"name": "CVE-2024-44196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44196"
},
{
"name": "CVE-2024-44273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44273"
},
{
"name": "CVE-2024-44122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44122"
},
{
"name": "CVE-2024-44126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44126"
},
{
"name": "CVE-2024-44278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44278"
},
{
"name": "CVE-2024-38477",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38477"
},
{
"name": "CVE-2024-44292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44292"
},
{
"name": "CVE-2024-44239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44239"
},
{
"name": "CVE-2024-40867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40867"
},
{
"name": "CVE-2024-44137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44137"
},
{
"name": "CVE-2024-44279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44279"
},
{
"name": "CVE-2024-44263",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44263"
},
{
"name": "CVE-2024-44231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44231"
},
{
"name": "CVE-2024-40858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40858"
},
{
"name": "CVE-2024-44269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44269"
},
{
"name": "CVE-2024-44260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44260"
},
{
"name": "CVE-2024-44298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44298"
},
{
"name": "CVE-2024-44236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44236"
},
{
"name": "CVE-2024-44274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44274"
},
{
"name": "CVE-2024-44283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44283"
},
{
"name": "CVE-2024-44253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44253"
},
{
"name": "CVE-2024-44285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44285"
},
{
"name": "CVE-2024-44301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44301"
},
{
"name": "CVE-2024-44265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44265"
},
{
"name": "CVE-2024-44144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44144"
},
{
"name": "CVE-2024-44297",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44297"
},
{
"name": "CVE-2024-44262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44262"
},
{
"name": "CVE-2024-44222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44222"
},
{
"name": "CVE-2024-44294",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44294"
},
{
"name": "CVE-2024-39573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39573"
},
{
"name": "CVE-2024-44282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44282"
},
{
"name": "CVE-2024-44240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44240"
},
{
"name": "CVE-2024-44211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44211"
},
{
"name": "CVE-2024-44229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44229"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0929",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2024-10-28",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121566",
"url": "https://support.apple.com/en-us/121566"
},
{
"published_at": "2024-10-28",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121568",
"url": "https://support.apple.com/en-us/121568"
},
{
"published_at": "2024-10-28",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121565",
"url": "https://support.apple.com/en-us/121565"
},
{
"published_at": "2024-10-28",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121564",
"url": "https://support.apple.com/en-us/121564"
},
{
"published_at": "2024-10-28",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121563",
"url": "https://support.apple.com/en-us/121563"
},
{
"published_at": "2024-10-28",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121569",
"url": "https://support.apple.com/en-us/121569"
},
{
"published_at": "2024-10-28",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121567",
"url": "https://support.apple.com/en-us/121567"
},
{
"published_at": "2024-10-28",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121570",
"url": "https://support.apple.com/en-us/121570"
}
]
}
CERTFR-2024-AVI-0835
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 18.0.1",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-44204",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44204"
},
{
"name": "CVE-2024-44207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44207"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0835",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2024-10-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121373",
"url": "https://support.apple.com/en-us/121373"
}
]
}
CERTFR-2024-AVI-0785
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | tvOS versions antérieures à 18 | ||
| Apple | N/A | visionOS versions antérieures à 2 | ||
| Apple | iOS | iOS et iPadOS versions antérieures à 18 | ||
| Apple | iOS | iOS et iPadOS versions antérieures à 17.7 | ||
| Apple | N/A | Xcode versions antérieures à 16 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.7 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15 | ||
| Apple | macOS | macOS Ventura versions antérieures à 13.7 | ||
| Apple | Safari | Safari versions antérieures à 18 | ||
| Apple | N/A | watchOS 11 versions antérieures à 11 |
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "tvOS versions ant\u00e9rieures \u00e0 18",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS\u00a0versions ant\u00e9rieures \u00e0 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 18",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 17.7",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 16",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.7",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.7",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 18",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS\u00a011 versions ant\u00e9rieures \u00e0 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-44124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44124"
},
{
"name": "CVE-2024-44135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44135"
},
{
"name": "CVE-2024-40837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40837"
},
{
"name": "CVE-2023-5841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5841"
},
{
"name": "CVE-2023-4504",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4504"
},
{
"name": "CVE-2024-44191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44191"
},
{
"name": "CVE-2024-40856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40856"
},
{
"name": "CVE-2024-44146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44146"
},
{
"name": "CVE-2024-44181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44181"
},
{
"name": "CVE-2024-40863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40863"
},
{
"name": "CVE-2024-23237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23237"
},
{
"name": "CVE-2024-27879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27879"
},
{
"name": "CVE-2024-44183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44183"
},
{
"name": "CVE-2024-40866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40866"
},
{
"name": "CVE-2024-44184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44184"
},
{
"name": "CVE-2024-40857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40857"
},
{
"name": "CVE-2024-40842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40842"
},
{
"name": "CVE-2024-44131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44131"
},
{
"name": "CVE-2024-44178",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44178"
},
{
"name": "CVE-2024-44169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44169"
},
{
"name": "CVE-2024-44202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44202"
},
{
"name": "CVE-2024-41957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
},
{
"name": "CVE-2024-44167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44167"
},
{
"name": "CVE-2024-40844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40844"
},
{
"name": "CVE-2024-27869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27869"
},
{
"name": "CVE-2024-40791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40791"
},
{
"name": "CVE-2024-44189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44189"
},
{
"name": "CVE-2024-44187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44187"
},
{
"name": "CVE-2024-44158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44158"
},
{
"name": "CVE-2024-44171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44171"
},
{
"name": "CVE-2024-44177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44177"
},
{
"name": "CVE-2024-44170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44170"
},
{
"name": "CVE-2024-40825",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40825"
},
{
"name": "CVE-2024-40826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40826"
},
{
"name": "CVE-2024-27880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27880"
},
{
"name": "CVE-2024-44188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44188"
},
{
"name": "CVE-2024-40797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40797"
},
{
"name": "CVE-2024-44130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44130"
},
{
"name": "CVE-2024-44132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44132"
},
{
"name": "CVE-2024-39894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39894"
},
{
"name": "CVE-2024-44161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44161"
},
{
"name": "CVE-2024-40847",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40847"
},
{
"name": "CVE-2024-40838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40838"
},
{
"name": "CVE-2024-44164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44164"
},
{
"name": "CVE-2024-44186",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44186"
},
{
"name": "CVE-2024-44148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44148"
},
{
"name": "CVE-2024-44190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44190"
},
{
"name": "CVE-2024-44133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44133"
},
{
"name": "CVE-2024-27886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27886"
},
{
"name": "CVE-2024-40831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40831"
},
{
"name": "CVE-2024-40845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40845"
},
{
"name": "CVE-2024-40860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40860"
},
{
"name": "CVE-2024-44180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44180"
},
{
"name": "CVE-2024-40848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40848"
},
{
"name": "CVE-2024-44147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44147"
},
{
"name": "CVE-2024-44152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44152"
},
{
"name": "CVE-2024-40843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40843"
},
{
"name": "CVE-2024-44198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44198"
},
{
"name": "CVE-2024-40770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40770"
},
{
"name": "CVE-2024-44139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44139"
},
{
"name": "CVE-2024-44151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44151"
},
{
"name": "CVE-2024-44165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44165"
},
{
"name": "CVE-2024-40850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40850"
},
{
"name": "CVE-2024-44182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44182"
},
{
"name": "CVE-2024-27875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27875"
},
{
"name": "CVE-2024-44149",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44149"
},
{
"name": "CVE-2024-27858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27858"
},
{
"name": "CVE-2024-44154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44154"
},
{
"name": "CVE-2024-40840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40840"
},
{
"name": "CVE-2024-27874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27874"
},
{
"name": "CVE-2024-40841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40841"
},
{
"name": "CVE-2024-27876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27876"
},
{
"name": "CVE-2024-40859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40859"
},
{
"name": "CVE-2024-44153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44153"
},
{
"name": "CVE-2024-40846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40846"
},
{
"name": "CVE-2024-40814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40814"
},
{
"name": "CVE-2024-40852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40852"
},
{
"name": "CVE-2024-27795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27795"
},
{
"name": "CVE-2024-40861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40861"
},
{
"name": "CVE-2024-40862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40862"
},
{
"name": "CVE-2024-44128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44128"
},
{
"name": "CVE-2024-44176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44176"
},
{
"name": "CVE-2024-44162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44162"
},
{
"name": "CVE-2024-40830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40830"
},
{
"name": "CVE-2024-40801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40801"
},
{
"name": "CVE-2024-44163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44163"
},
{
"name": "CVE-2024-44129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44129"
},
{
"name": "CVE-2024-27860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27860"
},
{
"name": "CVE-2024-44166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44166"
},
{
"name": "CVE-2024-44168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44168"
},
{
"name": "CVE-2024-44134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44134"
},
{
"name": "CVE-2024-44125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44125"
},
{
"name": "CVE-2024-27861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27861"
},
{
"name": "CVE-2024-44127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44127"
},
{
"name": "CVE-2024-40790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40790"
},
{
"name": "CVE-2024-44160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44160"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0785",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2024-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121238",
"url": "https://support.apple.com/en-us/121238"
},
{
"published_at": "2024-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121240",
"url": "https://support.apple.com/en-us/121240"
},
{
"published_at": "2024-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121239",
"url": "https://support.apple.com/en-us/121239"
},
{
"published_at": "2024-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121246",
"url": "https://support.apple.com/en-us/121246"
},
{
"published_at": "2024-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121241",
"url": "https://support.apple.com/en-us/121241"
},
{
"published_at": "2024-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121250",
"url": "https://support.apple.com/en-us/121250"
},
{
"published_at": "2024-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121234",
"url": "https://support.apple.com/en-us/121234"
},
{
"published_at": "2024-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121247",
"url": "https://support.apple.com/en-us/121247"
},
{
"published_at": "2024-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121249",
"url": "https://support.apple.com/en-us/121249"
},
{
"published_at": "2024-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 121248",
"url": "https://support.apple.com/en-us/121248"
}
]
}
CVE-2026-20643 (GCVE-0-2026-20643)
Vulnerability from nvd – Published: 2026-03-17 22:29 – Updated: 2026-04-02 18:19| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Safari |
Affected:
0 , < 26.4
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
0 , < 18.7.7
(custom)
Affected: 0 , < 26.3.1 (a) (custom) Affected: 0 , < 26.4 (custom) |
|
| Apple | macOS |
Affected:
0 , < 26.3.1 (a)
(custom)
Affected: 0 , < 26.3.2 (a) (custom) Affected: 0 , < 26.4 (custom) |
|
| Apple | visionOS |
Affected:
0 , < 26.4
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-18T13:14:53.546083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T13:14:56.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-03-19T16:18:46.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2026/Mar/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.7.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.3.1 (a)",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.3.1 (a)",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.3.2 (a)",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may bypass Same Origin Policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may bypass Same Origin Policy",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:19:47.831Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/126604"
},
{
"url": "https://support.apple.com/en-us/126792"
},
{
"url": "https://support.apple.com/en-us/126793"
},
{
"url": "https://support.apple.com/en-us/126794"
},
{
"url": "https://support.apple.com/en-us/126799"
},
{
"url": "https://support.apple.com/en-us/126800"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2026-20643",
"datePublished": "2026-03-17T22:29:48.227Z",
"dateReserved": "2025-11-11T14:43:07.862Z",
"dateUpdated": "2026-04-02T18:19:47.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20643 (GCVE-0-2026-20643)
Vulnerability from cvelistv5 – Published: 2026-03-17 22:29 – Updated: 2026-04-02 18:19| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Safari |
Affected:
0 , < 26.4
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
0 , < 18.7.7
(custom)
Affected: 0 , < 26.3.1 (a) (custom) Affected: 0 , < 26.4 (custom) |
|
| Apple | macOS |
Affected:
0 , < 26.3.1 (a)
(custom)
Affected: 0 , < 26.3.2 (a) (custom) Affected: 0 , < 26.4 (custom) |
|
| Apple | visionOS |
Affected:
0 , < 26.4
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-18T13:14:53.546083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T13:14:56.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-03-19T16:18:46.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2026/Mar/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.7.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.3.1 (a)",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.3.1 (a)",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.3.2 (a)",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may bypass Same Origin Policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may bypass Same Origin Policy",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:19:47.831Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/126604"
},
{
"url": "https://support.apple.com/en-us/126792"
},
{
"url": "https://support.apple.com/en-us/126793"
},
{
"url": "https://support.apple.com/en-us/126794"
},
{
"url": "https://support.apple.com/en-us/126799"
},
{
"url": "https://support.apple.com/en-us/126800"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2026-20643",
"datePublished": "2026-03-17T22:29:48.227Z",
"dateReserved": "2025-11-11T14:43:07.862Z",
"dateUpdated": "2026-04-02T18:19:47.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-201804-1162
Vulnerability from variot - Updated: 2024-07-23 22:19An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of comparison operators in JIT. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201808-04
https://security.gentoo.org/
Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: August 22, 2018 Bugs: #652820, #658168, #662974 ID: 201808-04
Synopsis
Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4
Description
Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4"
References
[ 1 ] CVE-2018-11646 https://nvd.nist.gov/vuln/detail/CVE-2018-11646 [ 2 ] CVE-2018-11712 https://nvd.nist.gov/vuln/detail/CVE-2018-11712 [ 3 ] CVE-2018-11713 https://nvd.nist.gov/vuln/detail/CVE-2018-11713 [ 4 ] CVE-2018-12293 https://nvd.nist.gov/vuln/detail/CVE-2018-12293 [ 5 ] CVE-2018-12294 https://nvd.nist.gov/vuln/detail/CVE-2018-12294 [ 6 ] CVE-2018-4101 https://nvd.nist.gov/vuln/detail/CVE-2018-4101 [ 7 ] CVE-2018-4113 https://nvd.nist.gov/vuln/detail/CVE-2018-4113 [ 8 ] CVE-2018-4114 https://nvd.nist.gov/vuln/detail/CVE-2018-4114 [ 9 ] CVE-2018-4117 https://nvd.nist.gov/vuln/detail/CVE-2018-4117 [ 10 ] CVE-2018-4118 https://nvd.nist.gov/vuln/detail/CVE-2018-4118 [ 11 ] CVE-2018-4119 https://nvd.nist.gov/vuln/detail/CVE-2018-4119 [ 12 ] CVE-2018-4120 https://nvd.nist.gov/vuln/detail/CVE-2018-4120 [ 13 ] CVE-2018-4121 https://nvd.nist.gov/vuln/detail/CVE-2018-4121 [ 14 ] CVE-2018-4122 https://nvd.nist.gov/vuln/detail/CVE-2018-4122 [ 15 ] CVE-2018-4125 https://nvd.nist.gov/vuln/detail/CVE-2018-4125 [ 16 ] CVE-2018-4127 https://nvd.nist.gov/vuln/detail/CVE-2018-4127 [ 17 ] CVE-2018-4128 https://nvd.nist.gov/vuln/detail/CVE-2018-4128 [ 18 ] CVE-2018-4129 https://nvd.nist.gov/vuln/detail/CVE-2018-4129 [ 19 ] CVE-2018-4133 https://nvd.nist.gov/vuln/detail/CVE-2018-4133 [ 20 ] CVE-2018-4146 https://nvd.nist.gov/vuln/detail/CVE-2018-4146 [ 21 ] CVE-2018-4162 https://nvd.nist.gov/vuln/detail/CVE-2018-4162 [ 22 ] CVE-2018-4163 https://nvd.nist.gov/vuln/detail/CVE-2018-4163 [ 23 ] CVE-2018-4165 https://nvd.nist.gov/vuln/detail/CVE-2018-4165 [ 24 ] CVE-2018-4190 https://nvd.nist.gov/vuln/detail/CVE-2018-4190 [ 25 ] CVE-2018-4192 https://nvd.nist.gov/vuln/detail/CVE-2018-4192 [ 26 ] CVE-2018-4199 https://nvd.nist.gov/vuln/detail/CVE-2018-4199 [ 27 ] CVE-2018-4200 https://nvd.nist.gov/vuln/detail/CVE-2018-4200 [ 28 ] CVE-2018-4201 https://nvd.nist.gov/vuln/detail/CVE-2018-4201 [ 29 ] CVE-2018-4204 https://nvd.nist.gov/vuln/detail/CVE-2018-4204 [ 30 ] CVE-2018-4214 https://nvd.nist.gov/vuln/detail/CVE-2018-4214 [ 31 ] CVE-2018-4218 https://nvd.nist.gov/vuln/detail/CVE-2018-4218 [ 32 ] CVE-2018-4222 https://nvd.nist.gov/vuln/detail/CVE-2018-4222 [ 33 ] CVE-2018-4232 https://nvd.nist.gov/vuln/detail/CVE-2018-4232 [ 34 ] CVE-2018-4233 https://nvd.nist.gov/vuln/detail/CVE-2018-4233 [ 35 ] CVE-2018-4261 https://nvd.nist.gov/vuln/detail/CVE-2018-4261 [ 36 ] CVE-2018-4262 https://nvd.nist.gov/vuln/detail/CVE-2018-4262 [ 37 ] CVE-2018-4263 https://nvd.nist.gov/vuln/detail/CVE-2018-4263 [ 38 ] CVE-2018-4264 https://nvd.nist.gov/vuln/detail/CVE-2018-4264 [ 39 ] CVE-2018-4265 https://nvd.nist.gov/vuln/detail/CVE-2018-4265 [ 40 ] CVE-2018-4266 https://nvd.nist.gov/vuln/detail/CVE-2018-4266 [ 41 ] CVE-2018-4267 https://nvd.nist.gov/vuln/detail/CVE-2018-4267 [ 42 ] CVE-2018-4270 https://nvd.nist.gov/vuln/detail/CVE-2018-4270 [ 43 ] CVE-2018-4272 https://nvd.nist.gov/vuln/detail/CVE-2018-4272 [ 44 ] CVE-2018-4273 https://nvd.nist.gov/vuln/detail/CVE-2018-4273 [ 45 ] CVE-2018-4278 https://nvd.nist.gov/vuln/detail/CVE-2018-4278 [ 46 ] CVE-2018-4284 https://nvd.nist.gov/vuln/detail/CVE-2018-4284 [ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003 https://webkitgtk.org/security/WSA-2018-0003.html [ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004 https://webkitgtk.org/security/WSA-2018-0004.html [ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005 https://webkitgtk.org/security/WSA-2018-0005.html [ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006 https://webkitgtk.org/security/WSA-2018-0006.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201808-04
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2018-0003
Date reported : April 04, 2018 Advisory ID : WSA-2018-0003 Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.html CVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165.
Several vulnerabilities were discovered in WebKitGTK+. Credit to Yuan Deng of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to OSS-Fuzz. Impact: Unexpected interaction with indexing types causing an ASSERT failure. Description: An array indexing issue existed in the handling of a function in JavaScriptCore. This issue was addressed through improved checks. Credit to OSS-Fuzz. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher. Impact: A malicious website may exfiltrate data cross-origin. Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation. Credit to Jun Kokatsu (@shhnjk). Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher working with Trend Microys Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher working with Trend Microys Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Zach Markley. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Anton Lopanitsyn of Wallarm, Linus Sarud of Detectify (detectify.com), Yuji Tounai of NTT Communications Corporation. Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack. This issue was addressed with improved URL validation. Credit to OSS-Fuzz. Impact: Processing maliciously crafted web content may lead to a denial of service. Description: A memory corruption issue was addressed through improved input validation. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.
Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html
The WebKitGTK+ team, April 04, 2018 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2018-3-29-2 watchOS 4.3
watchOS 4.3 is now available and addresses the following:
CoreFoundation Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4143: derrek (@derrekr6)
NSURLSession Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4166: Samuel GroA (@5aelo)
Quick Look Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4157: Samuel GroA (@5aelo)
Security Available for: All Apple Watch models Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4144: Abraham Masri (@cheesecakeufo)
System Preferences Available for: All Apple Watch models Impact: A configuration profile may incorrectly remain in effect after removal Description: An issue existed in CFPreferences. CVE-2018-4117: an anonymous researcher, an anonymous researcher
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlspHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZhfA// QhXriKk82GO1fdVRi/k9EQEVNpin8cU62yjgBF3nLEoZeLKRkaZMLsoEzBZ/sOtY v4VEJzRFcrVbDmmFtrA1ECEHe3w7tEydO9CjQsfesZ6TZRSO08ZD5fwE1Q0Jzqq7 43Dlt9/9Y+Fai48wYatj6yKfrjsF1yTnRr83M3C9mrbNJGgZ7yQeMyZ2iu+NcSry XnsK5xoESTH3dmc9+3MCj7h8Fw5MYaWCLPD/jS7iTQDJ9tpJhB+Rw0Z6cQxBNvYn /Sd3XiGvg0aOf3VJW/uodQFEBbBt9V2huCMsaKCLdcdTU+xZ6agmAQ9O5a/rpebP Qa844Ug+CjHT3p8UdldRO/RTjtWhO4s1n/eK1uaJUajqv557qJni+c3GNYtjIk/U TMb+5A7y5f3mVLIgEXaKiK8LwfXPKFXgXIWQk/Nsxda2fYHFupAm54uDx3flor2Z ec7/7yyE7hQJ3BdalRMOTRz8+ZTKN+YZcnls6XstNWp2w+vhqj8Uo16RQG7ga5Uw +tKm/eUe5AdHtjqFzcSfmOrS7XHXEjvqCTCDLIyoP3eWaxsxdfsN3oKOCpjRbYqU jGZjPUVxBzx+/evM1irbtlF4GHXuGdryDvbtFMt2l7t5/gnvsZkrt0Ij93XEC79i ARG0K0zkbtxBQF7qrn2cu/5e+LC217rBLtgO5HpxNEU= =FEXo -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3635-1 April 30, 2018
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description: - webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10: libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.17.10.1 libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.17.10.1
Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3635-1 CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165
Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1
. CVE-2018-4102: Kai Zhao of 3H security team CVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab (tencent.com)
Safari Login AutoFill Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction. Description: Safari autofill did not require explicit user interaction before taking place. CVE-2018-4146: found by OSS-Fuzz
WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: A malicious website may exfiltrate data cross-origin Description: A cross-origin issue existed with the fetch API. CVE-2018-4117: an anonymous researcher, an anonymous researcher
Additional recognition
WebKit We would like to acknowledge Johnny Nipper of Tinder Security Team for their assistance.
Installation note:
Safari 11.1 may be obtained from the Mac App Store
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1162",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.10"
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.7.4"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.3"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.3"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.4"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.1"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "webkitgtk\\+",
"scope": "lt",
"trust": 1.0,
"vendor": "webkitgtk",
"version": "2.20.4"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.4 (windows 7 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.3 (ipad air or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.3 (iphone 5s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.3 (ipod touch first 6 generation )"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 12.7.4 ( target os : windows 7 or later )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1 (macos high sierra 10.13.4)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1 (macos sierra 10.12.6)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1 (os x el capitan 10.11.6)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.3 (apple tv 4k)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.3 (apple tv first 4 generation )"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "4.3 (apple watch all models )"
},
{
"model": "safari",
"scope": null,
"trust": 0.7,
"vendor": "apple",
"version": null
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.1.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "1.1.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.2.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.4.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.3.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "1.0.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.3.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.0.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-275"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003687"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-149"
},
{
"db": "NVD",
"id": "CVE-2018-4162"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.7.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.20.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4162"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WanderingGlitch - Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-275"
}
],
"trust": 0.7
},
"cve": "CVE-2018-4162",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-4162",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-134193",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-4162",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4162",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2018-4162",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-149",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-134193",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-4162",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-275"
},
{
"db": "VULHUB",
"id": "VHN-134193"
},
{
"db": "VULMON",
"id": "CVE-2018-4162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003687"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-149"
},
{
"db": "NVD",
"id": "CVE-2018-4162"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of comparison operators in JIT. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201808-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: August 22, 2018\n Bugs: #652820, #658168, #662974\n ID: 201808-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in WebKitGTK+, the worst of\nwhich may lead to arbitrary code execution. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from\nhybrid HTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.20.4 \u003e= 2.20.4\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.20.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-11646\n https://nvd.nist.gov/vuln/detail/CVE-2018-11646\n[ 2 ] CVE-2018-11712\n https://nvd.nist.gov/vuln/detail/CVE-2018-11712\n[ 3 ] CVE-2018-11713\n https://nvd.nist.gov/vuln/detail/CVE-2018-11713\n[ 4 ] CVE-2018-12293\n https://nvd.nist.gov/vuln/detail/CVE-2018-12293\n[ 5 ] CVE-2018-12294\n https://nvd.nist.gov/vuln/detail/CVE-2018-12294\n[ 6 ] CVE-2018-4101\n https://nvd.nist.gov/vuln/detail/CVE-2018-4101\n[ 7 ] CVE-2018-4113\n https://nvd.nist.gov/vuln/detail/CVE-2018-4113\n[ 8 ] CVE-2018-4114\n https://nvd.nist.gov/vuln/detail/CVE-2018-4114\n[ 9 ] CVE-2018-4117\n https://nvd.nist.gov/vuln/detail/CVE-2018-4117\n[ 10 ] CVE-2018-4118\n https://nvd.nist.gov/vuln/detail/CVE-2018-4118\n[ 11 ] CVE-2018-4119\n https://nvd.nist.gov/vuln/detail/CVE-2018-4119\n[ 12 ] CVE-2018-4120\n https://nvd.nist.gov/vuln/detail/CVE-2018-4120\n[ 13 ] CVE-2018-4121\n https://nvd.nist.gov/vuln/detail/CVE-2018-4121\n[ 14 ] CVE-2018-4122\n https://nvd.nist.gov/vuln/detail/CVE-2018-4122\n[ 15 ] CVE-2018-4125\n https://nvd.nist.gov/vuln/detail/CVE-2018-4125\n[ 16 ] CVE-2018-4127\n https://nvd.nist.gov/vuln/detail/CVE-2018-4127\n[ 17 ] CVE-2018-4128\n https://nvd.nist.gov/vuln/detail/CVE-2018-4128\n[ 18 ] CVE-2018-4129\n https://nvd.nist.gov/vuln/detail/CVE-2018-4129\n[ 19 ] CVE-2018-4133\n https://nvd.nist.gov/vuln/detail/CVE-2018-4133\n[ 20 ] CVE-2018-4146\n https://nvd.nist.gov/vuln/detail/CVE-2018-4146\n[ 21 ] CVE-2018-4162\n https://nvd.nist.gov/vuln/detail/CVE-2018-4162\n[ 22 ] CVE-2018-4163\n https://nvd.nist.gov/vuln/detail/CVE-2018-4163\n[ 23 ] CVE-2018-4165\n https://nvd.nist.gov/vuln/detail/CVE-2018-4165\n[ 24 ] CVE-2018-4190\n https://nvd.nist.gov/vuln/detail/CVE-2018-4190\n[ 25 ] CVE-2018-4192\n https://nvd.nist.gov/vuln/detail/CVE-2018-4192\n[ 26 ] CVE-2018-4199\n https://nvd.nist.gov/vuln/detail/CVE-2018-4199\n[ 27 ] CVE-2018-4200\n https://nvd.nist.gov/vuln/detail/CVE-2018-4200\n[ 28 ] CVE-2018-4201\n https://nvd.nist.gov/vuln/detail/CVE-2018-4201\n[ 29 ] CVE-2018-4204\n https://nvd.nist.gov/vuln/detail/CVE-2018-4204\n[ 30 ] CVE-2018-4214\n https://nvd.nist.gov/vuln/detail/CVE-2018-4214\n[ 31 ] CVE-2018-4218\n https://nvd.nist.gov/vuln/detail/CVE-2018-4218\n[ 32 ] CVE-2018-4222\n https://nvd.nist.gov/vuln/detail/CVE-2018-4222\n[ 33 ] CVE-2018-4232\n https://nvd.nist.gov/vuln/detail/CVE-2018-4232\n[ 34 ] CVE-2018-4233\n https://nvd.nist.gov/vuln/detail/CVE-2018-4233\n[ 35 ] CVE-2018-4261\n https://nvd.nist.gov/vuln/detail/CVE-2018-4261\n[ 36 ] CVE-2018-4262\n https://nvd.nist.gov/vuln/detail/CVE-2018-4262\n[ 37 ] CVE-2018-4263\n https://nvd.nist.gov/vuln/detail/CVE-2018-4263\n[ 38 ] CVE-2018-4264\n https://nvd.nist.gov/vuln/detail/CVE-2018-4264\n[ 39 ] CVE-2018-4265\n https://nvd.nist.gov/vuln/detail/CVE-2018-4265\n[ 40 ] CVE-2018-4266\n https://nvd.nist.gov/vuln/detail/CVE-2018-4266\n[ 41 ] CVE-2018-4267\n https://nvd.nist.gov/vuln/detail/CVE-2018-4267\n[ 42 ] CVE-2018-4270\n https://nvd.nist.gov/vuln/detail/CVE-2018-4270\n[ 43 ] CVE-2018-4272\n https://nvd.nist.gov/vuln/detail/CVE-2018-4272\n[ 44 ] CVE-2018-4273\n https://nvd.nist.gov/vuln/detail/CVE-2018-4273\n[ 45 ] CVE-2018-4278\n https://nvd.nist.gov/vuln/detail/CVE-2018-4278\n[ 46 ] CVE-2018-4284\n https://nvd.nist.gov/vuln/detail/CVE-2018-4284\n[ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003\n https://webkitgtk.org/security/WSA-2018-0003.html\n[ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004\n https://webkitgtk.org/security/WSA-2018-0004.html\n[ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005\n https://webkitgtk.org/security/WSA-2018-0005.html\n[ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006\n https://webkitgtk.org/security/WSA-2018-0006.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201808-04\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. ------------------------------------------------------------------------\nWebKitGTK+ Security Advisory WSA-2018-0003\n------------------------------------------------------------------------\n\nDate reported : April 04, 2018\nAdvisory ID : WSA-2018-0003\nAdvisory URL : https://webkitgtk.org/security/WSA-2018-0003.html\nCVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114,\n CVE-2018-4117, CVE-2018-4118, CVE-2018-4119,\n CVE-2018-4120, CVE-2018-4122, CVE-2018-4125,\n CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,\n CVE-2018-4133, CVE-2018-4146, CVE-2018-4161,\n CVE-2018-4162, CVE-2018-4163, CVE-2018-4165. \n\nSeveral vulnerabilities were discovered in WebKitGTK+. \n Credit to Yuan Deng of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to OSS-Fuzz. \n Impact: Unexpected interaction with indexing types causing an ASSERT\n failure. Description: An array indexing issue existed in the\n handling of a function in JavaScriptCore. This issue was addressed\n through improved checks. \n Credit to OSS-Fuzz. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to an anonymous researcher. \n Impact: A malicious website may exfiltrate data cross-origin. \n Description: A cross-origin issue existed with the fetch API. This\n was addressed through improved input validation. \n Credit to Jun Kokatsu (@shhnjk). Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to an anonymous researcher working with Trend Microys Zero\n Day Initiative. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to WanderingGlitch of Trend Micro\u0027s Zero Day Initiative. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to WanderingGlitch of Trend Micro\u0027s Zero Day Initiative. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to an anonymous researcher working with Trend Microys Zero\n Day Initiative. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Zach Markley. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to likemeng of Baidu Security Lab working with Trend Micro\u0027s\n Zero Day Initiative. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Anton Lopanitsyn of Wallarm, Linus Sarud of Detectify\n (detectify.com), Yuji Tounai of NTT Communications Corporation. \n Impact: Visiting a maliciously crafted website may lead to a cross-\n site scripting attack. This issue was addressed with improved URL\n validation. \n Credit to OSS-Fuzz. \n Impact: Processing maliciously crafted web content may lead to a\n denial of service. Description: A memory corruption issue was\n addressed through improved input validation. \n Credit to WanderingGlitch of Trend Micro\u0027s Zero Day Initiative. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to WanderingGlitch of Trend Micro\u0027s Zero Day Initiative. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to WanderingGlitch of Trend Micro\u0027s Zero Day Initiative. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n\n\nWe recommend updating to the last stable version of WebKitGTK+. It is\nthe best way of ensuring that you are running a safe version of\nWebKitGTK+. Please check our website for information about the last\nstable releases. \n\nFurther information about WebKitGTK+ Security Advisories can be found\nat: https://webkitgtk.org/security.html\n\nThe WebKitGTK+ team,\nApril 04, 2018\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2018-3-29-2 watchOS 4.3\n\nwatchOS 4.3 is now available and addresses the following:\n\nCoreFoundation\nAvailable for: All Apple Watch models\nImpact: An application may be able to gain elevated privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2018-4142: Robin Leroy of Google Switzerland GmbH\n\nFile System Events\nAvailable for: All Apple Watch models\nImpact: An application may be able to gain elevated privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2018-4104: The UK\u0027s National Cyber Security Centre (NCSC)\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4143: derrek (@derrekr6)\n\nNSURLSession\nAvailable for: All Apple Watch models\nImpact: An application may be able to gain elevated privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2018-4166: Samuel GroA (@5aelo)\n\nQuick Look\nAvailable for: All Apple Watch models\nImpact: An application may be able to gain elevated privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2018-4157: Samuel GroA (@5aelo)\n\nSecurity\nAvailable for: All Apple Watch models\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2018-4144: Abraham Masri (@cheesecakeufo)\n\nSystem Preferences\nAvailable for: All Apple Watch models\nImpact: A configuration profile may incorrectly remain in effect\nafter removal\nDescription: An issue existed in CFPreferences. \nCVE-2018-4117: an anonymous researcher, an anonymous researcher\n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlspHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZhfA//\nQhXriKk82GO1fdVRi/k9EQEVNpin8cU62yjgBF3nLEoZeLKRkaZMLsoEzBZ/sOtY\nv4VEJzRFcrVbDmmFtrA1ECEHe3w7tEydO9CjQsfesZ6TZRSO08ZD5fwE1Q0Jzqq7\n43Dlt9/9Y+Fai48wYatj6yKfrjsF1yTnRr83M3C9mrbNJGgZ7yQeMyZ2iu+NcSry\nXnsK5xoESTH3dmc9+3MCj7h8Fw5MYaWCLPD/jS7iTQDJ9tpJhB+Rw0Z6cQxBNvYn\n/Sd3XiGvg0aOf3VJW/uodQFEBbBt9V2huCMsaKCLdcdTU+xZ6agmAQ9O5a/rpebP\nQa844Ug+CjHT3p8UdldRO/RTjtWhO4s1n/eK1uaJUajqv557qJni+c3GNYtjIk/U\nTMb+5A7y5f3mVLIgEXaKiK8LwfXPKFXgXIWQk/Nsxda2fYHFupAm54uDx3flor2Z\nec7/7yyE7hQJ3BdalRMOTRz8+ZTKN+YZcnls6XstNWp2w+vhqj8Uo16RQG7ga5Uw\n+tKm/eUe5AdHtjqFzcSfmOrS7XHXEjvqCTCDLIyoP3eWaxsxdfsN3oKOCpjRbYqU\njGZjPUVxBzx+/evM1irbtlF4GHXuGdryDvbtFMt2l7t5/gnvsZkrt0Ij93XEC79i\nARG0K0zkbtxBQF7qrn2cu/5e+LC217rBLtgO5HpxNEU=\n=FEXo\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-3635-1\nApril 30, 2018\n\nwebkit2gtk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.10\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK+. \n\nSoftware Description:\n- webkit2gtk: Web content engine library for GTK+\n\nDetails:\n\nA large number of security issues were discovered in the WebKitGTK+ Web and\nJavaScript engines. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.10:\n libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.17.10.1\n libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.17.10.1\n\nUbuntu 16.04 LTS:\n libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.16.04.1\n libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.16.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK+, such as Epiphany, to make all the necessary changes. \n\nReferences:\n https://usn.ubuntu.com/usn/usn-3635-1\n CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117,\n CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122,\n CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,\n CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162,\n CVE-2018-4163, CVE-2018-4165\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1\n https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1\n\n. \nCVE-2018-4102: Kai Zhao of 3H security team\nCVE-2018-4116: @littlelailo, xisigr of Tencent\u0027s Xuanwu Lab\n(tencent.com)\n\nSafari Login AutoFill\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and\nmacOS High Sierra 10.13.4\nImpact: A malicious website may be able to exfiltrate autofilled data\nin Safari without explicit user interaction. \nDescription: Safari autofill did not require explicit user\ninteraction before taking place. \nCVE-2018-4146: found by OSS-Fuzz\n\nWebKit\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and\nmacOS High Sierra 10.13.4\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: A cross-origin issue existed with the fetch API. \nCVE-2018-4117: an anonymous researcher, an anonymous researcher\n\nAdditional recognition\n\nWebKit\nWe would like to acknowledge Johnny Nipper of Tinder Security Team\nfor their assistance. \n\nInstallation note:\n\nSafari 11.1 may be obtained from the Mac App Store",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003687"
},
{
"db": "ZDI",
"id": "ZDI-18-275"
},
{
"db": "VULHUB",
"id": "VHN-134193"
},
{
"db": "VULMON",
"id": "CVE-2018-4162"
},
{
"db": "PACKETSTORM",
"id": "149059"
},
{
"db": "PACKETSTORM",
"id": "147241"
},
{
"db": "PACKETSTORM",
"id": "146965"
},
{
"db": "PACKETSTORM",
"id": "147433"
},
{
"db": "PACKETSTORM",
"id": "146966"
},
{
"db": "PACKETSTORM",
"id": "146969"
},
{
"db": "PACKETSTORM",
"id": "146970"
},
{
"db": "PACKETSTORM",
"id": "146971"
}
],
"trust": 3.15
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-134193",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134193"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4162",
"trust": 4.1
},
{
"db": "SECTRACK",
"id": "1040604",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "158874",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU92378299",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003687",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5604",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-275",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201804-149",
"trust": 0.7
},
{
"db": "CXSECURITY",
"id": "WLB-2020080074",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-134193",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-4162",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149059",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147241",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146965",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147433",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146966",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146969",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146970",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146971",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-275"
},
{
"db": "VULHUB",
"id": "VHN-134193"
},
{
"db": "VULMON",
"id": "CVE-2018-4162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003687"
},
{
"db": "PACKETSTORM",
"id": "149059"
},
{
"db": "PACKETSTORM",
"id": "147241"
},
{
"db": "PACKETSTORM",
"id": "146965"
},
{
"db": "PACKETSTORM",
"id": "147433"
},
{
"db": "PACKETSTORM",
"id": "146966"
},
{
"db": "PACKETSTORM",
"id": "146969"
},
{
"db": "PACKETSTORM",
"id": "146970"
},
{
"db": "PACKETSTORM",
"id": "146971"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-149"
},
{
"db": "NVD",
"id": "CVE-2018-4162"
}
]
},
"id": "VAR-201804-1162",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-134193"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:19:50.233000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT208697",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht208697"
},
{
"title": "HT208698",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht208698"
},
{
"title": "HT208693",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht208693"
},
{
"title": "HT208694",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht208694"
},
{
"title": "HT208695",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht208695"
},
{
"title": "HT208696",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht208696"
},
{
"title": "HT208693",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht208693"
},
{
"title": "HT208694",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht208694"
},
{
"title": "HT208695",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht208695"
},
{
"title": "HT208696",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht208696"
},
{
"title": "HT208697",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht208697"
},
{
"title": "HT208698",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht208698"
},
{
"title": "Apple has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://support.apple.com/kb/ht201222"
},
{
"title": "Multiple Apple product WebKit Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83001"
},
{
"title": "Apple: Safari 11.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ee3f60ca20e25abaeeaa2929b7de559a"
},
{
"title": "Apple: watchOS 4.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0c9672f464c8ecdde98d280637ecb1c5"
},
{
"title": "Apple: iCloud for Windows 7.4",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=3c324dcae1b032626ce2245c5900fb36"
},
{
"title": "Ubuntu Security Notice: webkit2gtk vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3635-1"
},
{
"title": "Apple: iTunes 12.7.4 for Windows",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=1b3706ef4ba6948ac20ebbbcffe7bc29"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=2196fa008592287290cbd6678fbe10d4"
},
{
"title": "Apple: tvOS 11.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0eeec7064403af3bc921bd387f797adc"
},
{
"title": "Apple: iOS 11.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=66db9acd354635a683838e3cd9bc2d76"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-275"
},
{
"db": "VULMON",
"id": "CVE-2018-4162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003687"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-149"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134193"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003687"
},
{
"db": "NVD",
"id": "CVE-2018-4162"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201808-04"
},
{
"trust": 1.9,
"url": "http://packetstormsecurity.com/files/158874/safari-webkit-for-ios-7.1.2-jit-optimization-bug.html"
},
{
"trust": 1.9,
"url": "https://usn.ubuntu.com/3635-1/"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht208693"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht208694"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht208695"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht208696"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht208697"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht208698"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1040604"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4162"
},
{
"trust": 1.2,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4162"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92378299/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4114"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4163"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4125"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4113"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4122"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4146"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4129"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4101"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4120"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4127"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4165"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4128"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4118"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4117"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4119"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4161"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4121"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2020080074"
},
{
"trust": 0.5,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4133"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4144"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4130"
},
{
"trust": 0.2,
"url": "https://webkitgtk.org/security/wsa-2018-0003.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4155"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4143"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4142"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4166"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4115"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4104"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4150"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4167"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4157"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht208695"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4265"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4233"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2018-0004.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4261"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11713"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4263"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11646"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12294"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4262"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4266"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4273"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2018-0006.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4201"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4272"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4200"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4199"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4278"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2018-0005.html"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4218"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security.html"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4158"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3635-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4102"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4137"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht204283"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-275"
},
{
"db": "VULHUB",
"id": "VHN-134193"
},
{
"db": "VULMON",
"id": "CVE-2018-4162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003687"
},
{
"db": "PACKETSTORM",
"id": "149059"
},
{
"db": "PACKETSTORM",
"id": "147241"
},
{
"db": "PACKETSTORM",
"id": "146965"
},
{
"db": "PACKETSTORM",
"id": "147433"
},
{
"db": "PACKETSTORM",
"id": "146966"
},
{
"db": "PACKETSTORM",
"id": "146969"
},
{
"db": "PACKETSTORM",
"id": "146970"
},
{
"db": "PACKETSTORM",
"id": "146971"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-149"
},
{
"db": "NVD",
"id": "CVE-2018-4162"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-18-275"
},
{
"db": "VULHUB",
"id": "VHN-134193"
},
{
"db": "VULMON",
"id": "CVE-2018-4162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003687"
},
{
"db": "PACKETSTORM",
"id": "149059"
},
{
"db": "PACKETSTORM",
"id": "147241"
},
{
"db": "PACKETSTORM",
"id": "146965"
},
{
"db": "PACKETSTORM",
"id": "147433"
},
{
"db": "PACKETSTORM",
"id": "146966"
},
{
"db": "PACKETSTORM",
"id": "146969"
},
{
"db": "PACKETSTORM",
"id": "146970"
},
{
"db": "PACKETSTORM",
"id": "146971"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-149"
},
{
"db": "NVD",
"id": "CVE-2018-4162"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-06T00:00:00",
"db": "ZDI",
"id": "ZDI-18-275"
},
{
"date": "2018-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-134193"
},
{
"date": "2018-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4162"
},
{
"date": "2018-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003687"
},
{
"date": "2018-08-23T18:40:24",
"db": "PACKETSTORM",
"id": "149059"
},
{
"date": "2018-04-18T13:33:33",
"db": "PACKETSTORM",
"id": "147241"
},
{
"date": "2018-03-30T15:52:32",
"db": "PACKETSTORM",
"id": "146965"
},
{
"date": "2018-05-02T04:32:41",
"db": "PACKETSTORM",
"id": "147433"
},
{
"date": "2018-03-30T15:52:53",
"db": "PACKETSTORM",
"id": "146966"
},
{
"date": "2018-03-30T15:55:24",
"db": "PACKETSTORM",
"id": "146969"
},
{
"date": "2018-03-30T15:55:41",
"db": "PACKETSTORM",
"id": "146970"
},
{
"date": "2018-03-30T15:56:03",
"db": "PACKETSTORM",
"id": "146971"
},
{
"date": "2018-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-149"
},
{
"date": "2018-04-03T06:29:07.467000",
"db": "NVD",
"id": "CVE-2018-4162"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-06T00:00:00",
"db": "ZDI",
"id": "ZDI-18-275"
},
{
"date": "2020-08-14T00:00:00",
"db": "VULHUB",
"id": "VHN-134193"
},
{
"date": "2020-08-14T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4162"
},
{
"date": "2018-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003687"
},
{
"date": "2020-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-149"
},
{
"date": "2020-08-14T23:15:12.293000",
"db": "NVD",
"id": "CVE-2018-4162"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "147433"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-149"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Used in products WebKit Vulnerability in arbitrary code execution in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003687"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-149"
}
],
"trust": 0.6
}
}
VAR-201912-0592
Vulnerability from variot - Updated: 2024-07-23 22:19An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges. Apple From iCloud for Windows An update for has been released.The expected impact depends on each vulnerability, but can be affected as follows: * Arbitrary code execution * Privilege escalation * information leak. plural Apple The product contains an input validation vulnerability due to a flaw in memory handling.You may be able to elevate privileges through the application. SQLite is prone to the following security vulnerabilities. 1. Multiple privilege-escalation vulnerabilities 2. A memory corruption vulnerability 3. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. SQLite is one of the C-language-based open source embedded relational database management components developed by American software developer D.Richard Hipp. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Windows-based iCloud prior to 10.4, prior to 7.12; Windows-based iTunes prior to 12.9.5; versions earlier than watchOS 5.2.1.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-5-13-1 iOS 12.3
iOS 12.3 is now available and addresses the following:
AppleFileConduit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8593: Dany Lisiansky (@DanyL931)
Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research
CoreAudio Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative
Disk Images Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University
Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8605: Ned Williamson working with Google Project Zero
Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and Hanul Choi of LINE Security Team
Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8591: Ned Williamson working with Google Project Zero
Lock Screen Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes Description: A logic issue was addressed with improved restrictions. CVE-2019-8599: Jeremy Peña-Lopez (aka Radio) of the University of North Florida
Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: An input validation issue was addressed with improved input validation. CVE-2019-8626: Natalie Silvanovich of Google Project Zero
Mail Message Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8613: Natalie Silvanovich of Google Project Zero
MobileInstallation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931)
MobileLockdown Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to gain root privileges Description: An input validation issue was addressed with improved input validation. CVE-2019-8637: Dany Lisiansky (@DanyL931)
Photos Storage Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8617: an anonymous researcher
SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research
SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8600: Omer Gull of Checkpoint Research
SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research
SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research
Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: The lock screen may show a locked icon after unlocking Description: The issue was addressed with improved UI handling. CVE-2019-8630: Jon M. Morlan
StreamingZip Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931)
sysdiagnose Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo)
WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team
WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro's Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab
Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt
Additional recognition
Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.
CoreFoundation We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian Zhang, Huiming Liu of Tencent's Xuanwu Lab for their assistance.
Kernel We would like to acknowledge Brandon Azad of Google Project Zero and an anonymous researcher for their assistance.
MediaLibrary We would like to acknowledge Angel Ramirez and Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. for their assistance.
MobileInstallation We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.
Safari We would like to acknowledge Ben Guild (@benguild) for their assistance.
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "iOS 12.3".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FJJxAA hLu4GEYEBPNLxDWhh49P7k7pe33N8cguJw2iPt6sYkF9swBwzL1AC1y0WiNJejGT Y0PPMG7evpaEVGQwCZvHarNT4g35OUeHdHy4gYAIPfTY15G25jmELL4YTJutWQ0O z6KseXhEq9EqpHKlsT5Q6QOEoUyXVHan33d+H9+4t/jQHFvDqMmwHWO7bKlYyhWW ctG8jbXSgy/OFjSrmbPhfbBfDXQHah8GsFGJAFtlWk+UtQhXNifJT1tj9XAKDtGK V5EQ/hYkYRyyeNPXLiZ/wn6Jesbg8QIrmZB2RHAl1w8XZZY2Gsd1//dTXqn1LkqK gwOV0+Vs//LJwIqix435KKc0ULMwJjIfKy9whzPyf+4lqcD4kx4OdQrakZz4+L7g 4ZZeeyJ0LFFnO4eavtn6lVrYcTXVhJlRkJ6cWZcf9Dfr28bPTSSHda1Nd9quZFJn QPFt7CHRPL1MelgfDKZNeTy7WUDnoTwbdMZCyd0MszCxCeaSahny7066jmfKyXGI OoQQyyz96OmBABcqG3WeCRSeJ3ymmoy2d+JzjA4boIHo4k+nq5ifKikyI8qiHIBB uS3K3DEzMSj/0u2vNcDMjQ6vogbxeWnK8fxCCxkfedYZEdHg4Oj4lK1HStbhweoJ cB3S2pWUIPt8HRcnbUYgypZ0ZJgtnTom+0mgi3a0+64= =fsAj -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0592",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "icloud",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.0"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.9.5"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.4"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.1.1"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.12"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.5"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "5.2.1"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 10.4 earlier"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.14.4"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 10.4 (windows 10 18362.145 or later )"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 7.12 (windows 7 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.3 (ipad air or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.3 (iphone 5s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.3 (ipod touch first 6 generation )"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 12.9.5 (windows 7 or later )"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.3 (apple tv 4k)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.3 (apple tv hd)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.2.1 (apple watch series 1 or later )"
},
{
"model": "sqlite",
"scope": "eq",
"trust": 0.3,
"vendor": "sqlite",
"version": "0"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "80"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "10"
},
{
"model": "esignal",
"scope": "eq",
"trust": 0.3,
"vendor": "esignal",
"version": "6.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.9.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.9.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.9.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.7.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.7.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.7.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.6.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.5.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.4.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.7.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2.20"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.7.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.5.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.5.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.0.163"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1.42"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1.10"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.0.80"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2.12"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.9"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.11"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.10"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.2"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "itunes",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "12.9.5"
},
{
"model": "icloud",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.12"
}
],
"sources": [
{
"db": "BID",
"id": "108491"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005041"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013426"
},
{
"db": "NVD",
"id": "CVE-2019-8577"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "7.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "10.4",
"versionStartIncluding": "10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "12.9.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.14.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8577"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "152847"
},
{
"db": "PACKETSTORM",
"id": "152846"
},
{
"db": "PACKETSTORM",
"id": "153116"
},
{
"db": "PACKETSTORM",
"id": "152845"
},
{
"db": "PACKETSTORM",
"id": "152844"
},
{
"db": "PACKETSTORM",
"id": "153117"
}
],
"trust": 0.6
},
"cve": "CVE-2019-8577",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-8577",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-005041",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-160012",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-005041",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-8577",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-8577",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2019-005041",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-511",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160012",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-8577",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160012"
},
{
"db": "VULMON",
"id": "CVE-2019-8577"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005041"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013426"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-511"
},
{
"db": "NVD",
"id": "CVE-2019-8577"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges. Apple From iCloud for Windows An update for has been released.The expected impact depends on each vulnerability, but can be affected as follows: * Arbitrary code execution * Privilege escalation * information leak. plural Apple The product contains an input validation vulnerability due to a flaw in memory handling.You may be able to elevate privileges through the application. SQLite is prone to the following security vulnerabilities. \n1. Multiple privilege-escalation vulnerabilities\n2. A memory corruption vulnerability\n3. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. SQLite is one of the C-language-based open source embedded relational database management components developed by American software developer D.Richard Hipp. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Windows-based iCloud prior to 10.4, prior to 7.12; Windows-based iTunes prior to 12.9.5; versions earlier than watchOS 5.2.1. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-5-13-1 iOS 12.3\n\niOS 12.3 is now available and addresses the following:\n\nAppleFileConduit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8593: Dany Lisiansky (@DanyL931)\n\nContacts\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to read restricted memory\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8598: Omer Gull of Checkpoint Research\n\nCoreAudio\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted movie file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8585: riusksk of VulWar Corp working with Trend Micro\u0027s Zero\nDay Initiative\n\nDisk Images\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological\nUniversity\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-8605: Ned Williamson working with Google Project Zero\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and\nHanul Choi of LINE Security Team\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2019-8591: Ned Williamson working with Google Project Zero\n\nLock Screen\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\nsee the email address used for iTunes\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2019-8599: Jeremy Pe\u00f1a-Lopez (aka Radio) of the University of\nNorth Florida\n\nMail\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted message may lead to a denial\nof service\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8626: Natalie Silvanovich of Google Project Zero\n\nMail Message Framework\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-8613: Natalie Silvanovich of Google Project Zero\n\nMobileInstallation\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2019-8568: Dany Lisiansky (@DanyL931)\n\nMobileLockdown\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to gain root privileges\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8637: Dany Lisiansky (@DanyL931)\n\nPhotos Storage\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2019-8617: an anonymous researcher\n\nSQLite\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to gain elevated privileges\nDescription: An input validation issue was addressed with improved\nmemory handling. \nCVE-2019-8577: Omer Gull of Checkpoint Research\n\nSQLite\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A maliciously crafted SQL query may lead to arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2019-8600: Omer Gull of Checkpoint Research\n\nSQLite\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to read restricted memory\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8598: Omer Gull of Checkpoint Research\n\nSQLite\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed by removing the\nvulnerable code. \nCVE-2019-8602: Omer Gull of Checkpoint Research\n\nStatus Bar\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: The lock screen may show a locked icon after unlocking\nDescription: The issue was addressed with improved UI handling. \nCVE-2019-8630: Jon M. Morlan\n\nStreamingZip\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2019-8568: Dany Lisiansky (@DanyL931)\n\nsysdiagnose\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo)\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2019-6237: G. Geshev working with Trend Micro Zero Day\nInitiative, Liu Long of Qihoo 360 Vulcan Team\nCVE-2019-8571: 01 working with Trend Micro\u0027s Zero Day Initiative\nCVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_)\nof Tencent Keen Lab, and dwfault working at ADLab of Venustech\nCVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero\nDay Initiative\nCVE-2019-8586: an anonymous researcher\nCVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative\nCVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security \u0026\nPrivacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab\nCVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero\nDay Initiative\nCVE-2019-8596: Wen Xu of SSLab at Georgia Tech\nCVE-2019-8597: 01 working with Trend Micro Zero Day Initiative\nCVE-2019-8601: Fluoroacetate working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative\nCVE-2019-8609: Wen Xu of SSLab, Georgia Tech\nCVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative\nCVE-2019-8611: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro\u0027s\nZero Day Initiative\nCVE-2019-8619: Wen Xu of SSLab at Georgia Tech and\nHanqing Zhao of Chaitin Security Research Lab\nCVE-2019-8622: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8623: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8628: Wen Xu of SSLab at Georgia Tech and\nHanqing Zhao of Chaitin Security Research Lab\n\nWi-Fi\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A device may be passively tracked by its WiFi MAC address\nDescription: A user privacy issue was addressed by removing the\nbroadcast MAC address. \nCVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile\nNetworking Lab at Technische Universit\u00e4t Darmstadt\n\nAdditional recognition\n\nClang\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nCoreFoundation\nWe would like to acknowledge Vozzie and Rami and m4bln, Xiangqian\nZhang, Huiming Liu of Tencent\u0027s Xuanwu Lab for their assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero and\nan anonymous researcher for their assistance. \n\nMediaLibrary\nWe would like to acknowledge Angel Ramirez and Min (Spark) Zheng,\nXiaolong Bai of Alibaba Inc. for their assistance. \n\nMobileInstallation\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nSafari\nWe would like to acknowledge Ben Guild (@benguild) for their\nassistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 12.3\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUopHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FJJxAA\nhLu4GEYEBPNLxDWhh49P7k7pe33N8cguJw2iPt6sYkF9swBwzL1AC1y0WiNJejGT\nY0PPMG7evpaEVGQwCZvHarNT4g35OUeHdHy4gYAIPfTY15G25jmELL4YTJutWQ0O\nz6KseXhEq9EqpHKlsT5Q6QOEoUyXVHan33d+H9+4t/jQHFvDqMmwHWO7bKlYyhWW\nctG8jbXSgy/OFjSrmbPhfbBfDXQHah8GsFGJAFtlWk+UtQhXNifJT1tj9XAKDtGK\nV5EQ/hYkYRyyeNPXLiZ/wn6Jesbg8QIrmZB2RHAl1w8XZZY2Gsd1//dTXqn1LkqK\ngwOV0+Vs//LJwIqix435KKc0ULMwJjIfKy9whzPyf+4lqcD4kx4OdQrakZz4+L7g\n4ZZeeyJ0LFFnO4eavtn6lVrYcTXVhJlRkJ6cWZcf9Dfr28bPTSSHda1Nd9quZFJn\nQPFt7CHRPL1MelgfDKZNeTy7WUDnoTwbdMZCyd0MszCxCeaSahny7066jmfKyXGI\nOoQQyyz96OmBABcqG3WeCRSeJ3ymmoy2d+JzjA4boIHo4k+nq5ifKikyI8qiHIBB\nuS3K3DEzMSj/0u2vNcDMjQ6vogbxeWnK8fxCCxkfedYZEdHg4Oj4lK1HStbhweoJ\ncB3S2pWUIPt8HRcnbUYgypZ0ZJgtnTom+0mgi3a0+64=\n=fsAj\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8577"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005041"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013426"
},
{
"db": "BID",
"id": "108491"
},
{
"db": "VULHUB",
"id": "VHN-160012"
},
{
"db": "VULMON",
"id": "CVE-2019-8577"
},
{
"db": "PACKETSTORM",
"id": "152847"
},
{
"db": "PACKETSTORM",
"id": "152846"
},
{
"db": "PACKETSTORM",
"id": "153116"
},
{
"db": "PACKETSTORM",
"id": "152845"
},
{
"db": "PACKETSTORM",
"id": "152844"
},
{
"db": "PACKETSTORM",
"id": "153117"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-8577",
"trust": 3.5
},
{
"db": "JVN",
"id": "JVNVU95342995",
"trust": 1.6
},
{
"db": "BID",
"id": "108491",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005041",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98453159",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU93988385",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013426",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-511",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "152847",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "153117",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1697",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1922",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-160012",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-8577",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152846",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153116",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152845",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152844",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160012"
},
{
"db": "VULMON",
"id": "CVE-2019-8577"
},
{
"db": "BID",
"id": "108491"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005041"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013426"
},
{
"db": "PACKETSTORM",
"id": "152847"
},
{
"db": "PACKETSTORM",
"id": "152846"
},
{
"db": "PACKETSTORM",
"id": "153116"
},
{
"db": "PACKETSTORM",
"id": "152845"
},
{
"db": "PACKETSTORM",
"id": "152844"
},
{
"db": "PACKETSTORM",
"id": "153117"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-511"
},
{
"db": "NVD",
"id": "CVE-2019-8577"
}
]
},
"id": "VAR-201912-0592",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160012"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:19:49.641000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About the security content of iCloud for Windows 10.4",
"trust": 1.6,
"url": "https://support.apple.com/en-us/ht210212"
},
{
"title": "HT210118",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210118"
},
{
"title": "HT210119",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210119"
},
{
"title": "HT210120",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210120"
},
{
"title": "HT210124",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210124"
},
{
"title": "HT210122",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210122"
},
{
"title": "HT210125",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210125"
},
{
"title": "HT210118",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht210118"
},
{
"title": "HT210119",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht210119"
},
{
"title": "HT210120",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht210120"
},
{
"title": "HT210124",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht210124"
},
{
"title": "HT210125",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht210125"
},
{
"title": "HT210212",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht210212"
},
{
"title": "HT210122",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht210122"
},
{
"title": "Multiple Apple product SQLite Fixes for component input validation error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92667"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2019/08/10/memory_corruption_sqlite/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/sqlite-exploits-iphone-hack/147203/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-8577"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005041"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013426"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-511"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160012"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013426"
},
{
"db": "NVD",
"id": "CVE-2019-8577"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8577"
},
{
"trust": 1.8,
"url": "https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210118"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210119"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210120"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210122"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210124"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210125"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210212"
},
{
"trust": 0.9,
"url": "https://www.sqlite.org/"
},
{
"trust": 0.9,
"url": "https://lists.apple.com/archives/security-announce/2019/may/msg00007.html"
},
{
"trust": 0.9,
"url": "https://lists.apple.com/archives/security-announce/2019/may/msg00006.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95342995"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8577"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93988385/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98453159/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95342995/index.html"
},
{
"trust": 0.7,
"url": "https://www.securityfocus.com/bid/108491"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8598"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8601"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8583"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8602"
},
{
"trust": 0.6,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8600"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-au/ht210122"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht210125"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/153117/apple-security-advisory-2019-5-28-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80842"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210125"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210124"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1922/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152847/apple-security-advisory-2019-5-13-4.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8607"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8587"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6237"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8595"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8584"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8596"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8586"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8597"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8571"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8594"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8560"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8576"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8591"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8585"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8568"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8574"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8610"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8608"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8609"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8623"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8605"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8593"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8622"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8611"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8615"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8628"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8619"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/sqlite-exploits-iphone-hack/147203/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8626"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8637"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht204283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8569"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8592"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8590"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4456"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8599"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/download/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160012"
},
{
"db": "VULMON",
"id": "CVE-2019-8577"
},
{
"db": "BID",
"id": "108491"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005041"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013426"
},
{
"db": "PACKETSTORM",
"id": "152847"
},
{
"db": "PACKETSTORM",
"id": "152846"
},
{
"db": "PACKETSTORM",
"id": "153116"
},
{
"db": "PACKETSTORM",
"id": "152845"
},
{
"db": "PACKETSTORM",
"id": "152844"
},
{
"db": "PACKETSTORM",
"id": "153117"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-511"
},
{
"db": "NVD",
"id": "CVE-2019-8577"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160012"
},
{
"db": "VULMON",
"id": "CVE-2019-8577"
},
{
"db": "BID",
"id": "108491"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005041"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013426"
},
{
"db": "PACKETSTORM",
"id": "152847"
},
{
"db": "PACKETSTORM",
"id": "152846"
},
{
"db": "PACKETSTORM",
"id": "153116"
},
{
"db": "PACKETSTORM",
"id": "152845"
},
{
"db": "PACKETSTORM",
"id": "152844"
},
{
"db": "PACKETSTORM",
"id": "153117"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-511"
},
{
"db": "NVD",
"id": "CVE-2019-8577"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-160012"
},
{
"date": "2019-12-18T00:00:00",
"db": "VULMON",
"id": "CVE-2019-8577"
},
{
"date": "2019-05-28T00:00:00",
"db": "BID",
"id": "108491"
},
{
"date": "2019-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005041"
},
{
"date": "2020-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013426"
},
{
"date": "2019-05-14T00:29:10",
"db": "PACKETSTORM",
"id": "152847"
},
{
"date": "2019-05-14T00:28:51",
"db": "PACKETSTORM",
"id": "152846"
},
{
"date": "2019-05-29T13:23:53",
"db": "PACKETSTORM",
"id": "153116"
},
{
"date": "2019-05-14T00:28:29",
"db": "PACKETSTORM",
"id": "152845"
},
{
"date": "2019-05-14T00:27:53",
"db": "PACKETSTORM",
"id": "152844"
},
{
"date": "2019-05-29T13:24:19",
"db": "PACKETSTORM",
"id": "153117"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-511"
},
{
"date": "2019-12-18T18:15:27.067000",
"db": "NVD",
"id": "CVE-2019-8577"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-160012"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-8577"
},
{
"date": "2019-05-28T00:00:00",
"db": "BID",
"id": "108491"
},
{
"date": "2019-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005041"
},
{
"date": "2020-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013426"
},
{
"date": "2021-11-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-511"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-8577"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-511"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iCloud for Windows Updates for vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005041"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "152847"
},
{
"db": "PACKETSTORM",
"id": "152846"
},
{
"db": "PACKETSTORM",
"id": "153116"
},
{
"db": "PACKETSTORM",
"id": "152845"
},
{
"db": "PACKETSTORM",
"id": "152844"
},
{
"db": "PACKETSTORM",
"id": "153117"
}
],
"trust": 0.6
}
}
VAR-201711-0476
Vulnerability from variot - Updated: 2024-07-23 22:19An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 11.1; Safari prior to 11.0.1; Windows-based iCloud prior to 7.1; Windows-based iTunes prior to 12.7.1; tvOS prior to 11.1. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2017-0009
Date reported : November 10, 2017 Advisory ID : WSA-2017-0009 Advisory URL : https://webkitgtk.org/security/WSA-2017-0009.html CVE identifiers : CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803.
Several vulnerabilities were discovered in WebKitGTK+. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to xisigr of Tencent's Xuanwu Lab (tencent.com). Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Hanul Choi working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to chenqin (ee|) of Ant-financial Light-Year Security. Description: Multiple memory corruption issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.
Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html
The WebKitGTK+ team, November 10, 2017
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201712-01
https://security.gentoo.org/
Severity: Normal Title: WebKitGTK+: Multiple vulnerabilities Date: December 14, 2017 Bugs: #637076 ID: 201712-01
Synopsis
Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which may lead to arbitrary code execution.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.18.3 >= 2.18.3
Description
Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.
Workaround
There are no known workarounds at this time.
Resolution
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.18.3"
References
[ 1 ] CVE-2017-13783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13783 [ 2 ] CVE-2017-13784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13784 [ 3 ] CVE-2017-13785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13785 [ 4 ] CVE-2017-13788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13788 [ 5 ] CVE-2017-13791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13791 [ 6 ] CVE-2017-13792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13792 [ 7 ] CVE-2017-13793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13793 [ 8 ] CVE-2017-13794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13794 [ 9 ] CVE-2017-13795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13795 [ 10 ] CVE-2017-13796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13796 [ 11 ] CVE-2017-13798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13798 [ 12 ] CVE-2017-13802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13802 [ 13 ] CVE-2017-13803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13803
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201712-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
Ubuntu Security Notice USN-3481-1 November 16, 2017
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 17.04
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description: - webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10: libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.17.10.1 libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.17.10.1
Ubuntu 17.04: libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.17.04.1 libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.17.04.1
Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3481-1 CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803
Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.16.04.1
--cAJSiv6PLl8jlntXfAr5kK8XnnPQvgKnJ--
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-10-31-1 iOS 11.1
iOS 11.1 is now available and addresses the following:
CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to an unexpected application termination Description: A denial of service issue was addressed through improved memory handling. CVE-2017-13849: Ro of SavSec
Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13799: an anonymous researcher
Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to access photos from the lock screen Description: A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management. CVE-2017-13844: Miguel Alvarado of iDeviceHelp INC
Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen Description: An issue existed with Siri permissions. This was addressed with improved permission checking. CVE-2017-13805: Yiğit Can YILMAZ (@yilmazcanyigit)
StreamingZip Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious zip file may be able modify restricted areas of the file system Description: A path handling issue was addressed with improved validation. CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.
UIKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Characters in a secure text field might be revealed Description: The characters in a secure text field were revealed during focus change events. This issue was addressed through improved state management. CVE-2017-7113: an anonymous researcher, Duraiamuthan Harikrishnan of Tech Mahindra, Ricardo Sampayo of Bemo Ltd
WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u7opHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbQiw// bEkSQWlXTfpJ/9F2VKbMv+++td8sXozC3ICj9Ho+zhctxNY3MvIqXY8B4MrWB5+e wgz1X/EQSCMItE2u20uISfApls/8/pBde6kKnca9rPGr7I2BKsuHTfCT3taSkhoj EWMHEb64Se0hSiWKj99HJ80It9bDGSHz1cofpYDCNSMFBCiGWF2EbMgxUa55T5Vx BtWZ91y2oU6gTsu4ZSR5NXG+Hi/vFYDnAFSr2/5Dgud4fl0tYk1KZ725g2YvXT7S E3qV6shwcQtpf5ixm4G2cYalfiAmkYYjA/q2sgLClHDVXaPzahTS9ScMygKo4BsZ RDboCM0q0ywPl+xnNJFuq2ZpZAfMefuXpcjTSxBDoNXliphzH2YOjk5YtHV47S+x E8+b/bGDvBiKXJFo+yotJ07er0XtFPxfJKwgaYAi8VAfEXZrIv0uDQfYIZieMIRz VznZvlaKXpA1Ms3R3rY2ukI9gdyPD0wk7r8zAGD0eTdl8E0bMI89UaSMWqDGf1Jm 9AWKOB7na2ElWNHeEMUAhReOL4jHqu/FLkRuoYVAiYKYUDWJGDlD79Yz8bTqnwtu AWHqstzzcUVg1HXcwR5ngUDGFFOU2vVkqZRK6uwzCRzd/a7QQ/Lu+86GkfxPUB+p 9rtwIDGcTg0795ylrx8NLY/3BD8xcBMhfcZbpX5TF8s= =qJV/ -----END PGP SIGNATURE-----
Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0476",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.1"
},
{
"model": "webkit",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": null
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.1"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.1"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.7.1"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.1 (windows 7 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1 (ipad air or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1 (iphone 5s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1 (ipod touch first 6 generation )"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 12.7.1 (windows 7 or later )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.0.1 (macos high sierra 10.13)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.0.1 (macos sierra 10.12.6)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.0.1 (os x el capitan 10.11.6)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1 (apple tv 4k)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1 (apple tv first 4 generation )"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "8.0.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.2.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.5"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010348"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-101"
},
{
"db": "NVD",
"id": "CVE-2017-13788"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.7.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:webkit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13788"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "144861"
},
{
"db": "PACKETSTORM",
"id": "144828"
},
{
"db": "PACKETSTORM",
"id": "144830"
},
{
"db": "PACKETSTORM",
"id": "144831"
},
{
"db": "PACKETSTORM",
"id": "144860"
}
],
"trust": 0.5
},
"cve": "CVE-2017-13788",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-13788",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-104445",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-13788",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-13788",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-101",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-104445",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104445"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010348"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-101"
},
{
"db": "NVD",
"id": "CVE-2017-13788"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 11.1; Safari prior to 11.0.1; Windows-based iCloud prior to 7.1; Windows-based iTunes prior to 12.7.1; tvOS prior to 11.1. ------------------------------------------------------------------------\nWebKitGTK+ Security Advisory WSA-2017-0009\n------------------------------------------------------------------------\n\nDate reported : November 10, 2017\nAdvisory ID : WSA-2017-0009\nAdvisory URL : https://webkitgtk.org/security/WSA-2017-0009.html\nCVE identifiers : CVE-2017-13783, CVE-2017-13784, CVE-2017-13785,\n CVE-2017-13788, CVE-2017-13791, CVE-2017-13792,\n CVE-2017-13793, CVE-2017-13794, CVE-2017-13795,\n CVE-2017-13796, CVE-2017-13798, CVE-2017-13802,\n CVE-2017-13803. \n\nSeveral vulnerabilities were discovered in WebKitGTK+. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to xisigr of Tencent\u0027s Xuanwu Lab (tencent.com). Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Hanul Choi working with Trend Micro\u0027s Zero Day Initiative. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to chenqin (ee|) of Ant-financial Light-Year Security. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n\n\nWe recommend updating to the last stable version of WebKitGTK+. It is\nthe best way of ensuring that you are running a safe version of\nWebKitGTK+. Please check our website for information about the last\nstable releases. \n\nFurther information about WebKitGTK+ Security Advisories can be found\nat: https://webkitgtk.org/security.html\n\nThe WebKitGTK+ team,\nNovember 10, 2017\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201712-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: WebKitGTK+: Multiple vulnerabilities\n Date: December 14, 2017\n Bugs: #637076\n ID: 201712-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+, the worst\nof which may lead to arbitrary code execution. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from\nhybrid HTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.18.3 \u003e= 2.18.3\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere are no known workarounds at this time. \n\nResolution\n==========\n\nAll WebKitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.18.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-13783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13783\n[ 2 ] CVE-2017-13784\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13784\n[ 3 ] CVE-2017-13785\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13785\n[ 4 ] CVE-2017-13788\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13788\n[ 5 ] CVE-2017-13791\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13791\n[ 6 ] CVE-2017-13792\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13792\n[ 7 ] CVE-2017-13793\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13793\n[ 8 ] CVE-2017-13794\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13794\n[ 9 ] CVE-2017-13795\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13795\n[ 10 ] CVE-2017-13796\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13796\n[ 11 ] CVE-2017-13798\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13798\n[ 12 ] CVE-2017-13802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13802\n[ 13 ] CVE-2017-13803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13803\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201712-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. \n===========================================================================\nUbuntu Security Notice USN-3481-1\nNovember 16, 2017\n\nwebkit2gtk vulnerabilities\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.10\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK+. \n\nSoftware Description:\n- webkit2gtk: Web content engine library for GTK+\n\nDetails:\n\nA large number of security issues were discovered in the WebKitGTK+ Web and\nJavaScript engines. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.10:\n libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.17.10.1\n libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.17.10.1\n\nUbuntu 17.04:\n libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.17.04.1\n libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.17.04.1\n\nUbuntu 16.04 LTS:\n libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.16.04.1\n libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.16.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK+, such as Epiphany, to make all the necessary changes. \n\nReferences:\n https://www.ubuntu.com/usn/usn-3481-1\n CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788,\n CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794,\n CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802,\n CVE-2017-13803\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.10.1\n https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.04.1\n https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.16.04.1\n\n\n\n--cAJSiv6PLl8jlntXfAr5kK8XnnPQvgKnJ--\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-10-31-1 iOS 11.1\n\niOS 11.1 is now available and addresses the following:\n\nCoreText\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted text file may lead to an\nunexpected application termination\nDescription: A denial of service issue was addressed through improved\nmemory handling. \nCVE-2017-13849: Ro of SavSec\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13799: an anonymous researcher\n\nMessages\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\naccess photos from the lock screen\nDescription: A lock screen issue allowed access to photos via Reply\nWith Message on a locked device. This issue was addressed with\nimproved state management. \nCVE-2017-13844: Miguel Alvarado of iDeviceHelp INC\n\nSiri\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\nuse Siri to read notifications of content that is set not to be\ndisplayed at the lock screen\nDescription: An issue existed with Siri permissions. This was\naddressed with improved permission checking. \nCVE-2017-13805: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nStreamingZip\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious zip file may be able modify restricted areas of\nthe file system\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L. \n\nUIKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Characters in a secure text field might be revealed\nDescription: The characters in a secure text field were revealed\nduring focus change events. This issue was addressed through improved\nstate management. \nCVE-2017-7113: an anonymous researcher, Duraiamuthan Harikrishnan of\nTech Mahindra, Ricardo Sampayo of Bemo Ltd\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. This was addressed with improved state management. \nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u7opHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbQiw//\nbEkSQWlXTfpJ/9F2VKbMv+++td8sXozC3ICj9Ho+zhctxNY3MvIqXY8B4MrWB5+e\nwgz1X/EQSCMItE2u20uISfApls/8/pBde6kKnca9rPGr7I2BKsuHTfCT3taSkhoj\nEWMHEb64Se0hSiWKj99HJ80It9bDGSHz1cofpYDCNSMFBCiGWF2EbMgxUa55T5Vx\nBtWZ91y2oU6gTsu4ZSR5NXG+Hi/vFYDnAFSr2/5Dgud4fl0tYk1KZ725g2YvXT7S\nE3qV6shwcQtpf5ixm4G2cYalfiAmkYYjA/q2sgLClHDVXaPzahTS9ScMygKo4BsZ\nRDboCM0q0ywPl+xnNJFuq2ZpZAfMefuXpcjTSxBDoNXliphzH2YOjk5YtHV47S+x\nE8+b/bGDvBiKXJFo+yotJ07er0XtFPxfJKwgaYAi8VAfEXZrIv0uDQfYIZieMIRz\nVznZvlaKXpA1Ms3R3rY2ukI9gdyPD0wk7r8zAGD0eTdl8E0bMI89UaSMWqDGf1Jm\n9AWKOB7na2ElWNHeEMUAhReOL4jHqu/FLkRuoYVAiYKYUDWJGDlD79Yz8bTqnwtu\nAWHqstzzcUVg1HXcwR5ngUDGFFOU2vVkqZRK6uwzCRzd/a7QQ/Lu+86GkfxPUB+p\n9rtwIDGcTg0795ylrx8NLY/3BD8xcBMhfcZbpX5TF8s=\n=qJV/\n-----END PGP SIGNATURE-----\n\n\n_______________________________________________\nSent through the Full Disclosure mailing list\nhttps://nmap.org/mailman/listinfo/fulldisclosure\nWeb Archives \u0026 RSS: http://seclists.org/fulldisclosure/",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13788"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010348"
},
{
"db": "VULHUB",
"id": "VHN-104445"
},
{
"db": "PACKETSTORM",
"id": "144947"
},
{
"db": "PACKETSTORM",
"id": "144861"
},
{
"db": "PACKETSTORM",
"id": "144828"
},
{
"db": "PACKETSTORM",
"id": "145415"
},
{
"db": "PACKETSTORM",
"id": "144830"
},
{
"db": "PACKETSTORM",
"id": "144831"
},
{
"db": "PACKETSTORM",
"id": "145014"
},
{
"db": "PACKETSTORM",
"id": "144860"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13788",
"trust": 3.3
},
{
"db": "SECTRACK",
"id": "1039703",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU99000953",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010348",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-101",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-104445",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144947",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144861",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144828",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145415",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144830",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144831",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145014",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144860",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104445"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010348"
},
{
"db": "PACKETSTORM",
"id": "144947"
},
{
"db": "PACKETSTORM",
"id": "144861"
},
{
"db": "PACKETSTORM",
"id": "144828"
},
{
"db": "PACKETSTORM",
"id": "145415"
},
{
"db": "PACKETSTORM",
"id": "144830"
},
{
"db": "PACKETSTORM",
"id": "144831"
},
{
"db": "PACKETSTORM",
"id": "145014"
},
{
"db": "PACKETSTORM",
"id": "144860"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-101"
},
{
"db": "NVD",
"id": "CVE-2017-13788"
}
]
},
"id": "VAR-201711-0476",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-104445"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:19:18.201000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "HT208223",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht208223"
},
{
"title": "HT208224",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht208224"
},
{
"title": "HT208225",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht208225"
},
{
"title": "HT208219",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht208219"
},
{
"title": "HT208222",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht208222"
},
{
"title": "HT208219",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht208219"
},
{
"title": "HT208222",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht208222"
},
{
"title": "HT208223",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht208223"
},
{
"title": "HT208224",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht208224"
},
{
"title": "HT208225",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht208225"
},
{
"title": "Multiple Apple product WebKit Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90666"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010348"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-101"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104445"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010348"
},
{
"db": "NVD",
"id": "CVE-2017-13788"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201712-01"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht208219"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht208222"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht208223"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht208224"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht208225"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039703"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13788"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13788"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99000953/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13795"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13785"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13798"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13802"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13784"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13796"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13791"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13803"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13792"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13794"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13793"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13783"
},
{
"trust": 0.5,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.5,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13799"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13849"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13804"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13080"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2017-0009.html"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13790"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13788"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13795"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13796"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13803"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13798"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13791"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13794"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13785"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13792"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13793"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13783"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13784"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13802"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht204283"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3481-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13844"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nmap.org/mailman/listinfo/fulldisclosure"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13805"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104445"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010348"
},
{
"db": "PACKETSTORM",
"id": "144947"
},
{
"db": "PACKETSTORM",
"id": "144861"
},
{
"db": "PACKETSTORM",
"id": "144828"
},
{
"db": "PACKETSTORM",
"id": "145415"
},
{
"db": "PACKETSTORM",
"id": "144830"
},
{
"db": "PACKETSTORM",
"id": "144831"
},
{
"db": "PACKETSTORM",
"id": "145014"
},
{
"db": "PACKETSTORM",
"id": "144860"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-101"
},
{
"db": "NVD",
"id": "CVE-2017-13788"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-104445"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010348"
},
{
"db": "PACKETSTORM",
"id": "144947"
},
{
"db": "PACKETSTORM",
"id": "144861"
},
{
"db": "PACKETSTORM",
"id": "144828"
},
{
"db": "PACKETSTORM",
"id": "145415"
},
{
"db": "PACKETSTORM",
"id": "144830"
},
{
"db": "PACKETSTORM",
"id": "144831"
},
{
"db": "PACKETSTORM",
"id": "145014"
},
{
"db": "PACKETSTORM",
"id": "144860"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-101"
},
{
"db": "NVD",
"id": "CVE-2017-13788"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-104445"
},
{
"date": "2017-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010348"
},
{
"date": "2017-11-10T20:22:22",
"db": "PACKETSTORM",
"id": "144947"
},
{
"date": "2017-11-02T23:34:42",
"db": "PACKETSTORM",
"id": "144861"
},
{
"date": "2017-11-01T15:44:40",
"db": "PACKETSTORM",
"id": "144828"
},
{
"date": "2017-12-14T22:34:00",
"db": "PACKETSTORM",
"id": "145415"
},
{
"date": "2017-11-01T15:48:24",
"db": "PACKETSTORM",
"id": "144830"
},
{
"date": "2017-11-01T15:50:11",
"db": "PACKETSTORM",
"id": "144831"
},
{
"date": "2017-11-17T00:10:06",
"db": "PACKETSTORM",
"id": "145014"
},
{
"date": "2017-11-02T23:31:30",
"db": "PACKETSTORM",
"id": "144860"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-101"
},
{
"date": "2017-11-13T03:29:00.443000",
"db": "NVD",
"id": "CVE-2017-13788"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-104445"
},
{
"date": "2017-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010348"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-101"
},
{
"date": "2019-03-22T19:13:09.413000",
"db": "NVD",
"id": "CVE-2017-13788"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "145014"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-101"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Used in products WebKit Vulnerability in arbitrary code execution in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010348"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-101"
}
],
"trust": 0.6
}
}
VAR-202006-1653
Vulnerability from variot - Updated: 2024-07-23 22:19A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. WebKit is one of the web browser engine components. An attacker can exploit this vulnerability by using a specially crafted URL to execute scripts in the user's browser. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-11
https://security.gentoo.org/
Severity: Normal Title: WebKitGTK+: Multiple vulnerabilities Date: July 26, 2020 Bugs: #732104 ID: 202007-11
Synopsis
Multiple vulnerabilities have been found in WebKitGTK+, the worst of which could result in the arbitrary execution of code.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.28.3 >= 2.28.3
Description
Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.28.3"
References
[ 1 ] CVE-2020-13753 https://nvd.nist.gov/vuln/detail/CVE-2020-13753 [ 2 ] CVE-2020-9802 https://nvd.nist.gov/vuln/detail/CVE-2020-9802 [ 3 ] CVE-2020-9803 https://nvd.nist.gov/vuln/detail/CVE-2020-9803 [ 4 ] CVE-2020-9805 https://nvd.nist.gov/vuln/detail/CVE-2020-9805 [ 5 ] CVE-2020-9806 https://nvd.nist.gov/vuln/detail/CVE-2020-9806 [ 6 ] CVE-2020-9807 https://nvd.nist.gov/vuln/detail/CVE-2020-9807 [ 7 ] CVE-2020-9843 https://nvd.nist.gov/vuln/detail/CVE-2020-9843 [ 8 ] CVE-2020-9850 https://nvd.nist.gov/vuln/detail/CVE-2020-9850
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202007-11
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5
iOS 13.5 and iPadOS 13.5 address the following:
Accounts Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
AirDrop Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2020-9826: Dor Hadad of Palo Alto Networks
AppleMobileFileIntegrity Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-9842: Linus Henze (pinauten.de)
Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative
Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative
Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An issue existed with the use of a PRNG with low entropy. CVE-2020-6616: Jörn Tillmanns (@matedealer) and Jiska Classen (@naehrdine) of Secure Mobile Networking Lab
Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9838: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab
CoreText Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted text message may lead to application denial of service Description: A validation issue was addressed with improved input sanitization. CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com
FaceTime Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing Description: An issue existed in the pausing of FaceTime video. CVE-2020-9835: Olivier Levesque (@olilevesque)
File System Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to modify the file system Description: A logic issue was addressed with improved restrictions. CVE-2020-9820: Thijs Alkemade of Computest
FontParser Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative
ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9789: Wenchao Li of VARAS@IIE CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
IPSec Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9837: Thijs Alkemade of Computest
Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to determine another application's memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2020-9797: an anonymous researcher
Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local user may be able to read kernel memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9811: Tielei Wang of Pangu Lab CVE-2020-9812: Derrek (@derrekr6)
Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue existed resulting in memory corruption. CVE-2020-9813: Xinru Chi of Pangu Lab CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed with improved state management. CVE-2020-9809: Benjamin Randazzo (@____benjamin)
Mail Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted mail message may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2020-9819: ZecOps.com
Mail Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9818: ZecOps.com
Messages Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Users removed from an iMessage conversation may still be able to alter state Description: This issue was addressed with improved checks. CVE-2020-9823: Suryansh Mansharamani, student of Community Middle School, Plainsboro, New Jersey
Notifications Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen Description: An authorization issue was addressed with improved state management. CVE-2020-9848: Nima
Python Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2020-9793
Sandbox Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to bypass Privacy preferences Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)
SQLite Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9794
System Preferences Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with improved state handling. CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative
USB Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A USB device may be able to cause a denial of service Description: A validation issue was addressed with improved input sanitization. CVE-2020-9792: Andy Davis of NCC Group
WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved restrictions. CVE-2020-9805: an anonymous researcher
WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A logic issue was addressed with improved restrictions. CVE-2020-9802: Samuel Groß of Google Project Zero
WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: A logic issue was addressed with improved restrictions. CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative
WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-9843: Ryan Pickren (ryanpickren.com)
WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2020-9803: Wen Xu of SSLab at Georgia Tech
WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-9806: Wen Xu of SSLab at Georgia Tech CVE-2020-9807: Wen Xu of SSLab at Georgia Tech
WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative
WebRTC Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An access issue was addressed with improved memory management. CVE-2019-20503: Natalie Silvanovich of Google Project Zero
Wi-Fi Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A double free issue was addressed with improved memory management. CVE-2020-9844: Ian Beer of Google Project Zero
zsh Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local attacker may be able to elevate their privileges Description: An authorization issue was addressed with improved state management. CVE-2019-20044: Sam Foxman
Additional recognition
Bluetooth We would like to acknowledge Maximilian von Tschitschnitz of Technical University Munich and Ludwig Peuckert of Technical University Munich for their assistance.
CoreText We would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.
Device Analytics We would like to acknowledge Mohamed Ghannam (@_simo36) for their assistance.
ImageIO We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily We would like to acknowledge Andy Davis of NCC Group for their assistance.
Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.
Safari We would like to acknowledge Jeffball of GRIMM and Luke Walker of Manchester Metropolitan University for their assistance.
WebKit We would like to acknowledge Aidan Dunlap of UT Austin for their assistance.
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "iOS 13.5 and iPadOS 13.5". -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64
iQIcBAEDCAAGBQJezV7MAAoJEAc+Lhnt8tDNdWwP/2NnLRWvziY/ilvylDEczut+ xbSNg719ckFBtvkuXirQdsjfTmW3M/RJXUtjOmRDDEQB0IfmIRkrL49moDLeY0rB tjrsoVQESwYwbnb0xNzC3Oqr0tP3hitxFUpkKd7L0opo5vWhshBwqzWEtLTPxI1X T81DCpYiKDMB57bXgRV26QIFgQpHGXV/bMDCksVc12phempeEldP7t4dueDZy526 kWinK9jlwzViWwSmm5VK0t9IbemAZ56Ca829ZmrkT7XfLRyxw0rb+2f9VcQz/kNe RziJ3RwF2WZTe7yJpz6LV5h3RMo+MoHdVbPCYmcYNPiaHGTMl1POZXkjDHBHCSBY etboXOyZNOsnTMIVNwwXK/aGsKBz6kkfbWODS2omtz5oZjzGdZJLC/nFZC2GG13E Pnb0E5ULmA95poi07gWTy31APilQXfAzGJEOebsvH5s2EZ9HcANqrwtonfHSjeOU ZFH8xfnCTgO37ZgevrjdreD8SYRJR3QfEEf/DDNx2xXgr4wzydgvdyNCI1QpEz5s PS3JQECoBM9SsgXv02mCkNlK1crEqoxYURjcN3UIPGx8GVxtyiWJoEByxAgTtqv8 RPSqKGvPrznR1SxVNrXB2o08X3LUqK0LREABpuD/wbp8Qj8ma2fo3hLpvdoc9+De fSLSaEAmjBkF5c4r1O3P =zOSS -----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: GNOME security, bug fix, and enhancement update Advisory ID: RHSA-2020:4451-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4451 Issue date: 2020-11-03 CVE Names: CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-11793 CVE-2020-14391 CVE-2020-15503 ==================================================================== 1. Summary:
An update for GNOME is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
GNOME is the default desktop environment of Red Hat Enterprise Linux.
The following packages have been upgraded to a later upstream version: gnome-remote-desktop (0.1.8), pipewire (0.3.6), vte291 (0.52.4), webkit2gtk3 (2.28.4), xdg-desktop-portal (1.6.0), xdg-desktop-portal-gtk (1.6.0). (BZ#1775345, BZ#1779691, BZ#1817143, BZ#1832347, BZ#1837406)
Security Fix(es):
-
webkitgtk: Multiple security issues (CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925, CVE-2020-10018, CVE-2020-11793)
-
gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391)
-
LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
GDM must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1207179 - Select items matching non existing pattern does not unselect already selected 1566027 - can't correctly compute contents size if hidden files are included 1569868 - Browsing samba shares using gvfs is very slow 1652178 - [RFE] perf-tool run on wayland 1656262 - The terminal's character display is unclear on rhel8 guest after installing gnome 1668895 - [RHEL8] Timedlogin Fails when Userlist is Disabled 1692536 - login screen shows after gnome-initial-setup 1706008 - Sound Effect sometimes fails to change to selected option. 1706076 - Automatic suspend for 90 minutes is set for 80 minutes instead. 1715845 - JS ERROR: TypeError: this._workspacesViews[i] is undefined 1719937 - GNOME Extension: Auto-Move-Windows Not Working Properly 1758891 - tracker-devel subpackage missing from el8 repos 1775345 - Rebase xdg-desktop-portal to 1.6 1778579 - Nautilus does not respect umask settings. 1779691 - Rebase xdg-desktop-portal-gtk to 1.6 1794045 - There are two different high contrast versions of desktop icons 1804719 - Update vte291 to 0.52.4 1805929 - RHEL 8.1 gnome-shell-extension errors 1811721 - CVE-2020-10018 webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp 1814820 - No checkbox to install updates in the shutdown dialog 1816070 - "search for an application to open this file" dialog broken 1816678 - CVE-2019-8846 webkitgtk: Use after free issue may lead to remote code execution 1816684 - CVE-2019-8835 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution 1816686 - CVE-2019-8844 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution 1817143 - Rebase WebKitGTK to 2.28 1820759 - Include IO stall fixes 1820760 - Include IO fixes 1824362 - [BZ] Setting in gnome-tweak-tool Window List will reset upon opening 1827030 - gnome-settings-daemon: subscription notification on CentOS Stream 1829369 - CVE-2020-11793 webkitgtk: use-after-free via crafted web content 1832347 - [Rebase] Rebase pipewire to 0.3.x 1833158 - gdm-related dconf folders and keyfiles are not found in fresh 8.2 install 1837381 - Backport screen cast improvements to 8.3 1837406 - Rebase gnome-remote-desktop to PipeWire 0.3 version 1837413 - Backport changes needed by xdg-desktop-portal-gtk-1.6 1837648 - Vendor.conf should point to https://access.redhat.com/site/solutions/537113 1840080 - Can not control top bar menus via keys in Wayland 1840788 - [flatpak][rhel8] unable to build potrace as dependency 1843486 - Software crash after clicking Updates tab 1844578 - anaconda very rarely crashes at startup with a pygobject traceback 1846191 - usb adapters hotplug crashes gnome-shell 1847051 - JS ERROR: TypeError: area is null 1847061 - File search doesn't work under certain locales 1847062 - gnome-remote-desktop crash on QXL graphics 1847203 - gnome-shell: get_top_visible_window_actor(): gnome-shell killed by SIGSEGV 1853477 - CVE-2020-15503 LibRaw: lack of thumbnail size range check can lead to buffer overflow 1854734 - PipeWire 0.2 should be required by xdg-desktop-portal 1866332 - Remove obsolete libusb-devel dependency 1868260 - [Hyper-V][RHEL8] VM starts GUI failed on Hyper-V 2019/2016, hangs at "Started GNOME Display Manager" - GDM regression issue. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: LibRaw-0.19.5-2.el8.src.rpm PackageKit-1.1.12-6.el8.src.rpm dleyna-renderer-0.6.0-3.el8.src.rpm frei0r-plugins-1.6.1-7.el8.src.rpm gdm-3.28.3-34.el8.src.rpm gnome-control-center-3.28.2-22.el8.src.rpm gnome-photos-3.28.1-3.el8.src.rpm gnome-remote-desktop-0.1.8-3.el8.src.rpm gnome-session-3.28.1-10.el8.src.rpm gnome-settings-daemon-3.32.0-11.el8.src.rpm gnome-shell-3.32.2-20.el8.src.rpm gnome-shell-extensions-3.32.1-11.el8.src.rpm gnome-terminal-3.28.3-2.el8.src.rpm gtk3-3.22.30-6.el8.src.rpm gvfs-1.36.2-10.el8.src.rpm mutter-3.32.2-48.el8.src.rpm nautilus-3.28.1-14.el8.src.rpm pipewire-0.3.6-1.el8.src.rpm pipewire0.2-0.2.7-6.el8.src.rpm potrace-1.15-3.el8.src.rpm tracker-2.1.5-2.el8.src.rpm vte291-0.52.4-2.el8.src.rpm webkit2gtk3-2.28.4-1.el8.src.rpm webrtc-audio-processing-0.3-9.el8.src.rpm xdg-desktop-portal-1.6.0-2.el8.src.rpm xdg-desktop-portal-gtk-1.6.0-1.el8.src.rpm
aarch64: PackageKit-1.1.12-6.el8.aarch64.rpm PackageKit-command-not-found-1.1.12-6.el8.aarch64.rpm PackageKit-command-not-found-debuginfo-1.1.12-6.el8.aarch64.rpm PackageKit-cron-1.1.12-6.el8.aarch64.rpm PackageKit-debuginfo-1.1.12-6.el8.aarch64.rpm PackageKit-debugsource-1.1.12-6.el8.aarch64.rpm PackageKit-glib-1.1.12-6.el8.aarch64.rpm PackageKit-glib-debuginfo-1.1.12-6.el8.aarch64.rpm PackageKit-gstreamer-plugin-1.1.12-6.el8.aarch64.rpm PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.aarch64.rpm PackageKit-gtk3-module-1.1.12-6.el8.aarch64.rpm PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.aarch64.rpm frei0r-plugins-1.6.1-7.el8.aarch64.rpm frei0r-plugins-debuginfo-1.6.1-7.el8.aarch64.rpm frei0r-plugins-debugsource-1.6.1-7.el8.aarch64.rpm frei0r-plugins-opencv-1.6.1-7.el8.aarch64.rpm frei0r-plugins-opencv-debuginfo-1.6.1-7.el8.aarch64.rpm gdm-3.28.3-34.el8.aarch64.rpm gdm-debuginfo-3.28.3-34.el8.aarch64.rpm gdm-debugsource-3.28.3-34.el8.aarch64.rpm gnome-control-center-3.28.2-22.el8.aarch64.rpm gnome-control-center-debuginfo-3.28.2-22.el8.aarch64.rpm gnome-control-center-debugsource-3.28.2-22.el8.aarch64.rpm gnome-remote-desktop-0.1.8-3.el8.aarch64.rpm gnome-remote-desktop-debuginfo-0.1.8-3.el8.aarch64.rpm gnome-remote-desktop-debugsource-0.1.8-3.el8.aarch64.rpm gnome-session-3.28.1-10.el8.aarch64.rpm gnome-session-debuginfo-3.28.1-10.el8.aarch64.rpm gnome-session-debugsource-3.28.1-10.el8.aarch64.rpm gnome-session-wayland-session-3.28.1-10.el8.aarch64.rpm gnome-session-xsession-3.28.1-10.el8.aarch64.rpm gnome-settings-daemon-3.32.0-11.el8.aarch64.rpm gnome-settings-daemon-debuginfo-3.32.0-11.el8.aarch64.rpm gnome-settings-daemon-debugsource-3.32.0-11.el8.aarch64.rpm gnome-shell-3.32.2-20.el8.aarch64.rpm gnome-shell-debuginfo-3.32.2-20.el8.aarch64.rpm gnome-shell-debugsource-3.32.2-20.el8.aarch64.rpm gnome-terminal-3.28.3-2.el8.aarch64.rpm gnome-terminal-debuginfo-3.28.3-2.el8.aarch64.rpm gnome-terminal-debugsource-3.28.3-2.el8.aarch64.rpm gnome-terminal-nautilus-3.28.3-2.el8.aarch64.rpm gnome-terminal-nautilus-debuginfo-3.28.3-2.el8.aarch64.rpm gsettings-desktop-schemas-devel-3.32.0-5.el8.aarch64.rpm gtk-update-icon-cache-3.22.30-6.el8.aarch64.rpm gtk-update-icon-cache-debuginfo-3.22.30-6.el8.aarch64.rpm gtk3-3.22.30-6.el8.aarch64.rpm gtk3-debuginfo-3.22.30-6.el8.aarch64.rpm gtk3-debugsource-3.22.30-6.el8.aarch64.rpm gtk3-devel-3.22.30-6.el8.aarch64.rpm gtk3-devel-debuginfo-3.22.30-6.el8.aarch64.rpm gtk3-immodule-xim-3.22.30-6.el8.aarch64.rpm gtk3-immodule-xim-debuginfo-3.22.30-6.el8.aarch64.rpm gtk3-immodules-debuginfo-3.22.30-6.el8.aarch64.rpm gtk3-tests-debuginfo-3.22.30-6.el8.aarch64.rpm gvfs-1.36.2-10.el8.aarch64.rpm gvfs-afc-1.36.2-10.el8.aarch64.rpm gvfs-afc-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-afp-1.36.2-10.el8.aarch64.rpm gvfs-afp-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-archive-1.36.2-10.el8.aarch64.rpm gvfs-archive-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-client-1.36.2-10.el8.aarch64.rpm gvfs-client-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-debugsource-1.36.2-10.el8.aarch64.rpm gvfs-devel-1.36.2-10.el8.aarch64.rpm gvfs-fuse-1.36.2-10.el8.aarch64.rpm gvfs-fuse-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-goa-1.36.2-10.el8.aarch64.rpm gvfs-goa-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-gphoto2-1.36.2-10.el8.aarch64.rpm gvfs-gphoto2-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-mtp-1.36.2-10.el8.aarch64.rpm gvfs-mtp-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-smb-1.36.2-10.el8.aarch64.rpm gvfs-smb-debuginfo-1.36.2-10.el8.aarch64.rpm libsoup-debuginfo-2.62.3-2.el8.aarch64.rpm libsoup-debugsource-2.62.3-2.el8.aarch64.rpm libsoup-devel-2.62.3-2.el8.aarch64.rpm mutter-3.32.2-48.el8.aarch64.rpm mutter-debuginfo-3.32.2-48.el8.aarch64.rpm mutter-debugsource-3.32.2-48.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-48.el8.aarch64.rpm nautilus-3.28.1-14.el8.aarch64.rpm nautilus-debuginfo-3.28.1-14.el8.aarch64.rpm nautilus-debugsource-3.28.1-14.el8.aarch64.rpm nautilus-extensions-3.28.1-14.el8.aarch64.rpm nautilus-extensions-debuginfo-3.28.1-14.el8.aarch64.rpm pipewire-0.3.6-1.el8.aarch64.rpm pipewire-alsa-debuginfo-0.3.6-1.el8.aarch64.rpm pipewire-debuginfo-0.3.6-1.el8.aarch64.rpm pipewire-debugsource-0.3.6-1.el8.aarch64.rpm pipewire-devel-0.3.6-1.el8.aarch64.rpm pipewire-doc-0.3.6-1.el8.aarch64.rpm pipewire-gstreamer-debuginfo-0.3.6-1.el8.aarch64.rpm pipewire-libs-0.3.6-1.el8.aarch64.rpm pipewire-libs-debuginfo-0.3.6-1.el8.aarch64.rpm pipewire-utils-0.3.6-1.el8.aarch64.rpm pipewire-utils-debuginfo-0.3.6-1.el8.aarch64.rpm pipewire0.2-debugsource-0.2.7-6.el8.aarch64.rpm pipewire0.2-devel-0.2.7-6.el8.aarch64.rpm pipewire0.2-libs-0.2.7-6.el8.aarch64.rpm pipewire0.2-libs-debuginfo-0.2.7-6.el8.aarch64.rpm potrace-1.15-3.el8.aarch64.rpm potrace-debuginfo-1.15-3.el8.aarch64.rpm potrace-debugsource-1.15-3.el8.aarch64.rpm pygobject3-debuginfo-3.28.3-2.el8.aarch64.rpm pygobject3-debugsource-3.28.3-2.el8.aarch64.rpm python3-gobject-3.28.3-2.el8.aarch64.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.aarch64.rpm python3-gobject-debuginfo-3.28.3-2.el8.aarch64.rpm tracker-2.1.5-2.el8.aarch64.rpm tracker-debuginfo-2.1.5-2.el8.aarch64.rpm tracker-debugsource-2.1.5-2.el8.aarch64.rpm vte-profile-0.52.4-2.el8.aarch64.rpm vte291-0.52.4-2.el8.aarch64.rpm vte291-debuginfo-0.52.4-2.el8.aarch64.rpm vte291-debugsource-0.52.4-2.el8.aarch64.rpm vte291-devel-debuginfo-0.52.4-2.el8.aarch64.rpm webkit2gtk3-2.28.4-1.el8.aarch64.rpm webkit2gtk3-debuginfo-2.28.4-1.el8.aarch64.rpm webkit2gtk3-debugsource-2.28.4-1.el8.aarch64.rpm webkit2gtk3-devel-2.28.4-1.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.28.4-1.el8.aarch64.rpm webkit2gtk3-jsc-2.28.4-1.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.28.4-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.28.4-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.aarch64.rpm webrtc-audio-processing-0.3-9.el8.aarch64.rpm webrtc-audio-processing-debuginfo-0.3-9.el8.aarch64.rpm webrtc-audio-processing-debugsource-0.3-9.el8.aarch64.rpm xdg-desktop-portal-1.6.0-2.el8.aarch64.rpm xdg-desktop-portal-debuginfo-1.6.0-2.el8.aarch64.rpm xdg-desktop-portal-debugsource-1.6.0-2.el8.aarch64.rpm xdg-desktop-portal-gtk-1.6.0-1.el8.aarch64.rpm xdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8.aarch64.rpm xdg-desktop-portal-gtk-debugsource-1.6.0-1.el8.aarch64.rpm
noarch: gnome-classic-session-3.32.1-11.el8.noarch.rpm gnome-control-center-filesystem-3.28.2-22.el8.noarch.rpm gnome-shell-extension-apps-menu-3.32.1-11.el8.noarch.rpm gnome-shell-extension-auto-move-windows-3.32.1-11.el8.noarch.rpm gnome-shell-extension-common-3.32.1-11.el8.noarch.rpm gnome-shell-extension-dash-to-dock-3.32.1-11.el8.noarch.rpm gnome-shell-extension-desktop-icons-3.32.1-11.el8.noarch.rpm gnome-shell-extension-disable-screenshield-3.32.1-11.el8.noarch.rpm gnome-shell-extension-drive-menu-3.32.1-11.el8.noarch.rpm gnome-shell-extension-horizontal-workspaces-3.32.1-11.el8.noarch.rpm gnome-shell-extension-launch-new-instance-3.32.1-11.el8.noarch.rpm gnome-shell-extension-native-window-placement-3.32.1-11.el8.noarch.rpm gnome-shell-extension-no-hot-corner-3.32.1-11.el8.noarch.rpm gnome-shell-extension-panel-favorites-3.32.1-11.el8.noarch.rpm gnome-shell-extension-places-menu-3.32.1-11.el8.noarch.rpm gnome-shell-extension-screenshot-window-sizer-3.32.1-11.el8.noarch.rpm gnome-shell-extension-systemMonitor-3.32.1-11.el8.noarch.rpm gnome-shell-extension-top-icons-3.32.1-11.el8.noarch.rpm gnome-shell-extension-updates-dialog-3.32.1-11.el8.noarch.rpm gnome-shell-extension-user-theme-3.32.1-11.el8.noarch.rpm gnome-shell-extension-window-grouper-3.32.1-11.el8.noarch.rpm gnome-shell-extension-window-list-3.32.1-11.el8.noarch.rpm gnome-shell-extension-windowsNavigator-3.32.1-11.el8.noarch.rpm gnome-shell-extension-workspace-indicator-3.32.1-11.el8.noarch.rpm
ppc64le: LibRaw-0.19.5-2.el8.ppc64le.rpm LibRaw-debuginfo-0.19.5-2.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-2.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-2.el8.ppc64le.rpm PackageKit-1.1.12-6.el8.ppc64le.rpm PackageKit-command-not-found-1.1.12-6.el8.ppc64le.rpm PackageKit-command-not-found-debuginfo-1.1.12-6.el8.ppc64le.rpm PackageKit-cron-1.1.12-6.el8.ppc64le.rpm PackageKit-debuginfo-1.1.12-6.el8.ppc64le.rpm PackageKit-debugsource-1.1.12-6.el8.ppc64le.rpm PackageKit-glib-1.1.12-6.el8.ppc64le.rpm PackageKit-glib-debuginfo-1.1.12-6.el8.ppc64le.rpm PackageKit-gstreamer-plugin-1.1.12-6.el8.ppc64le.rpm PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.ppc64le.rpm PackageKit-gtk3-module-1.1.12-6.el8.ppc64le.rpm PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.ppc64le.rpm dleyna-renderer-0.6.0-3.el8.ppc64le.rpm dleyna-renderer-debuginfo-0.6.0-3.el8.ppc64le.rpm dleyna-renderer-debugsource-0.6.0-3.el8.ppc64le.rpm frei0r-plugins-1.6.1-7.el8.ppc64le.rpm frei0r-plugins-debuginfo-1.6.1-7.el8.ppc64le.rpm frei0r-plugins-debugsource-1.6.1-7.el8.ppc64le.rpm frei0r-plugins-opencv-1.6.1-7.el8.ppc64le.rpm frei0r-plugins-opencv-debuginfo-1.6.1-7.el8.ppc64le.rpm gdm-3.28.3-34.el8.ppc64le.rpm gdm-debuginfo-3.28.3-34.el8.ppc64le.rpm gdm-debugsource-3.28.3-34.el8.ppc64le.rpm gnome-control-center-3.28.2-22.el8.ppc64le.rpm gnome-control-center-debuginfo-3.28.2-22.el8.ppc64le.rpm gnome-control-center-debugsource-3.28.2-22.el8.ppc64le.rpm gnome-photos-3.28.1-3.el8.ppc64le.rpm gnome-photos-debuginfo-3.28.1-3.el8.ppc64le.rpm gnome-photos-debugsource-3.28.1-3.el8.ppc64le.rpm gnome-photos-tests-3.28.1-3.el8.ppc64le.rpm gnome-remote-desktop-0.1.8-3.el8.ppc64le.rpm gnome-remote-desktop-debuginfo-0.1.8-3.el8.ppc64le.rpm gnome-remote-desktop-debugsource-0.1.8-3.el8.ppc64le.rpm gnome-session-3.28.1-10.el8.ppc64le.rpm gnome-session-debuginfo-3.28.1-10.el8.ppc64le.rpm gnome-session-debugsource-3.28.1-10.el8.ppc64le.rpm gnome-session-wayland-session-3.28.1-10.el8.ppc64le.rpm gnome-session-xsession-3.28.1-10.el8.ppc64le.rpm gnome-settings-daemon-3.32.0-11.el8.ppc64le.rpm gnome-settings-daemon-debuginfo-3.32.0-11.el8.ppc64le.rpm gnome-settings-daemon-debugsource-3.32.0-11.el8.ppc64le.rpm gnome-shell-3.32.2-20.el8.ppc64le.rpm gnome-shell-debuginfo-3.32.2-20.el8.ppc64le.rpm gnome-shell-debugsource-3.32.2-20.el8.ppc64le.rpm gnome-terminal-3.28.3-2.el8.ppc64le.rpm gnome-terminal-debuginfo-3.28.3-2.el8.ppc64le.rpm gnome-terminal-debugsource-3.28.3-2.el8.ppc64le.rpm gnome-terminal-nautilus-3.28.3-2.el8.ppc64le.rpm gnome-terminal-nautilus-debuginfo-3.28.3-2.el8.ppc64le.rpm gsettings-desktop-schemas-devel-3.32.0-5.el8.ppc64le.rpm gtk-update-icon-cache-3.22.30-6.el8.ppc64le.rpm gtk-update-icon-cache-debuginfo-3.22.30-6.el8.ppc64le.rpm gtk3-3.22.30-6.el8.ppc64le.rpm gtk3-debuginfo-3.22.30-6.el8.ppc64le.rpm gtk3-debugsource-3.22.30-6.el8.ppc64le.rpm gtk3-devel-3.22.30-6.el8.ppc64le.rpm gtk3-devel-debuginfo-3.22.30-6.el8.ppc64le.rpm gtk3-immodule-xim-3.22.30-6.el8.ppc64le.rpm gtk3-immodule-xim-debuginfo-3.22.30-6.el8.ppc64le.rpm gtk3-immodules-debuginfo-3.22.30-6.el8.ppc64le.rpm gtk3-tests-debuginfo-3.22.30-6.el8.ppc64le.rpm gvfs-1.36.2-10.el8.ppc64le.rpm gvfs-afc-1.36.2-10.el8.ppc64le.rpm gvfs-afc-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-afp-1.36.2-10.el8.ppc64le.rpm gvfs-afp-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-archive-1.36.2-10.el8.ppc64le.rpm gvfs-archive-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-client-1.36.2-10.el8.ppc64le.rpm gvfs-client-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-debugsource-1.36.2-10.el8.ppc64le.rpm gvfs-devel-1.36.2-10.el8.ppc64le.rpm gvfs-fuse-1.36.2-10.el8.ppc64le.rpm gvfs-fuse-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-goa-1.36.2-10.el8.ppc64le.rpm gvfs-goa-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-gphoto2-1.36.2-10.el8.ppc64le.rpm gvfs-gphoto2-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-mtp-1.36.2-10.el8.ppc64le.rpm gvfs-mtp-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-smb-1.36.2-10.el8.ppc64le.rpm gvfs-smb-debuginfo-1.36.2-10.el8.ppc64le.rpm libsoup-debuginfo-2.62.3-2.el8.ppc64le.rpm libsoup-debugsource-2.62.3-2.el8.ppc64le.rpm libsoup-devel-2.62.3-2.el8.ppc64le.rpm mutter-3.32.2-48.el8.ppc64le.rpm mutter-debuginfo-3.32.2-48.el8.ppc64le.rpm mutter-debugsource-3.32.2-48.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-48.el8.ppc64le.rpm nautilus-3.28.1-14.el8.ppc64le.rpm nautilus-debuginfo-3.28.1-14.el8.ppc64le.rpm nautilus-debugsource-3.28.1-14.el8.ppc64le.rpm nautilus-extensions-3.28.1-14.el8.ppc64le.rpm nautilus-extensions-debuginfo-3.28.1-14.el8.ppc64le.rpm pipewire-0.3.6-1.el8.ppc64le.rpm pipewire-alsa-debuginfo-0.3.6-1.el8.ppc64le.rpm pipewire-debuginfo-0.3.6-1.el8.ppc64le.rpm pipewire-debugsource-0.3.6-1.el8.ppc64le.rpm pipewire-devel-0.3.6-1.el8.ppc64le.rpm pipewire-doc-0.3.6-1.el8.ppc64le.rpm pipewire-gstreamer-debuginfo-0.3.6-1.el8.ppc64le.rpm pipewire-libs-0.3.6-1.el8.ppc64le.rpm pipewire-libs-debuginfo-0.3.6-1.el8.ppc64le.rpm pipewire-utils-0.3.6-1.el8.ppc64le.rpm pipewire-utils-debuginfo-0.3.6-1.el8.ppc64le.rpm pipewire0.2-debugsource-0.2.7-6.el8.ppc64le.rpm pipewire0.2-devel-0.2.7-6.el8.ppc64le.rpm pipewire0.2-libs-0.2.7-6.el8.ppc64le.rpm pipewire0.2-libs-debuginfo-0.2.7-6.el8.ppc64le.rpm potrace-1.15-3.el8.ppc64le.rpm potrace-debuginfo-1.15-3.el8.ppc64le.rpm potrace-debugsource-1.15-3.el8.ppc64le.rpm pygobject3-debuginfo-3.28.3-2.el8.ppc64le.rpm pygobject3-debugsource-3.28.3-2.el8.ppc64le.rpm python3-gobject-3.28.3-2.el8.ppc64le.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.ppc64le.rpm python3-gobject-debuginfo-3.28.3-2.el8.ppc64le.rpm tracker-2.1.5-2.el8.ppc64le.rpm tracker-debuginfo-2.1.5-2.el8.ppc64le.rpm tracker-debugsource-2.1.5-2.el8.ppc64le.rpm vte-profile-0.52.4-2.el8.ppc64le.rpm vte291-0.52.4-2.el8.ppc64le.rpm vte291-debuginfo-0.52.4-2.el8.ppc64le.rpm vte291-debugsource-0.52.4-2.el8.ppc64le.rpm vte291-devel-debuginfo-0.52.4-2.el8.ppc64le.rpm webkit2gtk3-2.28.4-1.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.28.4-1.el8.ppc64le.rpm webkit2gtk3-debugsource-2.28.4-1.el8.ppc64le.rpm webkit2gtk3-devel-2.28.4-1.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.28.4-1.el8.ppc64le.rpm webkit2gtk3-jsc-2.28.4-1.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.28.4-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.28.4-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.ppc64le.rpm webrtc-audio-processing-0.3-9.el8.ppc64le.rpm webrtc-audio-processing-debuginfo-0.3-9.el8.ppc64le.rpm webrtc-audio-processing-debugsource-0.3-9.el8.ppc64le.rpm xdg-desktop-portal-1.6.0-2.el8.ppc64le.rpm xdg-desktop-portal-debuginfo-1.6.0-2.el8.ppc64le.rpm xdg-desktop-portal-debugsource-1.6.0-2.el8.ppc64le.rpm xdg-desktop-portal-gtk-1.6.0-1.el8.ppc64le.rpm xdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8.ppc64le.rpm xdg-desktop-portal-gtk-debugsource-1.6.0-1.el8.ppc64le.rpm
s390x: PackageKit-1.1.12-6.el8.s390x.rpm PackageKit-command-not-found-1.1.12-6.el8.s390x.rpm PackageKit-command-not-found-debuginfo-1.1.12-6.el8.s390x.rpm PackageKit-cron-1.1.12-6.el8.s390x.rpm PackageKit-debuginfo-1.1.12-6.el8.s390x.rpm PackageKit-debugsource-1.1.12-6.el8.s390x.rpm PackageKit-glib-1.1.12-6.el8.s390x.rpm PackageKit-glib-debuginfo-1.1.12-6.el8.s390x.rpm PackageKit-gstreamer-plugin-1.1.12-6.el8.s390x.rpm PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.s390x.rpm PackageKit-gtk3-module-1.1.12-6.el8.s390x.rpm PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.s390x.rpm frei0r-plugins-1.6.1-7.el8.s390x.rpm frei0r-plugins-debuginfo-1.6.1-7.el8.s390x.rpm frei0r-plugins-debugsource-1.6.1-7.el8.s390x.rpm frei0r-plugins-opencv-1.6.1-7.el8.s390x.rpm frei0r-plugins-opencv-debuginfo-1.6.1-7.el8.s390x.rpm gdm-3.28.3-34.el8.s390x.rpm gdm-debuginfo-3.28.3-34.el8.s390x.rpm gdm-debugsource-3.28.3-34.el8.s390x.rpm gnome-control-center-3.28.2-22.el8.s390x.rpm gnome-control-center-debuginfo-3.28.2-22.el8.s390x.rpm gnome-control-center-debugsource-3.28.2-22.el8.s390x.rpm gnome-remote-desktop-0.1.8-3.el8.s390x.rpm gnome-remote-desktop-debuginfo-0.1.8-3.el8.s390x.rpm gnome-remote-desktop-debugsource-0.1.8-3.el8.s390x.rpm gnome-session-3.28.1-10.el8.s390x.rpm gnome-session-debuginfo-3.28.1-10.el8.s390x.rpm gnome-session-debugsource-3.28.1-10.el8.s390x.rpm gnome-session-wayland-session-3.28.1-10.el8.s390x.rpm gnome-session-xsession-3.28.1-10.el8.s390x.rpm gnome-settings-daemon-3.32.0-11.el8.s390x.rpm gnome-settings-daemon-debuginfo-3.32.0-11.el8.s390x.rpm gnome-settings-daemon-debugsource-3.32.0-11.el8.s390x.rpm gnome-shell-3.32.2-20.el8.s390x.rpm gnome-shell-debuginfo-3.32.2-20.el8.s390x.rpm gnome-shell-debugsource-3.32.2-20.el8.s390x.rpm gnome-terminal-3.28.3-2.el8.s390x.rpm gnome-terminal-debuginfo-3.28.3-2.el8.s390x.rpm gnome-terminal-debugsource-3.28.3-2.el8.s390x.rpm gnome-terminal-nautilus-3.28.3-2.el8.s390x.rpm gnome-terminal-nautilus-debuginfo-3.28.3-2.el8.s390x.rpm gsettings-desktop-schemas-devel-3.32.0-5.el8.s390x.rpm gtk-update-icon-cache-3.22.30-6.el8.s390x.rpm gtk-update-icon-cache-debuginfo-3.22.30-6.el8.s390x.rpm gtk3-3.22.30-6.el8.s390x.rpm gtk3-debuginfo-3.22.30-6.el8.s390x.rpm gtk3-debugsource-3.22.30-6.el8.s390x.rpm gtk3-devel-3.22.30-6.el8.s390x.rpm gtk3-devel-debuginfo-3.22.30-6.el8.s390x.rpm gtk3-immodule-xim-3.22.30-6.el8.s390x.rpm gtk3-immodule-xim-debuginfo-3.22.30-6.el8.s390x.rpm gtk3-immodules-debuginfo-3.22.30-6.el8.s390x.rpm gtk3-tests-debuginfo-3.22.30-6.el8.s390x.rpm gvfs-1.36.2-10.el8.s390x.rpm gvfs-afp-1.36.2-10.el8.s390x.rpm gvfs-afp-debuginfo-1.36.2-10.el8.s390x.rpm gvfs-archive-1.36.2-10.el8.s390x.rpm gvfs-archive-debuginfo-1.36.2-10.el8.s390x.rpm gvfs-client-1.36.2-10.el8.s390x.rpm gvfs-client-debuginfo-1.36.2-10.el8.s390x.rpm gvfs-debuginfo-1.36.2-10.el8.s390x.rpm gvfs-debugsource-1.36.2-10.el8.s390x.rpm gvfs-devel-1.36.2-10.el8.s390x.rpm gvfs-fuse-1.36.2-10.el8.s390x.rpm gvfs-fuse-debuginfo-1.36.2-10.el8.s390x.rpm gvfs-goa-1.36.2-10.el8.s390x.rpm gvfs-goa-debuginfo-1.36.2-10.el8.s390x.rpm gvfs-gphoto2-1.36.2-10.el8.s390x.rpm gvfs-gphoto2-debuginfo-1.36.2-10.el8.s390x.rpm gvfs-mtp-1.36.2-10.el8.s390x.rpm gvfs-mtp-debuginfo-1.36.2-10.el8.s390x.rpm gvfs-smb-1.36.2-10.el8.s390x.rpm gvfs-smb-debuginfo-1.36.2-10.el8.s390x.rpm libsoup-debuginfo-2.62.3-2.el8.s390x.rpm libsoup-debugsource-2.62.3-2.el8.s390x.rpm libsoup-devel-2.62.3-2.el8.s390x.rpm mutter-3.32.2-48.el8.s390x.rpm mutter-debuginfo-3.32.2-48.el8.s390x.rpm mutter-debugsource-3.32.2-48.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-48.el8.s390x.rpm nautilus-3.28.1-14.el8.s390x.rpm nautilus-debuginfo-3.28.1-14.el8.s390x.rpm nautilus-debugsource-3.28.1-14.el8.s390x.rpm nautilus-extensions-3.28.1-14.el8.s390x.rpm nautilus-extensions-debuginfo-3.28.1-14.el8.s390x.rpm pipewire-0.3.6-1.el8.s390x.rpm pipewire-alsa-debuginfo-0.3.6-1.el8.s390x.rpm pipewire-debuginfo-0.3.6-1.el8.s390x.rpm pipewire-debugsource-0.3.6-1.el8.s390x.rpm pipewire-devel-0.3.6-1.el8.s390x.rpm pipewire-gstreamer-debuginfo-0.3.6-1.el8.s390x.rpm pipewire-libs-0.3.6-1.el8.s390x.rpm pipewire-libs-debuginfo-0.3.6-1.el8.s390x.rpm pipewire-utils-0.3.6-1.el8.s390x.rpm pipewire-utils-debuginfo-0.3.6-1.el8.s390x.rpm pipewire0.2-debugsource-0.2.7-6.el8.s390x.rpm pipewire0.2-devel-0.2.7-6.el8.s390x.rpm pipewire0.2-libs-0.2.7-6.el8.s390x.rpm pipewire0.2-libs-debuginfo-0.2.7-6.el8.s390x.rpm potrace-1.15-3.el8.s390x.rpm potrace-debuginfo-1.15-3.el8.s390x.rpm potrace-debugsource-1.15-3.el8.s390x.rpm pygobject3-debuginfo-3.28.3-2.el8.s390x.rpm pygobject3-debugsource-3.28.3-2.el8.s390x.rpm python3-gobject-3.28.3-2.el8.s390x.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.s390x.rpm python3-gobject-debuginfo-3.28.3-2.el8.s390x.rpm tracker-2.1.5-2.el8.s390x.rpm tracker-debuginfo-2.1.5-2.el8.s390x.rpm tracker-debugsource-2.1.5-2.el8.s390x.rpm vte-profile-0.52.4-2.el8.s390x.rpm vte291-0.52.4-2.el8.s390x.rpm vte291-debuginfo-0.52.4-2.el8.s390x.rpm vte291-debugsource-0.52.4-2.el8.s390x.rpm vte291-devel-debuginfo-0.52.4-2.el8.s390x.rpm webkit2gtk3-2.28.4-1.el8.s390x.rpm webkit2gtk3-debuginfo-2.28.4-1.el8.s390x.rpm webkit2gtk3-debugsource-2.28.4-1.el8.s390x.rpm webkit2gtk3-devel-2.28.4-1.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.28.4-1.el8.s390x.rpm webkit2gtk3-jsc-2.28.4-1.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.28.4-1.el8.s390x.rpm webkit2gtk3-jsc-devel-2.28.4-1.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.s390x.rpm webrtc-audio-processing-0.3-9.el8.s390x.rpm webrtc-audio-processing-debuginfo-0.3-9.el8.s390x.rpm webrtc-audio-processing-debugsource-0.3-9.el8.s390x.rpm xdg-desktop-portal-1.6.0-2.el8.s390x.rpm xdg-desktop-portal-debuginfo-1.6.0-2.el8.s390x.rpm xdg-desktop-portal-debugsource-1.6.0-2.el8.s390x.rpm xdg-desktop-portal-gtk-1.6.0-1.el8.s390x.rpm xdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8.s390x.rpm xdg-desktop-portal-gtk-debugsource-1.6.0-1.el8.s390x.rpm
x86_64: LibRaw-0.19.5-2.el8.i686.rpm LibRaw-0.19.5-2.el8.x86_64.rpm LibRaw-debuginfo-0.19.5-2.el8.i686.rpm LibRaw-debuginfo-0.19.5-2.el8.x86_64.rpm LibRaw-debugsource-0.19.5-2.el8.i686.rpm LibRaw-debugsource-0.19.5-2.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-2.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-2.el8.x86_64.rpm PackageKit-1.1.12-6.el8.x86_64.rpm PackageKit-command-not-found-1.1.12-6.el8.x86_64.rpm PackageKit-command-not-found-debuginfo-1.1.12-6.el8.i686.rpm PackageKit-command-not-found-debuginfo-1.1.12-6.el8.x86_64.rpm PackageKit-cron-1.1.12-6.el8.x86_64.rpm PackageKit-debuginfo-1.1.12-6.el8.i686.rpm PackageKit-debuginfo-1.1.12-6.el8.x86_64.rpm PackageKit-debugsource-1.1.12-6.el8.i686.rpm PackageKit-debugsource-1.1.12-6.el8.x86_64.rpm PackageKit-glib-1.1.12-6.el8.i686.rpm PackageKit-glib-1.1.12-6.el8.x86_64.rpm PackageKit-glib-debuginfo-1.1.12-6.el8.i686.rpm PackageKit-glib-debuginfo-1.1.12-6.el8.x86_64.rpm PackageKit-gstreamer-plugin-1.1.12-6.el8.x86_64.rpm PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.i686.rpm PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.x86_64.rpm PackageKit-gtk3-module-1.1.12-6.el8.i686.rpm PackageKit-gtk3-module-1.1.12-6.el8.x86_64.rpm PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.i686.rpm PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.x86_64.rpm dleyna-renderer-0.6.0-3.el8.x86_64.rpm dleyna-renderer-debuginfo-0.6.0-3.el8.x86_64.rpm dleyna-renderer-debugsource-0.6.0-3.el8.x86_64.rpm frei0r-plugins-1.6.1-7.el8.x86_64.rpm frei0r-plugins-debuginfo-1.6.1-7.el8.x86_64.rpm frei0r-plugins-debugsource-1.6.1-7.el8.x86_64.rpm frei0r-plugins-opencv-1.6.1-7.el8.x86_64.rpm frei0r-plugins-opencv-debuginfo-1.6.1-7.el8.x86_64.rpm gdm-3.28.3-34.el8.i686.rpm gdm-3.28.3-34.el8.x86_64.rpm gdm-debuginfo-3.28.3-34.el8.i686.rpm gdm-debuginfo-3.28.3-34.el8.x86_64.rpm gdm-debugsource-3.28.3-34.el8.i686.rpm gdm-debugsource-3.28.3-34.el8.x86_64.rpm gnome-control-center-3.28.2-22.el8.x86_64.rpm gnome-control-center-debuginfo-3.28.2-22.el8.x86_64.rpm gnome-control-center-debugsource-3.28.2-22.el8.x86_64.rpm gnome-photos-3.28.1-3.el8.x86_64.rpm gnome-photos-debuginfo-3.28.1-3.el8.x86_64.rpm gnome-photos-debugsource-3.28.1-3.el8.x86_64.rpm gnome-photos-tests-3.28.1-3.el8.x86_64.rpm gnome-remote-desktop-0.1.8-3.el8.x86_64.rpm gnome-remote-desktop-debuginfo-0.1.8-3.el8.x86_64.rpm gnome-remote-desktop-debugsource-0.1.8-3.el8.x86_64.rpm gnome-session-3.28.1-10.el8.x86_64.rpm gnome-session-debuginfo-3.28.1-10.el8.x86_64.rpm gnome-session-debugsource-3.28.1-10.el8.x86_64.rpm gnome-session-wayland-session-3.28.1-10.el8.x86_64.rpm gnome-session-xsession-3.28.1-10.el8.x86_64.rpm gnome-settings-daemon-3.32.0-11.el8.x86_64.rpm gnome-settings-daemon-debuginfo-3.32.0-11.el8.x86_64.rpm gnome-settings-daemon-debugsource-3.32.0-11.el8.x86_64.rpm gnome-shell-3.32.2-20.el8.x86_64.rpm gnome-shell-debuginfo-3.32.2-20.el8.x86_64.rpm gnome-shell-debugsource-3.32.2-20.el8.x86_64.rpm gnome-terminal-3.28.3-2.el8.x86_64.rpm gnome-terminal-debuginfo-3.28.3-2.el8.x86_64.rpm gnome-terminal-debugsource-3.28.3-2.el8.x86_64.rpm gnome-terminal-nautilus-3.28.3-2.el8.x86_64.rpm gnome-terminal-nautilus-debuginfo-3.28.3-2.el8.x86_64.rpm gsettings-desktop-schemas-3.32.0-5.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-5.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-5.el8.x86_64.rpm gtk-update-icon-cache-3.22.30-6.el8.x86_64.rpm gtk-update-icon-cache-debuginfo-3.22.30-6.el8.i686.rpm gtk-update-icon-cache-debuginfo-3.22.30-6.el8.x86_64.rpm gtk3-3.22.30-6.el8.i686.rpm gtk3-3.22.30-6.el8.x86_64.rpm gtk3-debuginfo-3.22.30-6.el8.i686.rpm gtk3-debuginfo-3.22.30-6.el8.x86_64.rpm gtk3-debugsource-3.22.30-6.el8.i686.rpm gtk3-debugsource-3.22.30-6.el8.x86_64.rpm gtk3-devel-3.22.30-6.el8.i686.rpm gtk3-devel-3.22.30-6.el8.x86_64.rpm gtk3-devel-debuginfo-3.22.30-6.el8.i686.rpm gtk3-devel-debuginfo-3.22.30-6.el8.x86_64.rpm gtk3-immodule-xim-3.22.30-6.el8.x86_64.rpm gtk3-immodule-xim-debuginfo-3.22.30-6.el8.i686.rpm gtk3-immodule-xim-debuginfo-3.22.30-6.el8.x86_64.rpm gtk3-immodules-debuginfo-3.22.30-6.el8.i686.rpm gtk3-immodules-debuginfo-3.22.30-6.el8.x86_64.rpm gtk3-tests-debuginfo-3.22.30-6.el8.i686.rpm gtk3-tests-debuginfo-3.22.30-6.el8.x86_64.rpm gvfs-1.36.2-10.el8.x86_64.rpm gvfs-afc-1.36.2-10.el8.x86_64.rpm gvfs-afc-debuginfo-1.36.2-10.el8.i686.rpm gvfs-afc-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-afp-1.36.2-10.el8.x86_64.rpm gvfs-afp-debuginfo-1.36.2-10.el8.i686.rpm gvfs-afp-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-archive-1.36.2-10.el8.x86_64.rpm gvfs-archive-debuginfo-1.36.2-10.el8.i686.rpm gvfs-archive-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-client-1.36.2-10.el8.i686.rpm gvfs-client-1.36.2-10.el8.x86_64.rpm gvfs-client-debuginfo-1.36.2-10.el8.i686.rpm gvfs-client-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-debuginfo-1.36.2-10.el8.i686.rpm gvfs-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-debugsource-1.36.2-10.el8.i686.rpm gvfs-debugsource-1.36.2-10.el8.x86_64.rpm gvfs-devel-1.36.2-10.el8.i686.rpm gvfs-devel-1.36.2-10.el8.x86_64.rpm gvfs-fuse-1.36.2-10.el8.x86_64.rpm gvfs-fuse-debuginfo-1.36.2-10.el8.i686.rpm gvfs-fuse-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-goa-1.36.2-10.el8.x86_64.rpm gvfs-goa-debuginfo-1.36.2-10.el8.i686.rpm gvfs-goa-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-gphoto2-1.36.2-10.el8.x86_64.rpm gvfs-gphoto2-debuginfo-1.36.2-10.el8.i686.rpm gvfs-gphoto2-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-mtp-1.36.2-10.el8.x86_64.rpm gvfs-mtp-debuginfo-1.36.2-10.el8.i686.rpm gvfs-mtp-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-smb-1.36.2-10.el8.x86_64.rpm gvfs-smb-debuginfo-1.36.2-10.el8.i686.rpm gvfs-smb-debuginfo-1.36.2-10.el8.x86_64.rpm libsoup-debuginfo-2.62.3-2.el8.i686.rpm libsoup-debuginfo-2.62.3-2.el8.x86_64.rpm libsoup-debugsource-2.62.3-2.el8.i686.rpm libsoup-debugsource-2.62.3-2.el8.x86_64.rpm libsoup-devel-2.62.3-2.el8.i686.rpm libsoup-devel-2.62.3-2.el8.x86_64.rpm mutter-3.32.2-48.el8.i686.rpm mutter-3.32.2-48.el8.x86_64.rpm mutter-debuginfo-3.32.2-48.el8.i686.rpm mutter-debuginfo-3.32.2-48.el8.x86_64.rpm mutter-debugsource-3.32.2-48.el8.i686.rpm mutter-debugsource-3.32.2-48.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-48.el8.i686.rpm mutter-tests-debuginfo-3.32.2-48.el8.x86_64.rpm nautilus-3.28.1-14.el8.x86_64.rpm nautilus-debuginfo-3.28.1-14.el8.i686.rpm nautilus-debuginfo-3.28.1-14.el8.x86_64.rpm nautilus-debugsource-3.28.1-14.el8.i686.rpm nautilus-debugsource-3.28.1-14.el8.x86_64.rpm nautilus-extensions-3.28.1-14.el8.i686.rpm nautilus-extensions-3.28.1-14.el8.x86_64.rpm nautilus-extensions-debuginfo-3.28.1-14.el8.i686.rpm nautilus-extensions-debuginfo-3.28.1-14.el8.x86_64.rpm pipewire-0.3.6-1.el8.i686.rpm pipewire-0.3.6-1.el8.x86_64.rpm pipewire-alsa-debuginfo-0.3.6-1.el8.i686.rpm pipewire-alsa-debuginfo-0.3.6-1.el8.x86_64.rpm pipewire-debuginfo-0.3.6-1.el8.i686.rpm pipewire-debuginfo-0.3.6-1.el8.x86_64.rpm pipewire-debugsource-0.3.6-1.el8.i686.rpm pipewire-debugsource-0.3.6-1.el8.x86_64.rpm pipewire-devel-0.3.6-1.el8.i686.rpm pipewire-devel-0.3.6-1.el8.x86_64.rpm pipewire-doc-0.3.6-1.el8.x86_64.rpm pipewire-gstreamer-debuginfo-0.3.6-1.el8.i686.rpm pipewire-gstreamer-debuginfo-0.3.6-1.el8.x86_64.rpm pipewire-libs-0.3.6-1.el8.i686.rpm pipewire-libs-0.3.6-1.el8.x86_64.rpm pipewire-libs-debuginfo-0.3.6-1.el8.i686.rpm pipewire-libs-debuginfo-0.3.6-1.el8.x86_64.rpm pipewire-utils-0.3.6-1.el8.x86_64.rpm pipewire-utils-debuginfo-0.3.6-1.el8.i686.rpm pipewire-utils-debuginfo-0.3.6-1.el8.x86_64.rpm pipewire0.2-debugsource-0.2.7-6.el8.i686.rpm pipewire0.2-debugsource-0.2.7-6.el8.x86_64.rpm pipewire0.2-devel-0.2.7-6.el8.i686.rpm pipewire0.2-devel-0.2.7-6.el8.x86_64.rpm pipewire0.2-libs-0.2.7-6.el8.i686.rpm pipewire0.2-libs-0.2.7-6.el8.x86_64.rpm pipewire0.2-libs-debuginfo-0.2.7-6.el8.i686.rpm pipewire0.2-libs-debuginfo-0.2.7-6.el8.x86_64.rpm potrace-1.15-3.el8.i686.rpm potrace-1.15-3.el8.x86_64.rpm potrace-debuginfo-1.15-3.el8.i686.rpm potrace-debuginfo-1.15-3.el8.x86_64.rpm potrace-debugsource-1.15-3.el8.i686.rpm potrace-debugsource-1.15-3.el8.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el8.i686.rpm pygobject3-debuginfo-3.28.3-2.el8.x86_64.rpm pygobject3-debugsource-3.28.3-2.el8.i686.rpm pygobject3-debugsource-3.28.3-2.el8.x86_64.rpm python3-gobject-3.28.3-2.el8.i686.rpm python3-gobject-3.28.3-2.el8.x86_64.rpm python3-gobject-base-3.28.3-2.el8.i686.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.i686.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.x86_64.rpm python3-gobject-debuginfo-3.28.3-2.el8.i686.rpm python3-gobject-debuginfo-3.28.3-2.el8.x86_64.rpm tracker-2.1.5-2.el8.i686.rpm tracker-2.1.5-2.el8.x86_64.rpm tracker-debuginfo-2.1.5-2.el8.i686.rpm tracker-debuginfo-2.1.5-2.el8.x86_64.rpm tracker-debugsource-2.1.5-2.el8.i686.rpm tracker-debugsource-2.1.5-2.el8.x86_64.rpm vte-profile-0.52.4-2.el8.x86_64.rpm vte291-0.52.4-2.el8.i686.rpm vte291-0.52.4-2.el8.x86_64.rpm vte291-debuginfo-0.52.4-2.el8.i686.rpm vte291-debuginfo-0.52.4-2.el8.x86_64.rpm vte291-debugsource-0.52.4-2.el8.i686.rpm vte291-debugsource-0.52.4-2.el8.x86_64.rpm vte291-devel-debuginfo-0.52.4-2.el8.i686.rpm vte291-devel-debuginfo-0.52.4-2.el8.x86_64.rpm webkit2gtk3-2.28.4-1.el8.i686.rpm webkit2gtk3-2.28.4-1.el8.x86_64.rpm webkit2gtk3-debuginfo-2.28.4-1.el8.i686.rpm webkit2gtk3-debuginfo-2.28.4-1.el8.x86_64.rpm webkit2gtk3-debugsource-2.28.4-1.el8.i686.rpm webkit2gtk3-debugsource-2.28.4-1.el8.x86_64.rpm webkit2gtk3-devel-2.28.4-1.el8.i686.rpm webkit2gtk3-devel-2.28.4-1.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.28.4-1.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.28.4-1.el8.x86_64.rpm webkit2gtk3-jsc-2.28.4-1.el8.i686.rpm webkit2gtk3-jsc-2.28.4-1.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.28.4-1.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.28.4-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.28.4-1.el8.i686.rpm webkit2gtk3-jsc-devel-2.28.4-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.x86_64.rpm webrtc-audio-processing-0.3-9.el8.i686.rpm webrtc-audio-processing-0.3-9.el8.x86_64.rpm webrtc-audio-processing-debuginfo-0.3-9.el8.i686.rpm webrtc-audio-processing-debuginfo-0.3-9.el8.x86_64.rpm webrtc-audio-processing-debugsource-0.3-9.el8.i686.rpm webrtc-audio-processing-debugsource-0.3-9.el8.x86_64.rpm xdg-desktop-portal-1.6.0-2.el8.x86_64.rpm xdg-desktop-portal-debuginfo-1.6.0-2.el8.x86_64.rpm xdg-desktop-portal-debugsource-1.6.0-2.el8.x86_64.rpm xdg-desktop-portal-gtk-1.6.0-1.el8.x86_64.rpm xdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8.x86_64.rpm xdg-desktop-portal-gtk-debugsource-1.6.0-1.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: gsettings-desktop-schemas-3.32.0-5.el8.src.rpm libsoup-2.62.3-2.el8.src.rpm pygobject3-3.28.3-2.el8.src.rpm
aarch64: gsettings-desktop-schemas-3.32.0-5.el8.aarch64.rpm libsoup-2.62.3-2.el8.aarch64.rpm libsoup-debuginfo-2.62.3-2.el8.aarch64.rpm libsoup-debugsource-2.62.3-2.el8.aarch64.rpm pygobject3-debuginfo-3.28.3-2.el8.aarch64.rpm pygobject3-debugsource-3.28.3-2.el8.aarch64.rpm python3-gobject-base-3.28.3-2.el8.aarch64.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.aarch64.rpm python3-gobject-debuginfo-3.28.3-2.el8.aarch64.rpm
ppc64le: gsettings-desktop-schemas-3.32.0-5.el8.ppc64le.rpm libsoup-2.62.3-2.el8.ppc64le.rpm libsoup-debuginfo-2.62.3-2.el8.ppc64le.rpm libsoup-debugsource-2.62.3-2.el8.ppc64le.rpm pygobject3-debuginfo-3.28.3-2.el8.ppc64le.rpm pygobject3-debugsource-3.28.3-2.el8.ppc64le.rpm python3-gobject-base-3.28.3-2.el8.ppc64le.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.ppc64le.rpm python3-gobject-debuginfo-3.28.3-2.el8.ppc64le.rpm
s390x: gsettings-desktop-schemas-3.32.0-5.el8.s390x.rpm libsoup-2.62.3-2.el8.s390x.rpm libsoup-debuginfo-2.62.3-2.el8.s390x.rpm libsoup-debugsource-2.62.3-2.el8.s390x.rpm pygobject3-debuginfo-3.28.3-2.el8.s390x.rpm pygobject3-debugsource-3.28.3-2.el8.s390x.rpm python3-gobject-base-3.28.3-2.el8.s390x.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.s390x.rpm python3-gobject-debuginfo-3.28.3-2.el8.s390x.rpm
x86_64: gsettings-desktop-schemas-3.32.0-5.el8.x86_64.rpm libsoup-2.62.3-2.el8.i686.rpm libsoup-2.62.3-2.el8.x86_64.rpm libsoup-debuginfo-2.62.3-2.el8.i686.rpm libsoup-debuginfo-2.62.3-2.el8.x86_64.rpm libsoup-debugsource-2.62.3-2.el8.i686.rpm libsoup-debugsource-2.62.3-2.el8.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el8.x86_64.rpm pygobject3-debugsource-3.28.3-2.el8.x86_64.rpm python3-gobject-base-3.28.3-2.el8.x86_64.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.x86_64.rpm python3-gobject-debuginfo-3.28.3-2.el8.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
Source: gtk-doc-1.28-2.el8.src.rpm
aarch64: PackageKit-command-not-found-debuginfo-1.1.12-6.el8.aarch64.rpm PackageKit-debuginfo-1.1.12-6.el8.aarch64.rpm PackageKit-debugsource-1.1.12-6.el8.aarch64.rpm PackageKit-glib-debuginfo-1.1.12-6.el8.aarch64.rpm PackageKit-glib-devel-1.1.12-6.el8.aarch64.rpm PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.aarch64.rpm PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.aarch64.rpm frei0r-devel-1.6.1-7.el8.aarch64.rpm frei0r-plugins-debuginfo-1.6.1-7.el8.aarch64.rpm frei0r-plugins-debugsource-1.6.1-7.el8.aarch64.rpm frei0r-plugins-opencv-debuginfo-1.6.1-7.el8.aarch64.rpm gtk-doc-1.28-2.el8.aarch64.rpm mutter-debuginfo-3.32.2-48.el8.aarch64.rpm mutter-debugsource-3.32.2-48.el8.aarch64.rpm mutter-devel-3.32.2-48.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-48.el8.aarch64.rpm nautilus-debuginfo-3.28.1-14.el8.aarch64.rpm nautilus-debugsource-3.28.1-14.el8.aarch64.rpm nautilus-devel-3.28.1-14.el8.aarch64.rpm nautilus-extensions-debuginfo-3.28.1-14.el8.aarch64.rpm pygobject3-debuginfo-3.28.3-2.el8.aarch64.rpm pygobject3-debugsource-3.28.3-2.el8.aarch64.rpm pygobject3-devel-3.28.3-2.el8.aarch64.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.aarch64.rpm python3-gobject-debuginfo-3.28.3-2.el8.aarch64.rpm tracker-debuginfo-2.1.5-2.el8.aarch64.rpm tracker-debugsource-2.1.5-2.el8.aarch64.rpm tracker-devel-2.1.5-2.el8.aarch64.rpm vte291-debuginfo-0.52.4-2.el8.aarch64.rpm vte291-debugsource-0.52.4-2.el8.aarch64.rpm vte291-devel-0.52.4-2.el8.aarch64.rpm vte291-devel-debuginfo-0.52.4-2.el8.aarch64.rpm
ppc64le: LibRaw-debuginfo-0.19.5-2.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-2.el8.ppc64le.rpm LibRaw-devel-0.19.5-2.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-2.el8.ppc64le.rpm PackageKit-command-not-found-debuginfo-1.1.12-6.el8.ppc64le.rpm PackageKit-debuginfo-1.1.12-6.el8.ppc64le.rpm PackageKit-debugsource-1.1.12-6.el8.ppc64le.rpm PackageKit-glib-debuginfo-1.1.12-6.el8.ppc64le.rpm PackageKit-glib-devel-1.1.12-6.el8.ppc64le.rpm PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.ppc64le.rpm PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.ppc64le.rpm frei0r-devel-1.6.1-7.el8.ppc64le.rpm frei0r-plugins-debuginfo-1.6.1-7.el8.ppc64le.rpm frei0r-plugins-debugsource-1.6.1-7.el8.ppc64le.rpm frei0r-plugins-opencv-debuginfo-1.6.1-7.el8.ppc64le.rpm gtk-doc-1.28-2.el8.ppc64le.rpm mutter-debuginfo-3.32.2-48.el8.ppc64le.rpm mutter-debugsource-3.32.2-48.el8.ppc64le.rpm mutter-devel-3.32.2-48.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-48.el8.ppc64le.rpm nautilus-debuginfo-3.28.1-14.el8.ppc64le.rpm nautilus-debugsource-3.28.1-14.el8.ppc64le.rpm nautilus-devel-3.28.1-14.el8.ppc64le.rpm nautilus-extensions-debuginfo-3.28.1-14.el8.ppc64le.rpm pygobject3-debuginfo-3.28.3-2.el8.ppc64le.rpm pygobject3-debugsource-3.28.3-2.el8.ppc64le.rpm pygobject3-devel-3.28.3-2.el8.ppc64le.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.ppc64le.rpm python3-gobject-debuginfo-3.28.3-2.el8.ppc64le.rpm tracker-debuginfo-2.1.5-2.el8.ppc64le.rpm tracker-debugsource-2.1.5-2.el8.ppc64le.rpm tracker-devel-2.1.5-2.el8.ppc64le.rpm vte291-debuginfo-0.52.4-2.el8.ppc64le.rpm vte291-debugsource-0.52.4-2.el8.ppc64le.rpm vte291-devel-0.52.4-2.el8.ppc64le.rpm vte291-devel-debuginfo-0.52.4-2.el8.ppc64le.rpm
s390x: PackageKit-command-not-found-debuginfo-1.1.12-6.el8.s390x.rpm PackageKit-debuginfo-1.1.12-6.el8.s390x.rpm PackageKit-debugsource-1.1.12-6.el8.s390x.rpm PackageKit-glib-debuginfo-1.1.12-6.el8.s390x.rpm PackageKit-glib-devel-1.1.12-6.el8.s390x.rpm PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.s390x.rpm PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.s390x.rpm frei0r-devel-1.6.1-7.el8.s390x.rpm frei0r-plugins-debuginfo-1.6.1-7.el8.s390x.rpm frei0r-plugins-debugsource-1.6.1-7.el8.s390x.rpm frei0r-plugins-opencv-debuginfo-1.6.1-7.el8.s390x.rpm gtk-doc-1.28-2.el8.s390x.rpm mutter-debuginfo-3.32.2-48.el8.s390x.rpm mutter-debugsource-3.32.2-48.el8.s390x.rpm mutter-devel-3.32.2-48.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-48.el8.s390x.rpm nautilus-debuginfo-3.28.1-14.el8.s390x.rpm nautilus-debugsource-3.28.1-14.el8.s390x.rpm nautilus-devel-3.28.1-14.el8.s390x.rpm nautilus-extensions-debuginfo-3.28.1-14.el8.s390x.rpm pygobject3-debuginfo-3.28.3-2.el8.s390x.rpm pygobject3-debugsource-3.28.3-2.el8.s390x.rpm pygobject3-devel-3.28.3-2.el8.s390x.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.s390x.rpm python3-gobject-debuginfo-3.28.3-2.el8.s390x.rpm tracker-debuginfo-2.1.5-2.el8.s390x.rpm tracker-debugsource-2.1.5-2.el8.s390x.rpm tracker-devel-2.1.5-2.el8.s390x.rpm vte291-debuginfo-0.52.4-2.el8.s390x.rpm vte291-debugsource-0.52.4-2.el8.s390x.rpm vte291-devel-0.52.4-2.el8.s390x.rpm vte291-devel-debuginfo-0.52.4-2.el8.s390x.rpm
x86_64: LibRaw-debuginfo-0.19.5-2.el8.i686.rpm LibRaw-debuginfo-0.19.5-2.el8.x86_64.rpm LibRaw-debugsource-0.19.5-2.el8.i686.rpm LibRaw-debugsource-0.19.5-2.el8.x86_64.rpm LibRaw-devel-0.19.5-2.el8.i686.rpm LibRaw-devel-0.19.5-2.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-2.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-2.el8.x86_64.rpm PackageKit-command-not-found-debuginfo-1.1.12-6.el8.i686.rpm PackageKit-command-not-found-debuginfo-1.1.12-6.el8.x86_64.rpm PackageKit-debuginfo-1.1.12-6.el8.i686.rpm PackageKit-debuginfo-1.1.12-6.el8.x86_64.rpm PackageKit-debugsource-1.1.12-6.el8.i686.rpm PackageKit-debugsource-1.1.12-6.el8.x86_64.rpm PackageKit-glib-debuginfo-1.1.12-6.el8.i686.rpm PackageKit-glib-debuginfo-1.1.12-6.el8.x86_64.rpm PackageKit-glib-devel-1.1.12-6.el8.i686.rpm PackageKit-glib-devel-1.1.12-6.el8.x86_64.rpm PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.i686.rpm PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.x86_64.rpm PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.i686.rpm PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.x86_64.rpm frei0r-devel-1.6.1-7.el8.i686.rpm frei0r-devel-1.6.1-7.el8.x86_64.rpm frei0r-plugins-1.6.1-7.el8.i686.rpm frei0r-plugins-debuginfo-1.6.1-7.el8.i686.rpm frei0r-plugins-debuginfo-1.6.1-7.el8.x86_64.rpm frei0r-plugins-debugsource-1.6.1-7.el8.i686.rpm frei0r-plugins-debugsource-1.6.1-7.el8.x86_64.rpm frei0r-plugins-opencv-debuginfo-1.6.1-7.el8.i686.rpm frei0r-plugins-opencv-debuginfo-1.6.1-7.el8.x86_64.rpm gtk-doc-1.28-2.el8.x86_64.rpm gvfs-1.36.2-10.el8.i686.rpm gvfs-afc-debuginfo-1.36.2-10.el8.i686.rpm gvfs-afp-debuginfo-1.36.2-10.el8.i686.rpm gvfs-archive-debuginfo-1.36.2-10.el8.i686.rpm gvfs-client-debuginfo-1.36.2-10.el8.i686.rpm gvfs-debuginfo-1.36.2-10.el8.i686.rpm gvfs-debugsource-1.36.2-10.el8.i686.rpm gvfs-fuse-debuginfo-1.36.2-10.el8.i686.rpm gvfs-goa-debuginfo-1.36.2-10.el8.i686.rpm gvfs-gphoto2-debuginfo-1.36.2-10.el8.i686.rpm gvfs-mtp-debuginfo-1.36.2-10.el8.i686.rpm gvfs-smb-debuginfo-1.36.2-10.el8.i686.rpm mutter-debuginfo-3.32.2-48.el8.i686.rpm mutter-debuginfo-3.32.2-48.el8.x86_64.rpm mutter-debugsource-3.32.2-48.el8.i686.rpm mutter-debugsource-3.32.2-48.el8.x86_64.rpm mutter-devel-3.32.2-48.el8.i686.rpm mutter-devel-3.32.2-48.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-48.el8.i686.rpm mutter-tests-debuginfo-3.32.2-48.el8.x86_64.rpm nautilus-3.28.1-14.el8.i686.rpm nautilus-debuginfo-3.28.1-14.el8.i686.rpm nautilus-debuginfo-3.28.1-14.el8.x86_64.rpm nautilus-debugsource-3.28.1-14.el8.i686.rpm nautilus-debugsource-3.28.1-14.el8.x86_64.rpm nautilus-devel-3.28.1-14.el8.i686.rpm nautilus-devel-3.28.1-14.el8.x86_64.rpm nautilus-extensions-debuginfo-3.28.1-14.el8.i686.rpm nautilus-extensions-debuginfo-3.28.1-14.el8.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el8.i686.rpm pygobject3-debuginfo-3.28.3-2.el8.x86_64.rpm pygobject3-debugsource-3.28.3-2.el8.i686.rpm pygobject3-debugsource-3.28.3-2.el8.x86_64.rpm pygobject3-devel-3.28.3-2.el8.i686.rpm pygobject3-devel-3.28.3-2.el8.x86_64.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.i686.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.x86_64.rpm python3-gobject-debuginfo-3.28.3-2.el8.i686.rpm python3-gobject-debuginfo-3.28.3-2.el8.x86_64.rpm tracker-debuginfo-2.1.5-2.el8.i686.rpm tracker-debuginfo-2.1.5-2.el8.x86_64.rpm tracker-debugsource-2.1.5-2.el8.i686.rpm tracker-debugsource-2.1.5-2.el8.x86_64.rpm tracker-devel-2.1.5-2.el8.i686.rpm tracker-devel-2.1.5-2.el8.x86_64.rpm vte291-debuginfo-0.52.4-2.el8.i686.rpm vte291-debuginfo-0.52.4-2.el8.x86_64.rpm vte291-debugsource-0.52.4-2.el8.i686.rpm vte291-debugsource-0.52.4-2.el8.x86_64.rpm vte291-devel-0.52.4-2.el8.i686.rpm vte291-devel-0.52.4-2.el8.x86_64.rpm vte291-devel-debuginfo-0.52.4-2.el8.i686.rpm vte291-devel-debuginfo-0.52.4-2.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
Installation note:
Safari 13.1.1 may be obtained from the Mac App Store.
CVE-2020-13753
Milan Crha discovered that an attacker may be able to execute
commands outside the bubblewrap sandbox.
For the stable distribution (buster), these problems have been fixed in version 2.28.3-2~deb10u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8PaKUACgkQEMKTtsN8 Tjaf3hAAjZCKrikC4P1I/xiuL6kRepTjURi3zeZl3YywPCFLi/irWXX+5U+ejZoM kek3wtdJc1thN8w9BbXhOVyLferb/xfnt5jUVtZ6JBNDKKWGXoTY0Qfdu2lH0vw5 IV1lf5bvOdawrw/tVS9Uy3dTN1kXEBZ3q3XCpRXrBWEkrXtWG/yznGy0duebnI5h PM7D6R4PIKiCB3HBe9rszCIQrYcGQ/U3x8a/FPnPUO2TCRfVZG918M9yO1fN1v2R +08h0DcOU8ggIJQwJA9hm/V3mJWpTayHh/ouTI8PrIcwG0T2/qbtUm/9cj0wvmXW Id+RgXtQAyKeXQoXD5oP9jzVDgmm7rn03Rn2FX5hzAdTJAqdvT/Mr4IDNcOgdS8O wXmGprdRvMzx0gXO5YpeTuhjQiCZS1fB9ByIOMq/7lIjpiBctrhTZQvlSMMyauIQ P7tTTT8zCZo0DIQc/c2KyCXlD9/ORZm801U5wpXwPXT9Zq8wRAp5PodK/4plOzKc JyJiPI6BR41+31C438nl3wifO/wLh8+6nHAb2rkRQSe6Tu9SKyqOmYT9Ev6JZi/1 R8NMBFSmTYM/XUv5ECsTeL3uLvDnCpKAR0EnWz5z1Cqy2AYzEthEf+1dwXAooYvO 2johOWMaUrSWJMsYdZjTFEahaCSO5oPTDlbZCB2yIgpc6P70irU= =L5lA -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1653",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "6.2.5"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.2"
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.10.7"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.5"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.5"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.1.1"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.4.5"
},
{
"model": "icloud",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.19"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.1.1 \u672a\u6e80 (macos catalina)"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.4.5 \u672a\u6e80 (apple tv 4k)"
},
{
"model": "ipados",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.5 \u672a\u6e80 (ipad air 2 \u4ee5\u964d)"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.1.1 \u672a\u6e80 (macos mojave)"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 12.10.7 \u672a\u6e80 (windows 7 \u4ee5\u964d)"
},
{
"model": "ipados",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.5 \u672a\u6e80 (ipad mini 4 \u4ee5\u964d)"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.1.1 \u672a\u6e80 (macos high sierra)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.5 \u672a\u6e80 (ipod touch \u7b2c 7 \u4e16\u4ee3)"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "6.2.5 \u672a\u6e80 (apple watch series 1 \u4ee5\u964d)"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 7.19 \u672a\u6e80 (windows 7 \u4ee5\u964d)"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 11.2 \u672a\u6e80 (windows 10 \u4ee5\u964d)"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.4.5 \u672a\u6e80 (apple tv hd)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.5 \u672a\u6e80 (iphone 6s \u4ee5\u964d)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006251"
},
{
"db": "NVD",
"id": "CVE-2020-9805"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "7.19",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "12.10.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.4.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9805"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "158572"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1259"
}
],
"trust": 0.7
},
"cve": "CVE-2020-9805",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006251",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-187930",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-9805",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-006251",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-9805",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006251",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1259",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-187930",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-9805",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187930"
},
{
"db": "VULMON",
"id": "CVE-2020-9805"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006251"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1259"
},
{
"db": "NVD",
"id": "CVE-2020-9805"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. WebKit is one of the web browser engine components. An attacker can exploit this vulnerability by using a specially crafted URL to execute scripts in the user\u0027s browser. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202007-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: WebKitGTK+: Multiple vulnerabilities\n Date: July 26, 2020\n Bugs: #732104\n ID: 202007-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in WebKitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from\nhybrid HTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.28.3 \u003e= 2.28.3\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll WebKitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.28.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-13753\n https://nvd.nist.gov/vuln/detail/CVE-2020-13753\n[ 2 ] CVE-2020-9802\n https://nvd.nist.gov/vuln/detail/CVE-2020-9802\n[ 3 ] CVE-2020-9803\n https://nvd.nist.gov/vuln/detail/CVE-2020-9803\n[ 4 ] CVE-2020-9805\n https://nvd.nist.gov/vuln/detail/CVE-2020-9805\n[ 5 ] CVE-2020-9806\n https://nvd.nist.gov/vuln/detail/CVE-2020-9806\n[ 6 ] CVE-2020-9807\n https://nvd.nist.gov/vuln/detail/CVE-2020-9807\n[ 7 ] CVE-2020-9843\n https://nvd.nist.gov/vuln/detail/CVE-2020-9843\n[ 8 ] CVE-2020-9850\n https://nvd.nist.gov/vuln/detail/CVE-2020-9850\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202007-11\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5\n\niOS 13.5 and iPadOS 13.5 address the following:\n\nAccounts\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt\n\nAirDrop\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2020-9826: Dor Hadad of Palo Alto Networks\n\nAppleMobileFileIntegrity\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to use arbitrary entitlements\nDescription: This issue was addressed with improved checks. \nCVE-2020-9842: Linus Henze (pinauten.de)\n\nAudio\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero\nDay Initiative\n\nAudio\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero\nDay Initiative\n\nBluetooth\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An attacker in a privileged network position may be able to\nintercept Bluetooth traffic\nDescription: An issue existed with the use of a PRNG with low\nentropy. \nCVE-2020-6616: J\u00f6rn Tillmanns (@matedealer) and Jiska Classen\n(@naehrdine) of Secure Mobile Networking Lab\n\nBluetooth\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9838: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure\nMobile Networking Lab\n\nCoreText\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted text message may lead to\napplication denial of service\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an\nanonymous researcher, Carlos S Tech, Sam Menzies of Sam\u2019s Lounge,\nSufiyan Gouri of Lovely Professional University, India, Suleman Hasan\nRathor of Arabic-Classroom.com\n\nFaceTime\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A user\u2019s video may not be paused in a FaceTime call if they\nexit the FaceTime app while the call is ringing\nDescription: An issue existed in the pausing of FaceTime video. \nCVE-2020-9835: Olivier Levesque (@olilevesque)\n\nFile System\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to modify the file system\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9820: Thijs Alkemade of Computest\n\nFontParser\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend\nMicro Zero Day Initiative\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9789: Wenchao Li of VARAS@IIE\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nIPSec\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to leak memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9837: Thijs Alkemade of Computest\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to determine another\napplication\u0027s memory layout\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2020-9797: an anonymous researcher\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A local user may be able to read kernel memory\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2020-9811: Tielei Wang of Pangu Lab\nCVE-2020-9812: Derrek (@derrekr6)\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A logic issue existed resulting in memory corruption. \nCVE-2020-9813: Xinru Chi of Pangu Lab\nCVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2020-9809: Benjamin Randazzo (@____benjamin)\n\nMail\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted mail message may lead to\nheap corruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2020-9819: ZecOps.com\n\nMail\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted mail message may lead to\nunexpected memory modification or application termination\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9818: ZecOps.com\n\nMessages\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Users removed from an iMessage conversation may still be able\nto alter state\nDescription: This issue was addressed with improved checks. \nCVE-2020-9823: Suryansh Mansharamani, student of Community Middle\nSchool, Plainsboro, New\nJersey\n\nNotifications\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A person with physical access to an iOS device may be able to\nview notification contents from the lockscreen\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2020-9848: Nima\n\nPython\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2020-9793\n\nSandbox\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)\n\nSQLite\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may cause a denial of service or\npotentially disclose memory contents\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9794\n\nSystem Preferences\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to gain elevated privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of\n@SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\nUSB Audio\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A USB device may be able to cause a denial of service\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2020-9792: Andy Davis of NCC Group\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9805: an anonymous researcher\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9802: Samuel Gro\u00df of Google Project Zero\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of\n@SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro\nZero Day Initiative\n\nWebRTC\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: An access issue was addressed with improved memory\nmanagement. \nCVE-2019-20503: Natalie Silvanovich of Google Project Zero\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: A double free issue was addressed with improved memory\nmanagement. \nCVE-2020-9844: Ian Beer of Google Project Zero\n\nzsh\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A local attacker may be able to elevate their privileges\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2019-20044: Sam Foxman\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Maximilian von Tschitschnitz of\nTechnical University Munich and Ludwig Peuckert of Technical\nUniversity Munich for their assistance. \n\nCoreText\nWe would like to acknowledge Jiska Classen (@naehrdine) and Dennis\nHeinze (@ttdennis) of Secure Mobile Networking Lab for their\nassistance. \n\nDevice Analytics\nWe would like to acknowledge Mohamed Ghannam (@_simo36) for their\nassistance. \n\nImageIO\nWe would like to acknowledge Lei Sun for their assistance. \n\nIOHIDFamily\nWe would like to acknowledge Andy Davis of NCC Group for their\nassistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nSafari\nWe would like to acknowledge Jeffball of GRIMM and Luke Walker of\nManchester Metropolitan University for their assistance. \n\nWebKit\nWe would like to acknowledge Aidan Dunlap of UT Austin for their\nassistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 13.5 and iPadOS 13.5\". \n-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.64\n\niQIcBAEDCAAGBQJezV7MAAoJEAc+Lhnt8tDNdWwP/2NnLRWvziY/ilvylDEczut+\nxbSNg719ckFBtvkuXirQdsjfTmW3M/RJXUtjOmRDDEQB0IfmIRkrL49moDLeY0rB\ntjrsoVQESwYwbnb0xNzC3Oqr0tP3hitxFUpkKd7L0opo5vWhshBwqzWEtLTPxI1X\nT81DCpYiKDMB57bXgRV26QIFgQpHGXV/bMDCksVc12phempeEldP7t4dueDZy526\nkWinK9jlwzViWwSmm5VK0t9IbemAZ56Ca829ZmrkT7XfLRyxw0rb+2f9VcQz/kNe\nRziJ3RwF2WZTe7yJpz6LV5h3RMo+MoHdVbPCYmcYNPiaHGTMl1POZXkjDHBHCSBY\netboXOyZNOsnTMIVNwwXK/aGsKBz6kkfbWODS2omtz5oZjzGdZJLC/nFZC2GG13E\nPnb0E5ULmA95poi07gWTy31APilQXfAzGJEOebsvH5s2EZ9HcANqrwtonfHSjeOU\nZFH8xfnCTgO37ZgevrjdreD8SYRJR3QfEEf/DDNx2xXgr4wzydgvdyNCI1QpEz5s\nPS3JQECoBM9SsgXv02mCkNlK1crEqoxYURjcN3UIPGx8GVxtyiWJoEByxAgTtqv8\nRPSqKGvPrznR1SxVNrXB2o08X3LUqK0LREABpuD/wbp8Qj8ma2fo3hLpvdoc9+De\nfSLSaEAmjBkF5c4r1O3P\n=zOSS\n-----END PGP SIGNATURE-----\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: GNOME security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:4451-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4451\nIssue date: 2020-11-03\nCVE Names: CVE-2019-8625 CVE-2019-8710 CVE-2019-8720\n CVE-2019-8743 CVE-2019-8764 CVE-2019-8766\n CVE-2019-8769 CVE-2019-8771 CVE-2019-8782\n CVE-2019-8783 CVE-2019-8808 CVE-2019-8811\n CVE-2019-8812 CVE-2019-8813 CVE-2019-8814\n CVE-2019-8815 CVE-2019-8816 CVE-2019-8819\n CVE-2019-8820 CVE-2019-8823 CVE-2019-8835\n CVE-2019-8844 CVE-2019-8846 CVE-2020-3862\n CVE-2020-3864 CVE-2020-3865 CVE-2020-3867\n CVE-2020-3868 CVE-2020-3885 CVE-2020-3894\n CVE-2020-3895 CVE-2020-3897 CVE-2020-3899\n CVE-2020-3900 CVE-2020-3901 CVE-2020-3902\n CVE-2020-9802 CVE-2020-9803 CVE-2020-9805\n CVE-2020-9806 CVE-2020-9807 CVE-2020-9843\n CVE-2020-9850 CVE-2020-9862 CVE-2020-9893\n CVE-2020-9894 CVE-2020-9895 CVE-2020-9915\n CVE-2020-9925 CVE-2020-10018 CVE-2020-11793\n CVE-2020-14391 CVE-2020-15503\n====================================================================\n1. Summary:\n\nAn update for GNOME is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nGNOME is the default desktop environment of Red Hat Enterprise Linux. \n\nThe following packages have been upgraded to a later upstream version:\ngnome-remote-desktop (0.1.8), pipewire (0.3.6), vte291 (0.52.4),\nwebkit2gtk3 (2.28.4), xdg-desktop-portal (1.6.0), xdg-desktop-portal-gtk\n(1.6.0). (BZ#1775345, BZ#1779691, BZ#1817143, BZ#1832347, BZ#1837406)\n\nSecurity Fix(es):\n\n* webkitgtk: Multiple security issues (CVE-2019-8625, CVE-2019-8710,\nCVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769,\nCVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811,\nCVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816,\nCVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844,\nCVE-2019-8846, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867,\nCVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897,\nCVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802,\nCVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843,\nCVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895,\nCVE-2020-9915, CVE-2020-9925, CVE-2020-10018, CVE-2020-11793)\n\n* gnome-settings-daemon: Red Hat Customer Portal password logged and passed\nas command line argument when user registers through GNOME control center\n(CVE-2020-14391)\n\n* LibRaw: lack of thumbnail size range check can lead to buffer overflow\n(CVE-2020-15503)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.3 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nGDM must be restarted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1207179 - Select items matching non existing pattern does not unselect already selected\n1566027 - can\u0027t correctly compute contents size if hidden files are included\n1569868 - Browsing samba shares using gvfs is very slow\n1652178 - [RFE] perf-tool run on wayland\n1656262 - The terminal\u0027s character display is unclear on rhel8 guest after installing gnome\n1668895 - [RHEL8] Timedlogin Fails when Userlist is Disabled\n1692536 - login screen shows after gnome-initial-setup\n1706008 - Sound Effect sometimes fails to change to selected option. \n1706076 - Automatic suspend for 90 minutes is set for 80 minutes instead. \n1715845 - JS ERROR: TypeError: this._workspacesViews[i] is undefined\n1719937 - GNOME Extension: Auto-Move-Windows Not Working Properly\n1758891 - tracker-devel subpackage missing from el8 repos\n1775345 - Rebase xdg-desktop-portal to 1.6\n1778579 - Nautilus does not respect umask settings. \n1779691 - Rebase xdg-desktop-portal-gtk to 1.6\n1794045 - There are two different high contrast versions of desktop icons\n1804719 - Update vte291 to 0.52.4\n1805929 - RHEL 8.1 gnome-shell-extension errors\n1811721 - CVE-2020-10018 webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp\n1814820 - No checkbox to install updates in the shutdown dialog\n1816070 - \"search for an application to open this file\" dialog broken\n1816678 - CVE-2019-8846 webkitgtk: Use after free issue may lead to remote code execution\n1816684 - CVE-2019-8835 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution\n1816686 - CVE-2019-8844 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution\n1817143 - Rebase WebKitGTK to 2.28\n1820759 - Include IO stall fixes\n1820760 - Include IO fixes\n1824362 - [BZ] Setting in gnome-tweak-tool Window List will reset upon opening\n1827030 - gnome-settings-daemon: subscription notification on CentOS Stream\n1829369 - CVE-2020-11793 webkitgtk: use-after-free via crafted web content\n1832347 - [Rebase] Rebase pipewire to 0.3.x\n1833158 - gdm-related dconf folders and keyfiles are not found in fresh 8.2 install\n1837381 - Backport screen cast improvements to 8.3\n1837406 - Rebase gnome-remote-desktop to PipeWire 0.3 version\n1837413 - Backport changes needed by xdg-desktop-portal-gtk-1.6\n1837648 - Vendor.conf should point to https://access.redhat.com/site/solutions/537113\n1840080 - Can not control top bar menus via keys in Wayland\n1840788 - [flatpak][rhel8] unable to build potrace as dependency\n1843486 - Software crash after clicking Updates tab\n1844578 - anaconda very rarely crashes at startup with a pygobject traceback\n1846191 - usb adapters hotplug crashes gnome-shell\n1847051 - JS ERROR: TypeError: area is null\n1847061 - File search doesn\u0027t work under certain locales\n1847062 - gnome-remote-desktop crash on QXL graphics\n1847203 - gnome-shell: get_top_visible_window_actor(): gnome-shell killed by SIGSEGV\n1853477 - CVE-2020-15503 LibRaw: lack of thumbnail size range check can lead to buffer overflow\n1854734 - PipeWire 0.2 should be required by xdg-desktop-portal\n1866332 - Remove obsolete libusb-devel dependency\n1868260 - [Hyper-V][RHEL8] VM starts GUI failed on Hyper-V 2019/2016, hangs at \"Started GNOME Display Manager\" - GDM regression issue. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nLibRaw-0.19.5-2.el8.src.rpm\nPackageKit-1.1.12-6.el8.src.rpm\ndleyna-renderer-0.6.0-3.el8.src.rpm\nfrei0r-plugins-1.6.1-7.el8.src.rpm\ngdm-3.28.3-34.el8.src.rpm\ngnome-control-center-3.28.2-22.el8.src.rpm\ngnome-photos-3.28.1-3.el8.src.rpm\ngnome-remote-desktop-0.1.8-3.el8.src.rpm\ngnome-session-3.28.1-10.el8.src.rpm\ngnome-settings-daemon-3.32.0-11.el8.src.rpm\ngnome-shell-3.32.2-20.el8.src.rpm\ngnome-shell-extensions-3.32.1-11.el8.src.rpm\ngnome-terminal-3.28.3-2.el8.src.rpm\ngtk3-3.22.30-6.el8.src.rpm\ngvfs-1.36.2-10.el8.src.rpm\nmutter-3.32.2-48.el8.src.rpm\nnautilus-3.28.1-14.el8.src.rpm\npipewire-0.3.6-1.el8.src.rpm\npipewire0.2-0.2.7-6.el8.src.rpm\npotrace-1.15-3.el8.src.rpm\ntracker-2.1.5-2.el8.src.rpm\nvte291-0.52.4-2.el8.src.rpm\nwebkit2gtk3-2.28.4-1.el8.src.rpm\nwebrtc-audio-processing-0.3-9.el8.src.rpm\nxdg-desktop-portal-1.6.0-2.el8.src.rpm\nxdg-desktop-portal-gtk-1.6.0-1.el8.src.rpm\n\naarch64:\nPackageKit-1.1.12-6.el8.aarch64.rpm\nPackageKit-command-not-found-1.1.12-6.el8.aarch64.rpm\nPackageKit-command-not-found-debuginfo-1.1.12-6.el8.aarch64.rpm\nPackageKit-cron-1.1.12-6.el8.aarch64.rpm\nPackageKit-debuginfo-1.1.12-6.el8.aarch64.rpm\nPackageKit-debugsource-1.1.12-6.el8.aarch64.rpm\nPackageKit-glib-1.1.12-6.el8.aarch64.rpm\nPackageKit-glib-debuginfo-1.1.12-6.el8.aarch64.rpm\nPackageKit-gstreamer-plugin-1.1.12-6.el8.aarch64.rpm\nPackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.aarch64.rpm\nPackageKit-gtk3-module-1.1.12-6.el8.aarch64.rpm\nPackageKit-gtk3-module-debuginfo-1.1.12-6.el8.aarch64.rpm\nfrei0r-plugins-1.6.1-7.el8.aarch64.rpm\nfrei0r-plugins-debuginfo-1.6.1-7.el8.aarch64.rpm\nfrei0r-plugins-debugsource-1.6.1-7.el8.aarch64.rpm\nfrei0r-plugins-opencv-1.6.1-7.el8.aarch64.rpm\nfrei0r-plugins-opencv-debuginfo-1.6.1-7.el8.aarch64.rpm\ngdm-3.28.3-34.el8.aarch64.rpm\ngdm-debuginfo-3.28.3-34.el8.aarch64.rpm\ngdm-debugsource-3.28.3-34.el8.aarch64.rpm\ngnome-control-center-3.28.2-22.el8.aarch64.rpm\ngnome-control-center-debuginfo-3.28.2-22.el8.aarch64.rpm\ngnome-control-center-debugsource-3.28.2-22.el8.aarch64.rpm\ngnome-remote-desktop-0.1.8-3.el8.aarch64.rpm\ngnome-remote-desktop-debuginfo-0.1.8-3.el8.aarch64.rpm\ngnome-remote-desktop-debugsource-0.1.8-3.el8.aarch64.rpm\ngnome-session-3.28.1-10.el8.aarch64.rpm\ngnome-session-debuginfo-3.28.1-10.el8.aarch64.rpm\ngnome-session-debugsource-3.28.1-10.el8.aarch64.rpm\ngnome-session-wayland-session-3.28.1-10.el8.aarch64.rpm\ngnome-session-xsession-3.28.1-10.el8.aarch64.rpm\ngnome-settings-daemon-3.32.0-11.el8.aarch64.rpm\ngnome-settings-daemon-debuginfo-3.32.0-11.el8.aarch64.rpm\ngnome-settings-daemon-debugsource-3.32.0-11.el8.aarch64.rpm\ngnome-shell-3.32.2-20.el8.aarch64.rpm\ngnome-shell-debuginfo-3.32.2-20.el8.aarch64.rpm\ngnome-shell-debugsource-3.32.2-20.el8.aarch64.rpm\ngnome-terminal-3.28.3-2.el8.aarch64.rpm\ngnome-terminal-debuginfo-3.28.3-2.el8.aarch64.rpm\ngnome-terminal-debugsource-3.28.3-2.el8.aarch64.rpm\ngnome-terminal-nautilus-3.28.3-2.el8.aarch64.rpm\ngnome-terminal-nautilus-debuginfo-3.28.3-2.el8.aarch64.rpm\ngsettings-desktop-schemas-devel-3.32.0-5.el8.aarch64.rpm\ngtk-update-icon-cache-3.22.30-6.el8.aarch64.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-6.el8.aarch64.rpm\ngtk3-3.22.30-6.el8.aarch64.rpm\ngtk3-debuginfo-3.22.30-6.el8.aarch64.rpm\ngtk3-debugsource-3.22.30-6.el8.aarch64.rpm\ngtk3-devel-3.22.30-6.el8.aarch64.rpm\ngtk3-devel-debuginfo-3.22.30-6.el8.aarch64.rpm\ngtk3-immodule-xim-3.22.30-6.el8.aarch64.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-6.el8.aarch64.rpm\ngtk3-immodules-debuginfo-3.22.30-6.el8.aarch64.rpm\ngtk3-tests-debuginfo-3.22.30-6.el8.aarch64.rpm\ngvfs-1.36.2-10.el8.aarch64.rpm\ngvfs-afc-1.36.2-10.el8.aarch64.rpm\ngvfs-afc-debuginfo-1.36.2-10.el8.aarch64.rpm\ngvfs-afp-1.36.2-10.el8.aarch64.rpm\ngvfs-afp-debuginfo-1.36.2-10.el8.aarch64.rpm\ngvfs-archive-1.36.2-10.el8.aarch64.rpm\ngvfs-archive-debuginfo-1.36.2-10.el8.aarch64.rpm\ngvfs-client-1.36.2-10.el8.aarch64.rpm\ngvfs-client-debuginfo-1.36.2-10.el8.aarch64.rpm\ngvfs-debuginfo-1.36.2-10.el8.aarch64.rpm\ngvfs-debugsource-1.36.2-10.el8.aarch64.rpm\ngvfs-devel-1.36.2-10.el8.aarch64.rpm\ngvfs-fuse-1.36.2-10.el8.aarch64.rpm\ngvfs-fuse-debuginfo-1.36.2-10.el8.aarch64.rpm\ngvfs-goa-1.36.2-10.el8.aarch64.rpm\ngvfs-goa-debuginfo-1.36.2-10.el8.aarch64.rpm\ngvfs-gphoto2-1.36.2-10.el8.aarch64.rpm\ngvfs-gphoto2-debuginfo-1.36.2-10.el8.aarch64.rpm\ngvfs-mtp-1.36.2-10.el8.aarch64.rpm\ngvfs-mtp-debuginfo-1.36.2-10.el8.aarch64.rpm\ngvfs-smb-1.36.2-10.el8.aarch64.rpm\ngvfs-smb-debuginfo-1.36.2-10.el8.aarch64.rpm\nlibsoup-debuginfo-2.62.3-2.el8.aarch64.rpm\nlibsoup-debugsource-2.62.3-2.el8.aarch64.rpm\nlibsoup-devel-2.62.3-2.el8.aarch64.rpm\nmutter-3.32.2-48.el8.aarch64.rpm\nmutter-debuginfo-3.32.2-48.el8.aarch64.rpm\nmutter-debugsource-3.32.2-48.el8.aarch64.rpm\nmutter-tests-debuginfo-3.32.2-48.el8.aarch64.rpm\nnautilus-3.28.1-14.el8.aarch64.rpm\nnautilus-debuginfo-3.28.1-14.el8.aarch64.rpm\nnautilus-debugsource-3.28.1-14.el8.aarch64.rpm\nnautilus-extensions-3.28.1-14.el8.aarch64.rpm\nnautilus-extensions-debuginfo-3.28.1-14.el8.aarch64.rpm\npipewire-0.3.6-1.el8.aarch64.rpm\npipewire-alsa-debuginfo-0.3.6-1.el8.aarch64.rpm\npipewire-debuginfo-0.3.6-1.el8.aarch64.rpm\npipewire-debugsource-0.3.6-1.el8.aarch64.rpm\npipewire-devel-0.3.6-1.el8.aarch64.rpm\npipewire-doc-0.3.6-1.el8.aarch64.rpm\npipewire-gstreamer-debuginfo-0.3.6-1.el8.aarch64.rpm\npipewire-libs-0.3.6-1.el8.aarch64.rpm\npipewire-libs-debuginfo-0.3.6-1.el8.aarch64.rpm\npipewire-utils-0.3.6-1.el8.aarch64.rpm\npipewire-utils-debuginfo-0.3.6-1.el8.aarch64.rpm\npipewire0.2-debugsource-0.2.7-6.el8.aarch64.rpm\npipewire0.2-devel-0.2.7-6.el8.aarch64.rpm\npipewire0.2-libs-0.2.7-6.el8.aarch64.rpm\npipewire0.2-libs-debuginfo-0.2.7-6.el8.aarch64.rpm\npotrace-1.15-3.el8.aarch64.rpm\npotrace-debuginfo-1.15-3.el8.aarch64.rpm\npotrace-debugsource-1.15-3.el8.aarch64.rpm\npygobject3-debuginfo-3.28.3-2.el8.aarch64.rpm\npygobject3-debugsource-3.28.3-2.el8.aarch64.rpm\npython3-gobject-3.28.3-2.el8.aarch64.rpm\npython3-gobject-base-debuginfo-3.28.3-2.el8.aarch64.rpm\npython3-gobject-debuginfo-3.28.3-2.el8.aarch64.rpm\ntracker-2.1.5-2.el8.aarch64.rpm\ntracker-debuginfo-2.1.5-2.el8.aarch64.rpm\ntracker-debugsource-2.1.5-2.el8.aarch64.rpm\nvte-profile-0.52.4-2.el8.aarch64.rpm\nvte291-0.52.4-2.el8.aarch64.rpm\nvte291-debuginfo-0.52.4-2.el8.aarch64.rpm\nvte291-debugsource-0.52.4-2.el8.aarch64.rpm\nvte291-devel-debuginfo-0.52.4-2.el8.aarch64.rpm\nwebkit2gtk3-2.28.4-1.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.28.4-1.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.28.4-1.el8.aarch64.rpm\nwebkit2gtk3-devel-2.28.4-1.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.28.4-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.28.4-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.28.4-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.28.4-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.aarch64.rpm\nwebrtc-audio-processing-0.3-9.el8.aarch64.rpm\nwebrtc-audio-processing-debuginfo-0.3-9.el8.aarch64.rpm\nwebrtc-audio-processing-debugsource-0.3-9.el8.aarch64.rpm\nxdg-desktop-portal-1.6.0-2.el8.aarch64.rpm\nxdg-desktop-portal-debuginfo-1.6.0-2.el8.aarch64.rpm\nxdg-desktop-portal-debugsource-1.6.0-2.el8.aarch64.rpm\nxdg-desktop-portal-gtk-1.6.0-1.el8.aarch64.rpm\nxdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8.aarch64.rpm\nxdg-desktop-portal-gtk-debugsource-1.6.0-1.el8.aarch64.rpm\n\nnoarch:\ngnome-classic-session-3.32.1-11.el8.noarch.rpm\ngnome-control-center-filesystem-3.28.2-22.el8.noarch.rpm\ngnome-shell-extension-apps-menu-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-auto-move-windows-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-common-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-dash-to-dock-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-desktop-icons-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-disable-screenshield-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-drive-menu-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-horizontal-workspaces-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-launch-new-instance-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-native-window-placement-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-no-hot-corner-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-panel-favorites-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-places-menu-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-screenshot-window-sizer-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-systemMonitor-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-top-icons-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-updates-dialog-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-user-theme-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-window-grouper-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-window-list-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-windowsNavigator-3.32.1-11.el8.noarch.rpm\ngnome-shell-extension-workspace-indicator-3.32.1-11.el8.noarch.rpm\n\nppc64le:\nLibRaw-0.19.5-2.el8.ppc64le.rpm\nLibRaw-debuginfo-0.19.5-2.el8.ppc64le.rpm\nLibRaw-debugsource-0.19.5-2.el8.ppc64le.rpm\nLibRaw-samples-debuginfo-0.19.5-2.el8.ppc64le.rpm\nPackageKit-1.1.12-6.el8.ppc64le.rpm\nPackageKit-command-not-found-1.1.12-6.el8.ppc64le.rpm\nPackageKit-command-not-found-debuginfo-1.1.12-6.el8.ppc64le.rpm\nPackageKit-cron-1.1.12-6.el8.ppc64le.rpm\nPackageKit-debuginfo-1.1.12-6.el8.ppc64le.rpm\nPackageKit-debugsource-1.1.12-6.el8.ppc64le.rpm\nPackageKit-glib-1.1.12-6.el8.ppc64le.rpm\nPackageKit-glib-debuginfo-1.1.12-6.el8.ppc64le.rpm\nPackageKit-gstreamer-plugin-1.1.12-6.el8.ppc64le.rpm\nPackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.ppc64le.rpm\nPackageKit-gtk3-module-1.1.12-6.el8.ppc64le.rpm\nPackageKit-gtk3-module-debuginfo-1.1.12-6.el8.ppc64le.rpm\ndleyna-renderer-0.6.0-3.el8.ppc64le.rpm\ndleyna-renderer-debuginfo-0.6.0-3.el8.ppc64le.rpm\ndleyna-renderer-debugsource-0.6.0-3.el8.ppc64le.rpm\nfrei0r-plugins-1.6.1-7.el8.ppc64le.rpm\nfrei0r-plugins-debuginfo-1.6.1-7.el8.ppc64le.rpm\nfrei0r-plugins-debugsource-1.6.1-7.el8.ppc64le.rpm\nfrei0r-plugins-opencv-1.6.1-7.el8.ppc64le.rpm\nfrei0r-plugins-opencv-debuginfo-1.6.1-7.el8.ppc64le.rpm\ngdm-3.28.3-34.el8.ppc64le.rpm\ngdm-debuginfo-3.28.3-34.el8.ppc64le.rpm\ngdm-debugsource-3.28.3-34.el8.ppc64le.rpm\ngnome-control-center-3.28.2-22.el8.ppc64le.rpm\ngnome-control-center-debuginfo-3.28.2-22.el8.ppc64le.rpm\ngnome-control-center-debugsource-3.28.2-22.el8.ppc64le.rpm\ngnome-photos-3.28.1-3.el8.ppc64le.rpm\ngnome-photos-debuginfo-3.28.1-3.el8.ppc64le.rpm\ngnome-photos-debugsource-3.28.1-3.el8.ppc64le.rpm\ngnome-photos-tests-3.28.1-3.el8.ppc64le.rpm\ngnome-remote-desktop-0.1.8-3.el8.ppc64le.rpm\ngnome-remote-desktop-debuginfo-0.1.8-3.el8.ppc64le.rpm\ngnome-remote-desktop-debugsource-0.1.8-3.el8.ppc64le.rpm\ngnome-session-3.28.1-10.el8.ppc64le.rpm\ngnome-session-debuginfo-3.28.1-10.el8.ppc64le.rpm\ngnome-session-debugsource-3.28.1-10.el8.ppc64le.rpm\ngnome-session-wayland-session-3.28.1-10.el8.ppc64le.rpm\ngnome-session-xsession-3.28.1-10.el8.ppc64le.rpm\ngnome-settings-daemon-3.32.0-11.el8.ppc64le.rpm\ngnome-settings-daemon-debuginfo-3.32.0-11.el8.ppc64le.rpm\ngnome-settings-daemon-debugsource-3.32.0-11.el8.ppc64le.rpm\ngnome-shell-3.32.2-20.el8.ppc64le.rpm\ngnome-shell-debuginfo-3.32.2-20.el8.ppc64le.rpm\ngnome-shell-debugsource-3.32.2-20.el8.ppc64le.rpm\ngnome-terminal-3.28.3-2.el8.ppc64le.rpm\ngnome-terminal-debuginfo-3.28.3-2.el8.ppc64le.rpm\ngnome-terminal-debugsource-3.28.3-2.el8.ppc64le.rpm\ngnome-terminal-nautilus-3.28.3-2.el8.ppc64le.rpm\ngnome-terminal-nautilus-debuginfo-3.28.3-2.el8.ppc64le.rpm\ngsettings-desktop-schemas-devel-3.32.0-5.el8.ppc64le.rpm\ngtk-update-icon-cache-3.22.30-6.el8.ppc64le.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-6.el8.ppc64le.rpm\ngtk3-3.22.30-6.el8.ppc64le.rpm\ngtk3-debuginfo-3.22.30-6.el8.ppc64le.rpm\ngtk3-debugsource-3.22.30-6.el8.ppc64le.rpm\ngtk3-devel-3.22.30-6.el8.ppc64le.rpm\ngtk3-devel-debuginfo-3.22.30-6.el8.ppc64le.rpm\ngtk3-immodule-xim-3.22.30-6.el8.ppc64le.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-6.el8.ppc64le.rpm\ngtk3-immodules-debuginfo-3.22.30-6.el8.ppc64le.rpm\ngtk3-tests-debuginfo-3.22.30-6.el8.ppc64le.rpm\ngvfs-1.36.2-10.el8.ppc64le.rpm\ngvfs-afc-1.36.2-10.el8.ppc64le.rpm\ngvfs-afc-debuginfo-1.36.2-10.el8.ppc64le.rpm\ngvfs-afp-1.36.2-10.el8.ppc64le.rpm\ngvfs-afp-debuginfo-1.36.2-10.el8.ppc64le.rpm\ngvfs-archive-1.36.2-10.el8.ppc64le.rpm\ngvfs-archive-debuginfo-1.36.2-10.el8.ppc64le.rpm\ngvfs-client-1.36.2-10.el8.ppc64le.rpm\ngvfs-client-debuginfo-1.36.2-10.el8.ppc64le.rpm\ngvfs-debuginfo-1.36.2-10.el8.ppc64le.rpm\ngvfs-debugsource-1.36.2-10.el8.ppc64le.rpm\ngvfs-devel-1.36.2-10.el8.ppc64le.rpm\ngvfs-fuse-1.36.2-10.el8.ppc64le.rpm\ngvfs-fuse-debuginfo-1.36.2-10.el8.ppc64le.rpm\ngvfs-goa-1.36.2-10.el8.ppc64le.rpm\ngvfs-goa-debuginfo-1.36.2-10.el8.ppc64le.rpm\ngvfs-gphoto2-1.36.2-10.el8.ppc64le.rpm\ngvfs-gphoto2-debuginfo-1.36.2-10.el8.ppc64le.rpm\ngvfs-mtp-1.36.2-10.el8.ppc64le.rpm\ngvfs-mtp-debuginfo-1.36.2-10.el8.ppc64le.rpm\ngvfs-smb-1.36.2-10.el8.ppc64le.rpm\ngvfs-smb-debuginfo-1.36.2-10.el8.ppc64le.rpm\nlibsoup-debuginfo-2.62.3-2.el8.ppc64le.rpm\nlibsoup-debugsource-2.62.3-2.el8.ppc64le.rpm\nlibsoup-devel-2.62.3-2.el8.ppc64le.rpm\nmutter-3.32.2-48.el8.ppc64le.rpm\nmutter-debuginfo-3.32.2-48.el8.ppc64le.rpm\nmutter-debugsource-3.32.2-48.el8.ppc64le.rpm\nmutter-tests-debuginfo-3.32.2-48.el8.ppc64le.rpm\nnautilus-3.28.1-14.el8.ppc64le.rpm\nnautilus-debuginfo-3.28.1-14.el8.ppc64le.rpm\nnautilus-debugsource-3.28.1-14.el8.ppc64le.rpm\nnautilus-extensions-3.28.1-14.el8.ppc64le.rpm\nnautilus-extensions-debuginfo-3.28.1-14.el8.ppc64le.rpm\npipewire-0.3.6-1.el8.ppc64le.rpm\npipewire-alsa-debuginfo-0.3.6-1.el8.ppc64le.rpm\npipewire-debuginfo-0.3.6-1.el8.ppc64le.rpm\npipewire-debugsource-0.3.6-1.el8.ppc64le.rpm\npipewire-devel-0.3.6-1.el8.ppc64le.rpm\npipewire-doc-0.3.6-1.el8.ppc64le.rpm\npipewire-gstreamer-debuginfo-0.3.6-1.el8.ppc64le.rpm\npipewire-libs-0.3.6-1.el8.ppc64le.rpm\npipewire-libs-debuginfo-0.3.6-1.el8.ppc64le.rpm\npipewire-utils-0.3.6-1.el8.ppc64le.rpm\npipewire-utils-debuginfo-0.3.6-1.el8.ppc64le.rpm\npipewire0.2-debugsource-0.2.7-6.el8.ppc64le.rpm\npipewire0.2-devel-0.2.7-6.el8.ppc64le.rpm\npipewire0.2-libs-0.2.7-6.el8.ppc64le.rpm\npipewire0.2-libs-debuginfo-0.2.7-6.el8.ppc64le.rpm\npotrace-1.15-3.el8.ppc64le.rpm\npotrace-debuginfo-1.15-3.el8.ppc64le.rpm\npotrace-debugsource-1.15-3.el8.ppc64le.rpm\npygobject3-debuginfo-3.28.3-2.el8.ppc64le.rpm\npygobject3-debugsource-3.28.3-2.el8.ppc64le.rpm\npython3-gobject-3.28.3-2.el8.ppc64le.rpm\npython3-gobject-base-debuginfo-3.28.3-2.el8.ppc64le.rpm\npython3-gobject-debuginfo-3.28.3-2.el8.ppc64le.rpm\ntracker-2.1.5-2.el8.ppc64le.rpm\ntracker-debuginfo-2.1.5-2.el8.ppc64le.rpm\ntracker-debugsource-2.1.5-2.el8.ppc64le.rpm\nvte-profile-0.52.4-2.el8.ppc64le.rpm\nvte291-0.52.4-2.el8.ppc64le.rpm\nvte291-debuginfo-0.52.4-2.el8.ppc64le.rpm\nvte291-debugsource-0.52.4-2.el8.ppc64le.rpm\nvte291-devel-debuginfo-0.52.4-2.el8.ppc64le.rpm\nwebkit2gtk3-2.28.4-1.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.28.4-1.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.28.4-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.28.4-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.28.4-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.28.4-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.28.4-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.28.4-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.ppc64le.rpm\nwebrtc-audio-processing-0.3-9.el8.ppc64le.rpm\nwebrtc-audio-processing-debuginfo-0.3-9.el8.ppc64le.rpm\nwebrtc-audio-processing-debugsource-0.3-9.el8.ppc64le.rpm\nxdg-desktop-portal-1.6.0-2.el8.ppc64le.rpm\nxdg-desktop-portal-debuginfo-1.6.0-2.el8.ppc64le.rpm\nxdg-desktop-portal-debugsource-1.6.0-2.el8.ppc64le.rpm\nxdg-desktop-portal-gtk-1.6.0-1.el8.ppc64le.rpm\nxdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8.ppc64le.rpm\nxdg-desktop-portal-gtk-debugsource-1.6.0-1.el8.ppc64le.rpm\n\ns390x:\nPackageKit-1.1.12-6.el8.s390x.rpm\nPackageKit-command-not-found-1.1.12-6.el8.s390x.rpm\nPackageKit-command-not-found-debuginfo-1.1.12-6.el8.s390x.rpm\nPackageKit-cron-1.1.12-6.el8.s390x.rpm\nPackageKit-debuginfo-1.1.12-6.el8.s390x.rpm\nPackageKit-debugsource-1.1.12-6.el8.s390x.rpm\nPackageKit-glib-1.1.12-6.el8.s390x.rpm\nPackageKit-glib-debuginfo-1.1.12-6.el8.s390x.rpm\nPackageKit-gstreamer-plugin-1.1.12-6.el8.s390x.rpm\nPackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.s390x.rpm\nPackageKit-gtk3-module-1.1.12-6.el8.s390x.rpm\nPackageKit-gtk3-module-debuginfo-1.1.12-6.el8.s390x.rpm\nfrei0r-plugins-1.6.1-7.el8.s390x.rpm\nfrei0r-plugins-debuginfo-1.6.1-7.el8.s390x.rpm\nfrei0r-plugins-debugsource-1.6.1-7.el8.s390x.rpm\nfrei0r-plugins-opencv-1.6.1-7.el8.s390x.rpm\nfrei0r-plugins-opencv-debuginfo-1.6.1-7.el8.s390x.rpm\ngdm-3.28.3-34.el8.s390x.rpm\ngdm-debuginfo-3.28.3-34.el8.s390x.rpm\ngdm-debugsource-3.28.3-34.el8.s390x.rpm\ngnome-control-center-3.28.2-22.el8.s390x.rpm\ngnome-control-center-debuginfo-3.28.2-22.el8.s390x.rpm\ngnome-control-center-debugsource-3.28.2-22.el8.s390x.rpm\ngnome-remote-desktop-0.1.8-3.el8.s390x.rpm\ngnome-remote-desktop-debuginfo-0.1.8-3.el8.s390x.rpm\ngnome-remote-desktop-debugsource-0.1.8-3.el8.s390x.rpm\ngnome-session-3.28.1-10.el8.s390x.rpm\ngnome-session-debuginfo-3.28.1-10.el8.s390x.rpm\ngnome-session-debugsource-3.28.1-10.el8.s390x.rpm\ngnome-session-wayland-session-3.28.1-10.el8.s390x.rpm\ngnome-session-xsession-3.28.1-10.el8.s390x.rpm\ngnome-settings-daemon-3.32.0-11.el8.s390x.rpm\ngnome-settings-daemon-debuginfo-3.32.0-11.el8.s390x.rpm\ngnome-settings-daemon-debugsource-3.32.0-11.el8.s390x.rpm\ngnome-shell-3.32.2-20.el8.s390x.rpm\ngnome-shell-debuginfo-3.32.2-20.el8.s390x.rpm\ngnome-shell-debugsource-3.32.2-20.el8.s390x.rpm\ngnome-terminal-3.28.3-2.el8.s390x.rpm\ngnome-terminal-debuginfo-3.28.3-2.el8.s390x.rpm\ngnome-terminal-debugsource-3.28.3-2.el8.s390x.rpm\ngnome-terminal-nautilus-3.28.3-2.el8.s390x.rpm\ngnome-terminal-nautilus-debuginfo-3.28.3-2.el8.s390x.rpm\ngsettings-desktop-schemas-devel-3.32.0-5.el8.s390x.rpm\ngtk-update-icon-cache-3.22.30-6.el8.s390x.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-6.el8.s390x.rpm\ngtk3-3.22.30-6.el8.s390x.rpm\ngtk3-debuginfo-3.22.30-6.el8.s390x.rpm\ngtk3-debugsource-3.22.30-6.el8.s390x.rpm\ngtk3-devel-3.22.30-6.el8.s390x.rpm\ngtk3-devel-debuginfo-3.22.30-6.el8.s390x.rpm\ngtk3-immodule-xim-3.22.30-6.el8.s390x.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-6.el8.s390x.rpm\ngtk3-immodules-debuginfo-3.22.30-6.el8.s390x.rpm\ngtk3-tests-debuginfo-3.22.30-6.el8.s390x.rpm\ngvfs-1.36.2-10.el8.s390x.rpm\ngvfs-afp-1.36.2-10.el8.s390x.rpm\ngvfs-afp-debuginfo-1.36.2-10.el8.s390x.rpm\ngvfs-archive-1.36.2-10.el8.s390x.rpm\ngvfs-archive-debuginfo-1.36.2-10.el8.s390x.rpm\ngvfs-client-1.36.2-10.el8.s390x.rpm\ngvfs-client-debuginfo-1.36.2-10.el8.s390x.rpm\ngvfs-debuginfo-1.36.2-10.el8.s390x.rpm\ngvfs-debugsource-1.36.2-10.el8.s390x.rpm\ngvfs-devel-1.36.2-10.el8.s390x.rpm\ngvfs-fuse-1.36.2-10.el8.s390x.rpm\ngvfs-fuse-debuginfo-1.36.2-10.el8.s390x.rpm\ngvfs-goa-1.36.2-10.el8.s390x.rpm\ngvfs-goa-debuginfo-1.36.2-10.el8.s390x.rpm\ngvfs-gphoto2-1.36.2-10.el8.s390x.rpm\ngvfs-gphoto2-debuginfo-1.36.2-10.el8.s390x.rpm\ngvfs-mtp-1.36.2-10.el8.s390x.rpm\ngvfs-mtp-debuginfo-1.36.2-10.el8.s390x.rpm\ngvfs-smb-1.36.2-10.el8.s390x.rpm\ngvfs-smb-debuginfo-1.36.2-10.el8.s390x.rpm\nlibsoup-debuginfo-2.62.3-2.el8.s390x.rpm\nlibsoup-debugsource-2.62.3-2.el8.s390x.rpm\nlibsoup-devel-2.62.3-2.el8.s390x.rpm\nmutter-3.32.2-48.el8.s390x.rpm\nmutter-debuginfo-3.32.2-48.el8.s390x.rpm\nmutter-debugsource-3.32.2-48.el8.s390x.rpm\nmutter-tests-debuginfo-3.32.2-48.el8.s390x.rpm\nnautilus-3.28.1-14.el8.s390x.rpm\nnautilus-debuginfo-3.28.1-14.el8.s390x.rpm\nnautilus-debugsource-3.28.1-14.el8.s390x.rpm\nnautilus-extensions-3.28.1-14.el8.s390x.rpm\nnautilus-extensions-debuginfo-3.28.1-14.el8.s390x.rpm\npipewire-0.3.6-1.el8.s390x.rpm\npipewire-alsa-debuginfo-0.3.6-1.el8.s390x.rpm\npipewire-debuginfo-0.3.6-1.el8.s390x.rpm\npipewire-debugsource-0.3.6-1.el8.s390x.rpm\npipewire-devel-0.3.6-1.el8.s390x.rpm\npipewire-gstreamer-debuginfo-0.3.6-1.el8.s390x.rpm\npipewire-libs-0.3.6-1.el8.s390x.rpm\npipewire-libs-debuginfo-0.3.6-1.el8.s390x.rpm\npipewire-utils-0.3.6-1.el8.s390x.rpm\npipewire-utils-debuginfo-0.3.6-1.el8.s390x.rpm\npipewire0.2-debugsource-0.2.7-6.el8.s390x.rpm\npipewire0.2-devel-0.2.7-6.el8.s390x.rpm\npipewire0.2-libs-0.2.7-6.el8.s390x.rpm\npipewire0.2-libs-debuginfo-0.2.7-6.el8.s390x.rpm\npotrace-1.15-3.el8.s390x.rpm\npotrace-debuginfo-1.15-3.el8.s390x.rpm\npotrace-debugsource-1.15-3.el8.s390x.rpm\npygobject3-debuginfo-3.28.3-2.el8.s390x.rpm\npygobject3-debugsource-3.28.3-2.el8.s390x.rpm\npython3-gobject-3.28.3-2.el8.s390x.rpm\npython3-gobject-base-debuginfo-3.28.3-2.el8.s390x.rpm\npython3-gobject-debuginfo-3.28.3-2.el8.s390x.rpm\ntracker-2.1.5-2.el8.s390x.rpm\ntracker-debuginfo-2.1.5-2.el8.s390x.rpm\ntracker-debugsource-2.1.5-2.el8.s390x.rpm\nvte-profile-0.52.4-2.el8.s390x.rpm\nvte291-0.52.4-2.el8.s390x.rpm\nvte291-debuginfo-0.52.4-2.el8.s390x.rpm\nvte291-debugsource-0.52.4-2.el8.s390x.rpm\nvte291-devel-debuginfo-0.52.4-2.el8.s390x.rpm\nwebkit2gtk3-2.28.4-1.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.28.4-1.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.28.4-1.el8.s390x.rpm\nwebkit2gtk3-devel-2.28.4-1.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.28.4-1.el8.s390x.rpm\nwebkit2gtk3-jsc-2.28.4-1.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.28.4-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.28.4-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.s390x.rpm\nwebrtc-audio-processing-0.3-9.el8.s390x.rpm\nwebrtc-audio-processing-debuginfo-0.3-9.el8.s390x.rpm\nwebrtc-audio-processing-debugsource-0.3-9.el8.s390x.rpm\nxdg-desktop-portal-1.6.0-2.el8.s390x.rpm\nxdg-desktop-portal-debuginfo-1.6.0-2.el8.s390x.rpm\nxdg-desktop-portal-debugsource-1.6.0-2.el8.s390x.rpm\nxdg-desktop-portal-gtk-1.6.0-1.el8.s390x.rpm\nxdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8.s390x.rpm\nxdg-desktop-portal-gtk-debugsource-1.6.0-1.el8.s390x.rpm\n\nx86_64:\nLibRaw-0.19.5-2.el8.i686.rpm\nLibRaw-0.19.5-2.el8.x86_64.rpm\nLibRaw-debuginfo-0.19.5-2.el8.i686.rpm\nLibRaw-debuginfo-0.19.5-2.el8.x86_64.rpm\nLibRaw-debugsource-0.19.5-2.el8.i686.rpm\nLibRaw-debugsource-0.19.5-2.el8.x86_64.rpm\nLibRaw-samples-debuginfo-0.19.5-2.el8.i686.rpm\nLibRaw-samples-debuginfo-0.19.5-2.el8.x86_64.rpm\nPackageKit-1.1.12-6.el8.x86_64.rpm\nPackageKit-command-not-found-1.1.12-6.el8.x86_64.rpm\nPackageKit-command-not-found-debuginfo-1.1.12-6.el8.i686.rpm\nPackageKit-command-not-found-debuginfo-1.1.12-6.el8.x86_64.rpm\nPackageKit-cron-1.1.12-6.el8.x86_64.rpm\nPackageKit-debuginfo-1.1.12-6.el8.i686.rpm\nPackageKit-debuginfo-1.1.12-6.el8.x86_64.rpm\nPackageKit-debugsource-1.1.12-6.el8.i686.rpm\nPackageKit-debugsource-1.1.12-6.el8.x86_64.rpm\nPackageKit-glib-1.1.12-6.el8.i686.rpm\nPackageKit-glib-1.1.12-6.el8.x86_64.rpm\nPackageKit-glib-debuginfo-1.1.12-6.el8.i686.rpm\nPackageKit-glib-debuginfo-1.1.12-6.el8.x86_64.rpm\nPackageKit-gstreamer-plugin-1.1.12-6.el8.x86_64.rpm\nPackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.i686.rpm\nPackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.x86_64.rpm\nPackageKit-gtk3-module-1.1.12-6.el8.i686.rpm\nPackageKit-gtk3-module-1.1.12-6.el8.x86_64.rpm\nPackageKit-gtk3-module-debuginfo-1.1.12-6.el8.i686.rpm\nPackageKit-gtk3-module-debuginfo-1.1.12-6.el8.x86_64.rpm\ndleyna-renderer-0.6.0-3.el8.x86_64.rpm\ndleyna-renderer-debuginfo-0.6.0-3.el8.x86_64.rpm\ndleyna-renderer-debugsource-0.6.0-3.el8.x86_64.rpm\nfrei0r-plugins-1.6.1-7.el8.x86_64.rpm\nfrei0r-plugins-debuginfo-1.6.1-7.el8.x86_64.rpm\nfrei0r-plugins-debugsource-1.6.1-7.el8.x86_64.rpm\nfrei0r-plugins-opencv-1.6.1-7.el8.x86_64.rpm\nfrei0r-plugins-opencv-debuginfo-1.6.1-7.el8.x86_64.rpm\ngdm-3.28.3-34.el8.i686.rpm\ngdm-3.28.3-34.el8.x86_64.rpm\ngdm-debuginfo-3.28.3-34.el8.i686.rpm\ngdm-debuginfo-3.28.3-34.el8.x86_64.rpm\ngdm-debugsource-3.28.3-34.el8.i686.rpm\ngdm-debugsource-3.28.3-34.el8.x86_64.rpm\ngnome-control-center-3.28.2-22.el8.x86_64.rpm\ngnome-control-center-debuginfo-3.28.2-22.el8.x86_64.rpm\ngnome-control-center-debugsource-3.28.2-22.el8.x86_64.rpm\ngnome-photos-3.28.1-3.el8.x86_64.rpm\ngnome-photos-debuginfo-3.28.1-3.el8.x86_64.rpm\ngnome-photos-debugsource-3.28.1-3.el8.x86_64.rpm\ngnome-photos-tests-3.28.1-3.el8.x86_64.rpm\ngnome-remote-desktop-0.1.8-3.el8.x86_64.rpm\ngnome-remote-desktop-debuginfo-0.1.8-3.el8.x86_64.rpm\ngnome-remote-desktop-debugsource-0.1.8-3.el8.x86_64.rpm\ngnome-session-3.28.1-10.el8.x86_64.rpm\ngnome-session-debuginfo-3.28.1-10.el8.x86_64.rpm\ngnome-session-debugsource-3.28.1-10.el8.x86_64.rpm\ngnome-session-wayland-session-3.28.1-10.el8.x86_64.rpm\ngnome-session-xsession-3.28.1-10.el8.x86_64.rpm\ngnome-settings-daemon-3.32.0-11.el8.x86_64.rpm\ngnome-settings-daemon-debuginfo-3.32.0-11.el8.x86_64.rpm\ngnome-settings-daemon-debugsource-3.32.0-11.el8.x86_64.rpm\ngnome-shell-3.32.2-20.el8.x86_64.rpm\ngnome-shell-debuginfo-3.32.2-20.el8.x86_64.rpm\ngnome-shell-debugsource-3.32.2-20.el8.x86_64.rpm\ngnome-terminal-3.28.3-2.el8.x86_64.rpm\ngnome-terminal-debuginfo-3.28.3-2.el8.x86_64.rpm\ngnome-terminal-debugsource-3.28.3-2.el8.x86_64.rpm\ngnome-terminal-nautilus-3.28.3-2.el8.x86_64.rpm\ngnome-terminal-nautilus-debuginfo-3.28.3-2.el8.x86_64.rpm\ngsettings-desktop-schemas-3.32.0-5.el8.i686.rpm\ngsettings-desktop-schemas-devel-3.32.0-5.el8.i686.rpm\ngsettings-desktop-schemas-devel-3.32.0-5.el8.x86_64.rpm\ngtk-update-icon-cache-3.22.30-6.el8.x86_64.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-6.el8.i686.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-6.el8.x86_64.rpm\ngtk3-3.22.30-6.el8.i686.rpm\ngtk3-3.22.30-6.el8.x86_64.rpm\ngtk3-debuginfo-3.22.30-6.el8.i686.rpm\ngtk3-debuginfo-3.22.30-6.el8.x86_64.rpm\ngtk3-debugsource-3.22.30-6.el8.i686.rpm\ngtk3-debugsource-3.22.30-6.el8.x86_64.rpm\ngtk3-devel-3.22.30-6.el8.i686.rpm\ngtk3-devel-3.22.30-6.el8.x86_64.rpm\ngtk3-devel-debuginfo-3.22.30-6.el8.i686.rpm\ngtk3-devel-debuginfo-3.22.30-6.el8.x86_64.rpm\ngtk3-immodule-xim-3.22.30-6.el8.x86_64.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-6.el8.i686.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-6.el8.x86_64.rpm\ngtk3-immodules-debuginfo-3.22.30-6.el8.i686.rpm\ngtk3-immodules-debuginfo-3.22.30-6.el8.x86_64.rpm\ngtk3-tests-debuginfo-3.22.30-6.el8.i686.rpm\ngtk3-tests-debuginfo-3.22.30-6.el8.x86_64.rpm\ngvfs-1.36.2-10.el8.x86_64.rpm\ngvfs-afc-1.36.2-10.el8.x86_64.rpm\ngvfs-afc-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-afc-debuginfo-1.36.2-10.el8.x86_64.rpm\ngvfs-afp-1.36.2-10.el8.x86_64.rpm\ngvfs-afp-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-afp-debuginfo-1.36.2-10.el8.x86_64.rpm\ngvfs-archive-1.36.2-10.el8.x86_64.rpm\ngvfs-archive-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-archive-debuginfo-1.36.2-10.el8.x86_64.rpm\ngvfs-client-1.36.2-10.el8.i686.rpm\ngvfs-client-1.36.2-10.el8.x86_64.rpm\ngvfs-client-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-client-debuginfo-1.36.2-10.el8.x86_64.rpm\ngvfs-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-debuginfo-1.36.2-10.el8.x86_64.rpm\ngvfs-debugsource-1.36.2-10.el8.i686.rpm\ngvfs-debugsource-1.36.2-10.el8.x86_64.rpm\ngvfs-devel-1.36.2-10.el8.i686.rpm\ngvfs-devel-1.36.2-10.el8.x86_64.rpm\ngvfs-fuse-1.36.2-10.el8.x86_64.rpm\ngvfs-fuse-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-fuse-debuginfo-1.36.2-10.el8.x86_64.rpm\ngvfs-goa-1.36.2-10.el8.x86_64.rpm\ngvfs-goa-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-goa-debuginfo-1.36.2-10.el8.x86_64.rpm\ngvfs-gphoto2-1.36.2-10.el8.x86_64.rpm\ngvfs-gphoto2-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-gphoto2-debuginfo-1.36.2-10.el8.x86_64.rpm\ngvfs-mtp-1.36.2-10.el8.x86_64.rpm\ngvfs-mtp-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-mtp-debuginfo-1.36.2-10.el8.x86_64.rpm\ngvfs-smb-1.36.2-10.el8.x86_64.rpm\ngvfs-smb-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-smb-debuginfo-1.36.2-10.el8.x86_64.rpm\nlibsoup-debuginfo-2.62.3-2.el8.i686.rpm\nlibsoup-debuginfo-2.62.3-2.el8.x86_64.rpm\nlibsoup-debugsource-2.62.3-2.el8.i686.rpm\nlibsoup-debugsource-2.62.3-2.el8.x86_64.rpm\nlibsoup-devel-2.62.3-2.el8.i686.rpm\nlibsoup-devel-2.62.3-2.el8.x86_64.rpm\nmutter-3.32.2-48.el8.i686.rpm\nmutter-3.32.2-48.el8.x86_64.rpm\nmutter-debuginfo-3.32.2-48.el8.i686.rpm\nmutter-debuginfo-3.32.2-48.el8.x86_64.rpm\nmutter-debugsource-3.32.2-48.el8.i686.rpm\nmutter-debugsource-3.32.2-48.el8.x86_64.rpm\nmutter-tests-debuginfo-3.32.2-48.el8.i686.rpm\nmutter-tests-debuginfo-3.32.2-48.el8.x86_64.rpm\nnautilus-3.28.1-14.el8.x86_64.rpm\nnautilus-debuginfo-3.28.1-14.el8.i686.rpm\nnautilus-debuginfo-3.28.1-14.el8.x86_64.rpm\nnautilus-debugsource-3.28.1-14.el8.i686.rpm\nnautilus-debugsource-3.28.1-14.el8.x86_64.rpm\nnautilus-extensions-3.28.1-14.el8.i686.rpm\nnautilus-extensions-3.28.1-14.el8.x86_64.rpm\nnautilus-extensions-debuginfo-3.28.1-14.el8.i686.rpm\nnautilus-extensions-debuginfo-3.28.1-14.el8.x86_64.rpm\npipewire-0.3.6-1.el8.i686.rpm\npipewire-0.3.6-1.el8.x86_64.rpm\npipewire-alsa-debuginfo-0.3.6-1.el8.i686.rpm\npipewire-alsa-debuginfo-0.3.6-1.el8.x86_64.rpm\npipewire-debuginfo-0.3.6-1.el8.i686.rpm\npipewire-debuginfo-0.3.6-1.el8.x86_64.rpm\npipewire-debugsource-0.3.6-1.el8.i686.rpm\npipewire-debugsource-0.3.6-1.el8.x86_64.rpm\npipewire-devel-0.3.6-1.el8.i686.rpm\npipewire-devel-0.3.6-1.el8.x86_64.rpm\npipewire-doc-0.3.6-1.el8.x86_64.rpm\npipewire-gstreamer-debuginfo-0.3.6-1.el8.i686.rpm\npipewire-gstreamer-debuginfo-0.3.6-1.el8.x86_64.rpm\npipewire-libs-0.3.6-1.el8.i686.rpm\npipewire-libs-0.3.6-1.el8.x86_64.rpm\npipewire-libs-debuginfo-0.3.6-1.el8.i686.rpm\npipewire-libs-debuginfo-0.3.6-1.el8.x86_64.rpm\npipewire-utils-0.3.6-1.el8.x86_64.rpm\npipewire-utils-debuginfo-0.3.6-1.el8.i686.rpm\npipewire-utils-debuginfo-0.3.6-1.el8.x86_64.rpm\npipewire0.2-debugsource-0.2.7-6.el8.i686.rpm\npipewire0.2-debugsource-0.2.7-6.el8.x86_64.rpm\npipewire0.2-devel-0.2.7-6.el8.i686.rpm\npipewire0.2-devel-0.2.7-6.el8.x86_64.rpm\npipewire0.2-libs-0.2.7-6.el8.i686.rpm\npipewire0.2-libs-0.2.7-6.el8.x86_64.rpm\npipewire0.2-libs-debuginfo-0.2.7-6.el8.i686.rpm\npipewire0.2-libs-debuginfo-0.2.7-6.el8.x86_64.rpm\npotrace-1.15-3.el8.i686.rpm\npotrace-1.15-3.el8.x86_64.rpm\npotrace-debuginfo-1.15-3.el8.i686.rpm\npotrace-debuginfo-1.15-3.el8.x86_64.rpm\npotrace-debugsource-1.15-3.el8.i686.rpm\npotrace-debugsource-1.15-3.el8.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el8.i686.rpm\npygobject3-debuginfo-3.28.3-2.el8.x86_64.rpm\npygobject3-debugsource-3.28.3-2.el8.i686.rpm\npygobject3-debugsource-3.28.3-2.el8.x86_64.rpm\npython3-gobject-3.28.3-2.el8.i686.rpm\npython3-gobject-3.28.3-2.el8.x86_64.rpm\npython3-gobject-base-3.28.3-2.el8.i686.rpm\npython3-gobject-base-debuginfo-3.28.3-2.el8.i686.rpm\npython3-gobject-base-debuginfo-3.28.3-2.el8.x86_64.rpm\npython3-gobject-debuginfo-3.28.3-2.el8.i686.rpm\npython3-gobject-debuginfo-3.28.3-2.el8.x86_64.rpm\ntracker-2.1.5-2.el8.i686.rpm\ntracker-2.1.5-2.el8.x86_64.rpm\ntracker-debuginfo-2.1.5-2.el8.i686.rpm\ntracker-debuginfo-2.1.5-2.el8.x86_64.rpm\ntracker-debugsource-2.1.5-2.el8.i686.rpm\ntracker-debugsource-2.1.5-2.el8.x86_64.rpm\nvte-profile-0.52.4-2.el8.x86_64.rpm\nvte291-0.52.4-2.el8.i686.rpm\nvte291-0.52.4-2.el8.x86_64.rpm\nvte291-debuginfo-0.52.4-2.el8.i686.rpm\nvte291-debuginfo-0.52.4-2.el8.x86_64.rpm\nvte291-debugsource-0.52.4-2.el8.i686.rpm\nvte291-debugsource-0.52.4-2.el8.x86_64.rpm\nvte291-devel-debuginfo-0.52.4-2.el8.i686.rpm\nvte291-devel-debuginfo-0.52.4-2.el8.x86_64.rpm\nwebkit2gtk3-2.28.4-1.el8.i686.rpm\nwebkit2gtk3-2.28.4-1.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.28.4-1.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.28.4-1.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.28.4-1.el8.i686.rpm\nwebkit2gtk3-debugsource-2.28.4-1.el8.x86_64.rpm\nwebkit2gtk3-devel-2.28.4-1.el8.i686.rpm\nwebkit2gtk3-devel-2.28.4-1.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.28.4-1.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.28.4-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.28.4-1.el8.i686.rpm\nwebkit2gtk3-jsc-2.28.4-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.28.4-1.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.28.4-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.28.4-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.28.4-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.x86_64.rpm\nwebrtc-audio-processing-0.3-9.el8.i686.rpm\nwebrtc-audio-processing-0.3-9.el8.x86_64.rpm\nwebrtc-audio-processing-debuginfo-0.3-9.el8.i686.rpm\nwebrtc-audio-processing-debuginfo-0.3-9.el8.x86_64.rpm\nwebrtc-audio-processing-debugsource-0.3-9.el8.i686.rpm\nwebrtc-audio-processing-debugsource-0.3-9.el8.x86_64.rpm\nxdg-desktop-portal-1.6.0-2.el8.x86_64.rpm\nxdg-desktop-portal-debuginfo-1.6.0-2.el8.x86_64.rpm\nxdg-desktop-portal-debugsource-1.6.0-2.el8.x86_64.rpm\nxdg-desktop-portal-gtk-1.6.0-1.el8.x86_64.rpm\nxdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8.x86_64.rpm\nxdg-desktop-portal-gtk-debugsource-1.6.0-1.el8.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ngsettings-desktop-schemas-3.32.0-5.el8.src.rpm\nlibsoup-2.62.3-2.el8.src.rpm\npygobject3-3.28.3-2.el8.src.rpm\n\naarch64:\ngsettings-desktop-schemas-3.32.0-5.el8.aarch64.rpm\nlibsoup-2.62.3-2.el8.aarch64.rpm\nlibsoup-debuginfo-2.62.3-2.el8.aarch64.rpm\nlibsoup-debugsource-2.62.3-2.el8.aarch64.rpm\npygobject3-debuginfo-3.28.3-2.el8.aarch64.rpm\npygobject3-debugsource-3.28.3-2.el8.aarch64.rpm\npython3-gobject-base-3.28.3-2.el8.aarch64.rpm\npython3-gobject-base-debuginfo-3.28.3-2.el8.aarch64.rpm\npython3-gobject-debuginfo-3.28.3-2.el8.aarch64.rpm\n\nppc64le:\ngsettings-desktop-schemas-3.32.0-5.el8.ppc64le.rpm\nlibsoup-2.62.3-2.el8.ppc64le.rpm\nlibsoup-debuginfo-2.62.3-2.el8.ppc64le.rpm\nlibsoup-debugsource-2.62.3-2.el8.ppc64le.rpm\npygobject3-debuginfo-3.28.3-2.el8.ppc64le.rpm\npygobject3-debugsource-3.28.3-2.el8.ppc64le.rpm\npython3-gobject-base-3.28.3-2.el8.ppc64le.rpm\npython3-gobject-base-debuginfo-3.28.3-2.el8.ppc64le.rpm\npython3-gobject-debuginfo-3.28.3-2.el8.ppc64le.rpm\n\ns390x:\ngsettings-desktop-schemas-3.32.0-5.el8.s390x.rpm\nlibsoup-2.62.3-2.el8.s390x.rpm\nlibsoup-debuginfo-2.62.3-2.el8.s390x.rpm\nlibsoup-debugsource-2.62.3-2.el8.s390x.rpm\npygobject3-debuginfo-3.28.3-2.el8.s390x.rpm\npygobject3-debugsource-3.28.3-2.el8.s390x.rpm\npython3-gobject-base-3.28.3-2.el8.s390x.rpm\npython3-gobject-base-debuginfo-3.28.3-2.el8.s390x.rpm\npython3-gobject-debuginfo-3.28.3-2.el8.s390x.rpm\n\nx86_64:\ngsettings-desktop-schemas-3.32.0-5.el8.x86_64.rpm\nlibsoup-2.62.3-2.el8.i686.rpm\nlibsoup-2.62.3-2.el8.x86_64.rpm\nlibsoup-debuginfo-2.62.3-2.el8.i686.rpm\nlibsoup-debuginfo-2.62.3-2.el8.x86_64.rpm\nlibsoup-debugsource-2.62.3-2.el8.i686.rpm\nlibsoup-debugsource-2.62.3-2.el8.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el8.x86_64.rpm\npygobject3-debugsource-3.28.3-2.el8.x86_64.rpm\npython3-gobject-base-3.28.3-2.el8.x86_64.rpm\npython3-gobject-base-debuginfo-3.28.3-2.el8.x86_64.rpm\npython3-gobject-debuginfo-3.28.3-2.el8.x86_64.rpm\n\nRed Hat CodeReady Linux Builder (v. 8):\n\nSource:\ngtk-doc-1.28-2.el8.src.rpm\n\naarch64:\nPackageKit-command-not-found-debuginfo-1.1.12-6.el8.aarch64.rpm\nPackageKit-debuginfo-1.1.12-6.el8.aarch64.rpm\nPackageKit-debugsource-1.1.12-6.el8.aarch64.rpm\nPackageKit-glib-debuginfo-1.1.12-6.el8.aarch64.rpm\nPackageKit-glib-devel-1.1.12-6.el8.aarch64.rpm\nPackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.aarch64.rpm\nPackageKit-gtk3-module-debuginfo-1.1.12-6.el8.aarch64.rpm\nfrei0r-devel-1.6.1-7.el8.aarch64.rpm\nfrei0r-plugins-debuginfo-1.6.1-7.el8.aarch64.rpm\nfrei0r-plugins-debugsource-1.6.1-7.el8.aarch64.rpm\nfrei0r-plugins-opencv-debuginfo-1.6.1-7.el8.aarch64.rpm\ngtk-doc-1.28-2.el8.aarch64.rpm\nmutter-debuginfo-3.32.2-48.el8.aarch64.rpm\nmutter-debugsource-3.32.2-48.el8.aarch64.rpm\nmutter-devel-3.32.2-48.el8.aarch64.rpm\nmutter-tests-debuginfo-3.32.2-48.el8.aarch64.rpm\nnautilus-debuginfo-3.28.1-14.el8.aarch64.rpm\nnautilus-debugsource-3.28.1-14.el8.aarch64.rpm\nnautilus-devel-3.28.1-14.el8.aarch64.rpm\nnautilus-extensions-debuginfo-3.28.1-14.el8.aarch64.rpm\npygobject3-debuginfo-3.28.3-2.el8.aarch64.rpm\npygobject3-debugsource-3.28.3-2.el8.aarch64.rpm\npygobject3-devel-3.28.3-2.el8.aarch64.rpm\npython3-gobject-base-debuginfo-3.28.3-2.el8.aarch64.rpm\npython3-gobject-debuginfo-3.28.3-2.el8.aarch64.rpm\ntracker-debuginfo-2.1.5-2.el8.aarch64.rpm\ntracker-debugsource-2.1.5-2.el8.aarch64.rpm\ntracker-devel-2.1.5-2.el8.aarch64.rpm\nvte291-debuginfo-0.52.4-2.el8.aarch64.rpm\nvte291-debugsource-0.52.4-2.el8.aarch64.rpm\nvte291-devel-0.52.4-2.el8.aarch64.rpm\nvte291-devel-debuginfo-0.52.4-2.el8.aarch64.rpm\n\nppc64le:\nLibRaw-debuginfo-0.19.5-2.el8.ppc64le.rpm\nLibRaw-debugsource-0.19.5-2.el8.ppc64le.rpm\nLibRaw-devel-0.19.5-2.el8.ppc64le.rpm\nLibRaw-samples-debuginfo-0.19.5-2.el8.ppc64le.rpm\nPackageKit-command-not-found-debuginfo-1.1.12-6.el8.ppc64le.rpm\nPackageKit-debuginfo-1.1.12-6.el8.ppc64le.rpm\nPackageKit-debugsource-1.1.12-6.el8.ppc64le.rpm\nPackageKit-glib-debuginfo-1.1.12-6.el8.ppc64le.rpm\nPackageKit-glib-devel-1.1.12-6.el8.ppc64le.rpm\nPackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.ppc64le.rpm\nPackageKit-gtk3-module-debuginfo-1.1.12-6.el8.ppc64le.rpm\nfrei0r-devel-1.6.1-7.el8.ppc64le.rpm\nfrei0r-plugins-debuginfo-1.6.1-7.el8.ppc64le.rpm\nfrei0r-plugins-debugsource-1.6.1-7.el8.ppc64le.rpm\nfrei0r-plugins-opencv-debuginfo-1.6.1-7.el8.ppc64le.rpm\ngtk-doc-1.28-2.el8.ppc64le.rpm\nmutter-debuginfo-3.32.2-48.el8.ppc64le.rpm\nmutter-debugsource-3.32.2-48.el8.ppc64le.rpm\nmutter-devel-3.32.2-48.el8.ppc64le.rpm\nmutter-tests-debuginfo-3.32.2-48.el8.ppc64le.rpm\nnautilus-debuginfo-3.28.1-14.el8.ppc64le.rpm\nnautilus-debugsource-3.28.1-14.el8.ppc64le.rpm\nnautilus-devel-3.28.1-14.el8.ppc64le.rpm\nnautilus-extensions-debuginfo-3.28.1-14.el8.ppc64le.rpm\npygobject3-debuginfo-3.28.3-2.el8.ppc64le.rpm\npygobject3-debugsource-3.28.3-2.el8.ppc64le.rpm\npygobject3-devel-3.28.3-2.el8.ppc64le.rpm\npython3-gobject-base-debuginfo-3.28.3-2.el8.ppc64le.rpm\npython3-gobject-debuginfo-3.28.3-2.el8.ppc64le.rpm\ntracker-debuginfo-2.1.5-2.el8.ppc64le.rpm\ntracker-debugsource-2.1.5-2.el8.ppc64le.rpm\ntracker-devel-2.1.5-2.el8.ppc64le.rpm\nvte291-debuginfo-0.52.4-2.el8.ppc64le.rpm\nvte291-debugsource-0.52.4-2.el8.ppc64le.rpm\nvte291-devel-0.52.4-2.el8.ppc64le.rpm\nvte291-devel-debuginfo-0.52.4-2.el8.ppc64le.rpm\n\ns390x:\nPackageKit-command-not-found-debuginfo-1.1.12-6.el8.s390x.rpm\nPackageKit-debuginfo-1.1.12-6.el8.s390x.rpm\nPackageKit-debugsource-1.1.12-6.el8.s390x.rpm\nPackageKit-glib-debuginfo-1.1.12-6.el8.s390x.rpm\nPackageKit-glib-devel-1.1.12-6.el8.s390x.rpm\nPackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.s390x.rpm\nPackageKit-gtk3-module-debuginfo-1.1.12-6.el8.s390x.rpm\nfrei0r-devel-1.6.1-7.el8.s390x.rpm\nfrei0r-plugins-debuginfo-1.6.1-7.el8.s390x.rpm\nfrei0r-plugins-debugsource-1.6.1-7.el8.s390x.rpm\nfrei0r-plugins-opencv-debuginfo-1.6.1-7.el8.s390x.rpm\ngtk-doc-1.28-2.el8.s390x.rpm\nmutter-debuginfo-3.32.2-48.el8.s390x.rpm\nmutter-debugsource-3.32.2-48.el8.s390x.rpm\nmutter-devel-3.32.2-48.el8.s390x.rpm\nmutter-tests-debuginfo-3.32.2-48.el8.s390x.rpm\nnautilus-debuginfo-3.28.1-14.el8.s390x.rpm\nnautilus-debugsource-3.28.1-14.el8.s390x.rpm\nnautilus-devel-3.28.1-14.el8.s390x.rpm\nnautilus-extensions-debuginfo-3.28.1-14.el8.s390x.rpm\npygobject3-debuginfo-3.28.3-2.el8.s390x.rpm\npygobject3-debugsource-3.28.3-2.el8.s390x.rpm\npygobject3-devel-3.28.3-2.el8.s390x.rpm\npython3-gobject-base-debuginfo-3.28.3-2.el8.s390x.rpm\npython3-gobject-debuginfo-3.28.3-2.el8.s390x.rpm\ntracker-debuginfo-2.1.5-2.el8.s390x.rpm\ntracker-debugsource-2.1.5-2.el8.s390x.rpm\ntracker-devel-2.1.5-2.el8.s390x.rpm\nvte291-debuginfo-0.52.4-2.el8.s390x.rpm\nvte291-debugsource-0.52.4-2.el8.s390x.rpm\nvte291-devel-0.52.4-2.el8.s390x.rpm\nvte291-devel-debuginfo-0.52.4-2.el8.s390x.rpm\n\nx86_64:\nLibRaw-debuginfo-0.19.5-2.el8.i686.rpm\nLibRaw-debuginfo-0.19.5-2.el8.x86_64.rpm\nLibRaw-debugsource-0.19.5-2.el8.i686.rpm\nLibRaw-debugsource-0.19.5-2.el8.x86_64.rpm\nLibRaw-devel-0.19.5-2.el8.i686.rpm\nLibRaw-devel-0.19.5-2.el8.x86_64.rpm\nLibRaw-samples-debuginfo-0.19.5-2.el8.i686.rpm\nLibRaw-samples-debuginfo-0.19.5-2.el8.x86_64.rpm\nPackageKit-command-not-found-debuginfo-1.1.12-6.el8.i686.rpm\nPackageKit-command-not-found-debuginfo-1.1.12-6.el8.x86_64.rpm\nPackageKit-debuginfo-1.1.12-6.el8.i686.rpm\nPackageKit-debuginfo-1.1.12-6.el8.x86_64.rpm\nPackageKit-debugsource-1.1.12-6.el8.i686.rpm\nPackageKit-debugsource-1.1.12-6.el8.x86_64.rpm\nPackageKit-glib-debuginfo-1.1.12-6.el8.i686.rpm\nPackageKit-glib-debuginfo-1.1.12-6.el8.x86_64.rpm\nPackageKit-glib-devel-1.1.12-6.el8.i686.rpm\nPackageKit-glib-devel-1.1.12-6.el8.x86_64.rpm\nPackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.i686.rpm\nPackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.x86_64.rpm\nPackageKit-gtk3-module-debuginfo-1.1.12-6.el8.i686.rpm\nPackageKit-gtk3-module-debuginfo-1.1.12-6.el8.x86_64.rpm\nfrei0r-devel-1.6.1-7.el8.i686.rpm\nfrei0r-devel-1.6.1-7.el8.x86_64.rpm\nfrei0r-plugins-1.6.1-7.el8.i686.rpm\nfrei0r-plugins-debuginfo-1.6.1-7.el8.i686.rpm\nfrei0r-plugins-debuginfo-1.6.1-7.el8.x86_64.rpm\nfrei0r-plugins-debugsource-1.6.1-7.el8.i686.rpm\nfrei0r-plugins-debugsource-1.6.1-7.el8.x86_64.rpm\nfrei0r-plugins-opencv-debuginfo-1.6.1-7.el8.i686.rpm\nfrei0r-plugins-opencv-debuginfo-1.6.1-7.el8.x86_64.rpm\ngtk-doc-1.28-2.el8.x86_64.rpm\ngvfs-1.36.2-10.el8.i686.rpm\ngvfs-afc-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-afp-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-archive-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-client-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-debugsource-1.36.2-10.el8.i686.rpm\ngvfs-fuse-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-goa-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-gphoto2-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-mtp-debuginfo-1.36.2-10.el8.i686.rpm\ngvfs-smb-debuginfo-1.36.2-10.el8.i686.rpm\nmutter-debuginfo-3.32.2-48.el8.i686.rpm\nmutter-debuginfo-3.32.2-48.el8.x86_64.rpm\nmutter-debugsource-3.32.2-48.el8.i686.rpm\nmutter-debugsource-3.32.2-48.el8.x86_64.rpm\nmutter-devel-3.32.2-48.el8.i686.rpm\nmutter-devel-3.32.2-48.el8.x86_64.rpm\nmutter-tests-debuginfo-3.32.2-48.el8.i686.rpm\nmutter-tests-debuginfo-3.32.2-48.el8.x86_64.rpm\nnautilus-3.28.1-14.el8.i686.rpm\nnautilus-debuginfo-3.28.1-14.el8.i686.rpm\nnautilus-debuginfo-3.28.1-14.el8.x86_64.rpm\nnautilus-debugsource-3.28.1-14.el8.i686.rpm\nnautilus-debugsource-3.28.1-14.el8.x86_64.rpm\nnautilus-devel-3.28.1-14.el8.i686.rpm\nnautilus-devel-3.28.1-14.el8.x86_64.rpm\nnautilus-extensions-debuginfo-3.28.1-14.el8.i686.rpm\nnautilus-extensions-debuginfo-3.28.1-14.el8.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el8.i686.rpm\npygobject3-debuginfo-3.28.3-2.el8.x86_64.rpm\npygobject3-debugsource-3.28.3-2.el8.i686.rpm\npygobject3-debugsource-3.28.3-2.el8.x86_64.rpm\npygobject3-devel-3.28.3-2.el8.i686.rpm\npygobject3-devel-3.28.3-2.el8.x86_64.rpm\npython3-gobject-base-debuginfo-3.28.3-2.el8.i686.rpm\npython3-gobject-base-debuginfo-3.28.3-2.el8.x86_64.rpm\npython3-gobject-debuginfo-3.28.3-2.el8.i686.rpm\npython3-gobject-debuginfo-3.28.3-2.el8.x86_64.rpm\ntracker-debuginfo-2.1.5-2.el8.i686.rpm\ntracker-debuginfo-2.1.5-2.el8.x86_64.rpm\ntracker-debugsource-2.1.5-2.el8.i686.rpm\ntracker-debugsource-2.1.5-2.el8.x86_64.rpm\ntracker-devel-2.1.5-2.el8.i686.rpm\ntracker-devel-2.1.5-2.el8.x86_64.rpm\nvte291-debuginfo-0.52.4-2.el8.i686.rpm\nvte291-debuginfo-0.52.4-2.el8.x86_64.rpm\nvte291-debugsource-0.52.4-2.el8.i686.rpm\nvte291-debugsource-0.52.4-2.el8.x86_64.rpm\nvte291-devel-0.52.4-2.el8.i686.rpm\nvte291-devel-0.52.4-2.el8.x86_64.rpm\nvte291-devel-debuginfo-0.52.4-2.el8.i686.rpm\nvte291-devel-debuginfo-0.52.4-2.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n\nInstallation note:\n\nSafari 13.1.1 may be obtained from the Mac App Store. \n\nCVE-2020-13753\n\n Milan Crha discovered that an attacker may be able to execute\n commands outside the bubblewrap sandbox. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.28.3-2~deb10u1. \n\nWe recommend that you upgrade your webkit2gtk packages. \n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/webkit2gtk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8PaKUACgkQEMKTtsN8\nTjaf3hAAjZCKrikC4P1I/xiuL6kRepTjURi3zeZl3YywPCFLi/irWXX+5U+ejZoM\nkek3wtdJc1thN8w9BbXhOVyLferb/xfnt5jUVtZ6JBNDKKWGXoTY0Qfdu2lH0vw5\nIV1lf5bvOdawrw/tVS9Uy3dTN1kXEBZ3q3XCpRXrBWEkrXtWG/yznGy0duebnI5h\nPM7D6R4PIKiCB3HBe9rszCIQrYcGQ/U3x8a/FPnPUO2TCRfVZG918M9yO1fN1v2R\n+08h0DcOU8ggIJQwJA9hm/V3mJWpTayHh/ouTI8PrIcwG0T2/qbtUm/9cj0wvmXW\nId+RgXtQAyKeXQoXD5oP9jzVDgmm7rn03Rn2FX5hzAdTJAqdvT/Mr4IDNcOgdS8O\nwXmGprdRvMzx0gXO5YpeTuhjQiCZS1fB9ByIOMq/7lIjpiBctrhTZQvlSMMyauIQ\nP7tTTT8zCZo0DIQc/c2KyCXlD9/ORZm801U5wpXwPXT9Zq8wRAp5PodK/4plOzKc\nJyJiPI6BR41+31C438nl3wifO/wLh8+6nHAb2rkRQSe6Tu9SKyqOmYT9Ev6JZi/1\nR8NMBFSmTYM/XUv5ECsTeL3uLvDnCpKAR0EnWz5z1Cqy2AYzEthEf+1dwXAooYvO\n2johOWMaUrSWJMsYdZjTFEahaCSO5oPTDlbZCB2yIgpc6P70irU=\n=L5lA\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9805"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006251"
},
{
"db": "VULHUB",
"id": "VHN-187930"
},
{
"db": "VULMON",
"id": "CVE-2020-9805"
},
{
"db": "PACKETSTORM",
"id": "158572"
},
{
"db": "PACKETSTORM",
"id": "157879"
},
{
"db": "PACKETSTORM",
"id": "157874"
},
{
"db": "PACKETSTORM",
"id": "159816"
},
{
"db": "PACKETSTORM",
"id": "157878"
},
{
"db": "PACKETSTORM",
"id": "157876"
},
{
"db": "PACKETSTORM",
"id": "168878"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9805",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "158572",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98042162",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006251",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1259",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157883",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2610",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2509",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1025",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3893",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0691",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2403",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0099",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4513",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2419",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0864",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0584",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0382",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1870",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0234",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "49288",
"trust": 0.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/07/10/1",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-43686",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-187930",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-9805",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157879",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157874",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159816",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157878",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157876",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168878",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187930"
},
{
"db": "VULMON",
"id": "CVE-2020-9805"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006251"
},
{
"db": "PACKETSTORM",
"id": "158572"
},
{
"db": "PACKETSTORM",
"id": "157879"
},
{
"db": "PACKETSTORM",
"id": "157874"
},
{
"db": "PACKETSTORM",
"id": "159816"
},
{
"db": "PACKETSTORM",
"id": "157878"
},
{
"db": "PACKETSTORM",
"id": "157876"
},
{
"db": "PACKETSTORM",
"id": "168878"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1259"
},
{
"db": "NVD",
"id": "CVE-2020-9805"
}
]
},
"id": "VAR-202006-1653",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187930"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:19:15.782000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT211179",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211179"
},
{
"title": "HT211181",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211181"
},
{
"title": "HT211168",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211168"
},
{
"title": "HT211171",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211171"
},
{
"title": "HT211175",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211175"
},
{
"title": "HT211177",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211177"
},
{
"title": "HT211178",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211178"
},
{
"title": "HT211181",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211181"
},
{
"title": "HT211168",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211168"
},
{
"title": "HT211171",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211171"
},
{
"title": "HT211175",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211175"
},
{
"title": "HT211177",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211177"
},
{
"title": "HT211178",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211178"
},
{
"title": "HT211179",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211179"
},
{
"title": "Multiple Apple product WebKit Fixes for component cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=121245"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2020/05/28/apple_may_updates/"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2020-9805 log"
},
{
"title": "Debian Security Advisories: DSA-4724-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=dea2e0f2e732c4316e7997209f1f239a"
},
{
"title": "Red Hat: Moderate: GNOME security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204451 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Quay v3.3.3 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210050 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210436 - security advisory"
},
{
"title": "Red Hat: Important: Service Telemetry Framework 1.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225924 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210190 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220056 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205605 - security advisory"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-9805"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006251"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1259"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187930"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006251"
},
{
"db": "NVD",
"id": "CVE-2020-9805"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9805"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211168"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211171"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211175"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211177"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211178"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211179"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211181"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9805"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98042162/index.html"
},
{
"trust": 0.7,
"url": "https://www.debian.org/security/2020/dsa-4724"
},
{
"trust": 0.7,
"url": "https://security.gentoo.org/glsa/202007-11"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9807"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9806"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9803"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9802"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ger2atkzxdhm7ffyjh67zpnzzx5vouvm/"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/4422-1/"
},
{
"trust": 0.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jdbxq2xa6x4dp4ytpxbomkslwued2kar/"
},
{
"trust": 0.6,
"url": "http://www.openwall.com/lists/oss-security/2020/07/10/1"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1025"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1870/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0382"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0864"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht211179"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht211178"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-32802"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2403/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0691"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2610/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht211178"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht211177"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2419/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4513/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0099/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0234/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0584"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158572/gentoo-linux-security-advisory-202007-11.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157883/apple-security-advisory-2020-05-26-4.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2509/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/49288"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3893/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9843"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9850"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9800"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20503"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9790"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9789"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3878"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9794"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13753"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9809"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9819"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9813"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9795"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9814"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9811"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9818"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9797"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9791"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9808"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9816"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20044"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9815"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9793"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9812"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2020-9805"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9821"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11793"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4451"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/solutions/537113"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8815"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8819"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15503"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9801"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187930"
},
{
"db": "VULMON",
"id": "CVE-2020-9805"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006251"
},
{
"db": "PACKETSTORM",
"id": "158572"
},
{
"db": "PACKETSTORM",
"id": "157879"
},
{
"db": "PACKETSTORM",
"id": "157874"
},
{
"db": "PACKETSTORM",
"id": "159816"
},
{
"db": "PACKETSTORM",
"id": "157878"
},
{
"db": "PACKETSTORM",
"id": "157876"
},
{
"db": "PACKETSTORM",
"id": "168878"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1259"
},
{
"db": "NVD",
"id": "CVE-2020-9805"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-187930"
},
{
"db": "VULMON",
"id": "CVE-2020-9805"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006251"
},
{
"db": "PACKETSTORM",
"id": "158572"
},
{
"db": "PACKETSTORM",
"id": "157879"
},
{
"db": "PACKETSTORM",
"id": "157874"
},
{
"db": "PACKETSTORM",
"id": "159816"
},
{
"db": "PACKETSTORM",
"id": "157878"
},
{
"db": "PACKETSTORM",
"id": "157876"
},
{
"db": "PACKETSTORM",
"id": "168878"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1259"
},
{
"db": "NVD",
"id": "CVE-2020-9805"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-187930"
},
{
"date": "2020-06-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9805"
},
{
"date": "2020-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006251"
},
{
"date": "2020-07-27T18:15:45",
"db": "PACKETSTORM",
"id": "158572"
},
{
"date": "2020-05-29T19:05:25",
"db": "PACKETSTORM",
"id": "157879"
},
{
"date": "2020-05-29T19:02:19",
"db": "PACKETSTORM",
"id": "157874"
},
{
"date": "2020-11-04T15:24:00",
"db": "PACKETSTORM",
"id": "159816"
},
{
"date": "2020-05-29T19:04:53",
"db": "PACKETSTORM",
"id": "157878"
},
{
"date": "2020-05-29T19:03:50",
"db": "PACKETSTORM",
"id": "157876"
},
{
"date": "2020-07-28T19:12:00",
"db": "PACKETSTORM",
"id": "168878"
},
{
"date": "2020-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1259"
},
{
"date": "2020-06-09T17:15:12.363000",
"db": "NVD",
"id": "CVE-2020-9805"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-187930"
},
{
"date": "2022-03-31T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9805"
},
{
"date": "2020-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006251"
},
{
"date": "2022-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1259"
},
{
"date": "2023-01-09T16:41:59.350000",
"db": "NVD",
"id": "CVE-2020-9805"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1259"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Logic vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006251"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1259"
}
],
"trust": 0.6
}
}
VAR-201903-0424
Vulnerability from variot - Updated: 2024-07-23 22:18A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of fonts. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. WebKit is prone to the following multiple security vulnerabilities: 1. Multiple remote code-execution vulnerabilities 2. A cross-site scripting vulnerability 3. Multiple memory corruption vulnerabilities Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or execute arbitrary code and perform unauthorized actions; Failed exploit attempts will result in denial-of-service conditions. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. tvOS is a smart TV operating system. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The following products and versions are affected: Apple iOS prior to 12.1.3; tvOS prior to 12.1.2; Safari prior to 12.0.3; Windows-based iCloud prior to 7.10. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-1-22-4 tvOS 12.1.2
tvOS 12.1.2 is now available and addresses the following:
AppleKeyStore Available for: Apple TV 4K and Apple TV (4th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A memory corruption issue was addressed with improved validation. CVE-2019-6235: Brandon Azad
CoreAnimation Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6231: Zhuo Liang of Qihoo 360 Nirvan Team
CoreAnimation Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to break out of its sandbox Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-6230: Proteas, Shrek_wzw and Zhuo Liang of Qihoo 360 Nirvan Team
FaceTime Available for: Apple TV 4K and Apple TV (4th generation) Impact: A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-6224: Natalie Silvanovich of Google Project Zero
IOKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to break out of its sandbox Description: A type confusion issue was addressed with improved memory handling. CVE-2019-6214: Ian Beer of Google Project Zero
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved validation. CVE-2019-6225: Brandon Azad of Google Project Zero, Qixun Zhao of Qihoo 360 Vulcan Team
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-6210: Ned Williamson of Google
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may cause unexpected changes in memory shared between processes Description: A memory corruption issue was addressed with improved lock state checking. CVE-2019-6205: Ian Beer of Google Project Zero
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-6213: Ian Beer of Google Project Zero
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2019-6209: Brandon Azad of Google Project Zero
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may cause unexpected changes in memory shared between processes Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-6208: Jann Horn of Google Project Zero
libxpc Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-6218: Ian Beer of Google Project Zero
SQLite Available for: Apple TV 4K and Apple TV (4th generation) Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-6212: an anonymous researcher, Wen Xu of SSLab at Georgia Tech CVE-2019-6216: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-6217: Fluoroacetate working with Trend Micro's Zero Day Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan Team CVE-2019-6226: Apple
Additional recognition
mDNSResponder We would like to acknowledge Fatemah Alharbi of University of California, Riverside (UCR) and Taibah University (TU), Feng Qian of University of Minnesota - Twin City, Jie Chang of LinkSure Network, Nael Abu-Ghazaleh of University of California, Riverside (UCR), Yuchen Zhou of Northeastern University, and Zhiyun Qian of University of California, Riverside (UCR) for their assistance.
WebKit We would like to acknowledge James Lee (@Windowsrcer) of Kryptos Logic for their assistance.
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."
To check the current version of software, select "Settings -> General -> About."
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxHSSgpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3H22Q/+ PKUpdAiTuY9INzQcN53qh0p0MKPEjbBmMfEeN7jB1yKoO9e7JSMHpVt5znw106Rp AJEzEsCYspVnAo7aWwcNygGamgNo8J/PJCGso4+drltefWa6XcInsTJ9iIk/sZCV iHgqz0qYZFSziaL0KecMjNK35CSTJQ/qnVv5fkRXOazRpFB0Zcp3ZINb72l5zPND CI2HkJMtGCbrUnN8OJvdFWLo7uXGIQEC3c4dlx/x8m/UtkO3Jsro1qOqTdLEKvaG 6Atj3cFVOnd/SM4geleBOe536hHPsgwTtctkNlKk8JE8CryjEarR+vpb6yRAt1Wx U0ykaXiRPyqadHhoOjtiSIpGZstOZ3lG0VLykhDAj/J2Mu5rwiFjdM4G0wRV0DE/ jVH/NxzoMRM+226T33bY2fM8SwtTsRw0gZyytZG2iIw1xT44ajvN6KTiR+M74h+J yYXw357yMvtOwhdnQ/Npk04OCiHvYr+Rr4spSSyJG6FkBINGL2uIx2p4GgxRFzjV akGElyRXa6WyKbILktAQz/JF6TGQvhhqBxjOmdF04Vs1gOA9h3sM64PsJlSVhx8A Nhvh9DjFMdBVd5es0sfCqtksWFETGnwi2kNhPc6AHAKlkgGntbR6Krc98JnxkTT+ buDgLRHED0aOFpnXiQ0lADYKLrHQoQFiM1btKUoHM94=ouaJ -----END PGP SIGNATURE----- .
Installation note:
Safari 12.0.3 may be obtained from the Mac App Store. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-12
https://security.gentoo.org/
Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: March 14, 2019 Bugs: #672108, #674702, #678334 ID: 201903-12
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.22.6 >= 2.22.6
Description
Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.6"
References
[ 1 ] CVE-2019-6212 https://nvd.nist.gov/vuln/detail/CVE-2019-6212 [ 2 ] CVE-2019-6215 https://nvd.nist.gov/vuln/detail/CVE-2019-6215 [ 3 ] CVE-2019-6216 https://nvd.nist.gov/vuln/detail/CVE-2019-6216 [ 4 ] CVE-2019-6217 https://nvd.nist.gov/vuln/detail/CVE-2019-6217 [ 5 ] CVE-2019-6226 https://nvd.nist.gov/vuln/detail/CVE-2019-6226 [ 6 ] CVE-2019-6227 https://nvd.nist.gov/vuln/detail/CVE-2019-6227 [ 7 ] CVE-2019-6229 https://nvd.nist.gov/vuln/detail/CVE-2019-6229 [ 8 ] CVE-2019-6233 https://nvd.nist.gov/vuln/detail/CVE-2019-6233 [ 9 ] CVE-2019-6234 https://nvd.nist.gov/vuln/detail/CVE-2019-6234
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201903-12
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ------------------------------------------------------------------------ WebKitGTK+ and WPE WebKit Security Advisory WSA-2019-0001
Date reported : February 08, 2019 Advisory ID : WSA-2019-0001 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2019-0001.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2019-0001.html CVE identifiers : CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226, CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, CVE-2019-6234.
CVE-2019-6212 Versions affected: WebKitGTK+ before 2.22.6 and WPE WebKit before 2.22.4. Credit to an anonymous researcher.
CVE-2019-6215 Versions affected: WebKitGTK+ before 2.22.6 and WPE WebKit before 2.22.4. Credit to Lokihardt of Google Project Zero.
CVE-2019-6216 Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before 2.22.3. Credit to Fluoroacetate working with Trend Micro's Zero Day Initiative.
CVE-2019-6217 Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before 2.22.3. Credit to Fluoroacetate working with Trend Micro's Zero Day Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan Team.
CVE-2019-6226 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Apple.
CVE-2019-6227 Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before 2.22.3. Credit to Qixun Zhao of Qihoo 360 Vulcan Team.
CVE-2019-6229 Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before 2.22.3. Credit to Ryan Pickren.
CVE-2019-6233 Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before 2.22.2. Credit to G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative.
CVE-2019-6234 Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before 2.22.2. Credit to G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative.
We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.
The WebKitGTK+ and WPE WebKit team, February 08, 2019
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0424",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.1.2"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.10"
},
{
"model": "webkitgtk\\+",
"scope": "lt",
"trust": 1.0,
"vendor": "webkitgtk",
"version": "2.22.6"
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.9.3"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.3"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.1.3"
},
{
"model": "webkitgtk+",
"scope": null,
"trust": 0.8,
"vendor": "the webkitgtk team",
"version": null
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 7.10 (windows 7 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.1.3 (ipad air or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.1.3 (iphone 5s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.1.3 (ipod touch first 6 generation )"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 12.9.3 (windows 7 or later )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.0.3 (macos high sierra 10.13.6)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.0.3 (macos mojave 10.14.3)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.0.3 (macos sierra 10.12.6)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.1.2 (apple tv 4k)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.1.2 (apple tv first 4 generation )"
},
{
"model": "webkit",
"scope": null,
"trust": 0.7,
"vendor": "apple",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "30"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.4.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.1.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.4.1"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.3.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "40"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.4"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "12.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "12.0.3"
},
{
"model": "icloud",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.10"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "tvos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "12.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.3"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.3"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-123"
},
{
"db": "BID",
"id": "106691"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002224"
},
{
"db": "NVD",
"id": "CVE-2019-6234"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.1.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.1.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.9.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.22.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6234"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "G. Geshev from MWR Labs",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-123"
}
],
"trust": 0.7
},
"cve": "CVE-2019-6234",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-6234",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-157669",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6234",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-6234",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6234",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2019-6234",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-825",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-157669",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6234",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-123"
},
{
"db": "VULHUB",
"id": "VHN-157669"
},
{
"db": "VULMON",
"id": "CVE-2019-6234"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002224"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-825"
},
{
"db": "NVD",
"id": "CVE-2019-6234"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of fonts. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. WebKit is prone to the following multiple security vulnerabilities:\n1. Multiple remote code-execution vulnerabilities\n2. A cross-site scripting vulnerability\n3. Multiple memory corruption vulnerabilities\nAttackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or execute arbitrary code and perform unauthorized actions; Failed exploit attempts will result in denial-of-service conditions. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. tvOS is a smart TV operating system. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The following products and versions are affected: Apple iOS prior to 12.1.3; tvOS prior to 12.1.2; Safari prior to 12.0.3; Windows-based iCloud prior to 7.10. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-1-22-4 tvOS 12.1.2\n\ntvOS 12.1.2 is now available and addresses the following:\n\nAppleKeyStore\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2019-6235: Brandon Azad\n\nCoreAnimation\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-6231: Zhuo Liang of Qihoo 360 Nirvan Team\n\nCoreAnimation\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-6230: Proteas, Shrek_wzw and Zhuo Liang of Qihoo 360 Nirvan\nTeam\n\nFaceTime\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A remote attacker may be able to initiate a FaceTime call\ncausing arbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2019-6224: Natalie Silvanovich of Google Project Zero\n\nIOKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2019-6214: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2019-6225: Brandon Azad of Google Project Zero, Qixun Zhao of\nQihoo 360 Vulcan Team\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2019-6210: Ned Williamson of Google\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may cause unexpected changes in\nmemory shared between processes\nDescription: A memory corruption issue was addressed with improved\nlock state checking. \nCVE-2019-6205: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-6213: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. \nCVE-2019-6209: Brandon Azad of Google Project Zero\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may cause unexpected changes in\nmemory shared between processes\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-6208: Jann Horn of Google Project Zero\n\nlibxpc\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2019-6218: Ian Beer of Google Project Zero\n\nSQLite\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A maliciously crafted SQL query may lead to arbitrary code\nexecution\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-6212: an anonymous researcher, Wen Xu of SSLab at Georgia\nTech\nCVE-2019-6216: Fluoroacetate working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2019-6217: Fluoroacetate working with Trend Micro\u0027s Zero Day\nInitiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan\nTeam\nCVE-2019-6226: Apple\n\nAdditional recognition\n\nmDNSResponder\nWe would like to acknowledge Fatemah Alharbi of University of\nCalifornia, Riverside (UCR) and Taibah University (TU), Feng Qian of\nUniversity of Minnesota - Twin City, Jie Chang of LinkSure Network,\nNael Abu-Ghazaleh of University of California, Riverside (UCR),\nYuchen Zhou of Northeastern University, and Zhiyun Qian of University\nof California, Riverside (UCR) for their assistance. \n\nWebKit\nWe would like to acknowledge James Lee (@Windowsrcer) of Kryptos\nLogic for their assistance. \n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxHSSgpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3H22Q/+\nPKUpdAiTuY9INzQcN53qh0p0MKPEjbBmMfEeN7jB1yKoO9e7JSMHpVt5znw106Rp\nAJEzEsCYspVnAo7aWwcNygGamgNo8J/PJCGso4+drltefWa6XcInsTJ9iIk/sZCV\niHgqz0qYZFSziaL0KecMjNK35CSTJQ/qnVv5fkRXOazRpFB0Zcp3ZINb72l5zPND\nCI2HkJMtGCbrUnN8OJvdFWLo7uXGIQEC3c4dlx/x8m/UtkO3Jsro1qOqTdLEKvaG\n6Atj3cFVOnd/SM4geleBOe536hHPsgwTtctkNlKk8JE8CryjEarR+vpb6yRAt1Wx\nU0ykaXiRPyqadHhoOjtiSIpGZstOZ3lG0VLykhDAj/J2Mu5rwiFjdM4G0wRV0DE/\njVH/NxzoMRM+226T33bY2fM8SwtTsRw0gZyytZG2iIw1xT44ajvN6KTiR+M74h+J\nyYXw357yMvtOwhdnQ/Npk04OCiHvYr+Rr4spSSyJG6FkBINGL2uIx2p4GgxRFzjV\nakGElyRXa6WyKbILktAQz/JF6TGQvhhqBxjOmdF04Vs1gOA9h3sM64PsJlSVhx8A\nNhvh9DjFMdBVd5es0sfCqtksWFETGnwi2kNhPc6AHAKlkgGntbR6Krc98JnxkTT+\nbuDgLRHED0aOFpnXiQ0lADYKLrHQoQFiM1btKUoHM94=ouaJ\n-----END PGP SIGNATURE-----\n. \n\nInstallation note:\n\nSafari 12.0.3 may be obtained from the Mac App Store. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201903-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: March 14, 2019\n Bugs: #672108, #674702, #678334\n ID: 201903-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from\nhybrid HTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.22.6 \u003e= 2.22.6 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.22.6\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-6212\n https://nvd.nist.gov/vuln/detail/CVE-2019-6212\n[ 2 ] CVE-2019-6215\n https://nvd.nist.gov/vuln/detail/CVE-2019-6215\n[ 3 ] CVE-2019-6216\n https://nvd.nist.gov/vuln/detail/CVE-2019-6216\n[ 4 ] CVE-2019-6217\n https://nvd.nist.gov/vuln/detail/CVE-2019-6217\n[ 5 ] CVE-2019-6226\n https://nvd.nist.gov/vuln/detail/CVE-2019-6226\n[ 6 ] CVE-2019-6227\n https://nvd.nist.gov/vuln/detail/CVE-2019-6227\n[ 7 ] CVE-2019-6229\n https://nvd.nist.gov/vuln/detail/CVE-2019-6229\n[ 8 ] CVE-2019-6233\n https://nvd.nist.gov/vuln/detail/CVE-2019-6233\n[ 9 ] CVE-2019-6234\n https://nvd.nist.gov/vuln/detail/CVE-2019-6234\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201903-12\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2019 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ------------------------------------------------------------------------\nWebKitGTK+ and WPE WebKit Security Advisory WSA-2019-0001\n------------------------------------------------------------------------\n\nDate reported : February 08, 2019\nAdvisory ID : WSA-2019-0001\nWebKitGTK+ Advisory URL : \nhttps://webkitgtk.org/security/WSA-2019-0001.html\nWPE WebKit Advisory URL : \nhttps://wpewebkit.org/security/WSA-2019-0001.html\nCVE identifiers : CVE-2019-6212, CVE-2019-6215, CVE-2019-6216,\n CVE-2019-6217, CVE-2019-6226, CVE-2019-6227,\n CVE-2019-6229, CVE-2019-6233, CVE-2019-6234. \n\nCVE-2019-6212\n Versions affected: WebKitGTK+ before 2.22.6 and WPE WebKit before\n 2.22.4. \n Credit to an anonymous researcher. \n\nCVE-2019-6215\n Versions affected: WebKitGTK+ before 2.22.6 and WPE WebKit before\n 2.22.4. \n Credit to Lokihardt of Google Project Zero. \n\nCVE-2019-6216\n Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before\n 2.22.3. \n Credit to Fluoroacetate working with Trend Micro\u0027s Zero Day\n Initiative. \n\nCVE-2019-6217\n Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before\n 2.22.3. \n Credit to Fluoroacetate working with Trend Micro\u0027s Zero Day\n Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan\n Team. \n\nCVE-2019-6226\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to Apple. \n\nCVE-2019-6227\n Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before\n 2.22.3. \n Credit to Qixun Zhao of Qihoo 360 Vulcan Team. \n\nCVE-2019-6229\n Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before\n 2.22.3. \n Credit to Ryan Pickren. \n\nCVE-2019-6233\n Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before\n 2.22.2. \n Credit to G. Geshev from MWR Labs working with Trend Micro\u0027s Zero\n Day Initiative. \n\nCVE-2019-6234\n Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before\n 2.22.2. \n Credit to G. Geshev from MWR Labs working with Trend Micro\u0027s Zero\n Day Initiative. \n\n\nWe recommend updating to the latest stable versions of WebKitGTK+ and\nWPE WebKit. It is the best way to ensure that you are running safe\nversions of WebKit. Please check our websites for information about the\nlatest stable releases. \n\nThe WebKitGTK+ and WPE WebKit team,\nFebruary 08, 2019\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6234"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002224"
},
{
"db": "ZDI",
"id": "ZDI-19-123"
},
{
"db": "BID",
"id": "106691"
},
{
"db": "VULHUB",
"id": "VHN-157669"
},
{
"db": "VULMON",
"id": "CVE-2019-6234"
},
{
"db": "PACKETSTORM",
"id": "151281"
},
{
"db": "PACKETSTORM",
"id": "151332"
},
{
"db": "PACKETSTORM",
"id": "151283"
},
{
"db": "PACKETSTORM",
"id": "151282"
},
{
"db": "PACKETSTORM",
"id": "152086"
},
{
"db": "PACKETSTORM",
"id": "151592"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6234",
"trust": 4.2
},
{
"db": "BID",
"id": "106691",
"trust": 2.1
},
{
"db": "JVN",
"id": "JVNVU97670311",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002224",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7204",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-123",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201901-825",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "152086",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.0604",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0639",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-157669",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6234",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151281",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151332",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151283",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151282",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151592",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-123"
},
{
"db": "VULHUB",
"id": "VHN-157669"
},
{
"db": "VULMON",
"id": "CVE-2019-6234"
},
{
"db": "BID",
"id": "106691"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002224"
},
{
"db": "PACKETSTORM",
"id": "151281"
},
{
"db": "PACKETSTORM",
"id": "151332"
},
{
"db": "PACKETSTORM",
"id": "151283"
},
{
"db": "PACKETSTORM",
"id": "151282"
},
{
"db": "PACKETSTORM",
"id": "152086"
},
{
"db": "PACKETSTORM",
"id": "151592"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-825"
},
{
"db": "NVD",
"id": "CVE-2019-6234"
}
]
},
"id": "VAR-201903-0424",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-157669"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:18:36.709000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT209443",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht209443"
},
{
"title": "HT209447",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht209447"
},
{
"title": "HT209449",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht209449"
},
{
"title": "HT209450",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht209450"
},
{
"title": "HT209451",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht209451"
},
{
"title": "HT209447",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht209447"
},
{
"title": "HT209449",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht209449"
},
{
"title": "HT209450",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht209450"
},
{
"title": "HT209451",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht209451"
},
{
"title": "HT209443",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht209443"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://webkit.org/"
},
{
"title": "Apple has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://support.apple.com/kb/ht201222"
},
{
"title": "Multiple Apple product WebKit Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88890"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-123"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002224"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-825"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002224"
},
{
"db": "NVD",
"id": "CVE-2019-6234"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.securityfocus.com/bid/106691"
},
{
"trust": 2.7,
"url": "https://security.gentoo.org/glsa/201903-12"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6234"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht209443"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht209447"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht209449"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht209450"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht209451"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6234"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97670311/index.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6226"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6212"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6216"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6233"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6215"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6227"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6229"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6217"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190497-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190511-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76318"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76166"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152086/gentoo-linux-security-advisory-201903-12.html"
},
{
"trust": 0.4,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-ie/ht209451"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-ie/ht209443"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht209450"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-ie/ht209449"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-ie/ht209447"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/accessibility/tvos/"
},
{
"trust": 0.3,
"url": "https://www.apple.com/icloud/"
},
{
"trust": 0.3,
"url": "http://www.webkit.org/"
},
{
"trust": 0.3,
"url": "https://lists.apple.com/archives/security-announce/2019/jan/msg00006.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20346"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20505"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20506"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6235"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht204283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6221"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6225"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6230"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6209"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6228"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2019-0001.html"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security.html"
},
{
"trust": 0.1,
"url": "https://wpewebkit.org/security/wsa-2019-0001.html"
},
{
"trust": 0.1,
"url": "https://wpewebkit.org/security/."
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-123"
},
{
"db": "VULHUB",
"id": "VHN-157669"
},
{
"db": "VULMON",
"id": "CVE-2019-6234"
},
{
"db": "BID",
"id": "106691"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002224"
},
{
"db": "PACKETSTORM",
"id": "151281"
},
{
"db": "PACKETSTORM",
"id": "151332"
},
{
"db": "PACKETSTORM",
"id": "151283"
},
{
"db": "PACKETSTORM",
"id": "151282"
},
{
"db": "PACKETSTORM",
"id": "152086"
},
{
"db": "PACKETSTORM",
"id": "151592"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-825"
},
{
"db": "NVD",
"id": "CVE-2019-6234"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-19-123"
},
{
"db": "VULHUB",
"id": "VHN-157669"
},
{
"db": "VULMON",
"id": "CVE-2019-6234"
},
{
"db": "BID",
"id": "106691"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002224"
},
{
"db": "PACKETSTORM",
"id": "151281"
},
{
"db": "PACKETSTORM",
"id": "151332"
},
{
"db": "PACKETSTORM",
"id": "151283"
},
{
"db": "PACKETSTORM",
"id": "151282"
},
{
"db": "PACKETSTORM",
"id": "152086"
},
{
"db": "PACKETSTORM",
"id": "151592"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-825"
},
{
"db": "NVD",
"id": "CVE-2019-6234"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-25T00:00:00",
"db": "ZDI",
"id": "ZDI-19-123"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157669"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6234"
},
{
"date": "2019-01-22T00:00:00",
"db": "BID",
"id": "106691"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002224"
},
{
"date": "2019-01-23T21:27:12",
"db": "PACKETSTORM",
"id": "151281"
},
{
"date": "2019-01-25T14:58:45",
"db": "PACKETSTORM",
"id": "151332"
},
{
"date": "2019-01-23T21:28:00",
"db": "PACKETSTORM",
"id": "151283"
},
{
"date": "2019-01-23T21:27:49",
"db": "PACKETSTORM",
"id": "151282"
},
{
"date": "2019-03-14T16:23:59",
"db": "PACKETSTORM",
"id": "152086"
},
{
"date": "2019-02-11T16:03:48",
"db": "PACKETSTORM",
"id": "151592"
},
{
"date": "2019-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-825"
},
{
"date": "2019-03-05T16:29:03.027000",
"db": "NVD",
"id": "CVE-2019-6234"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-25T00:00:00",
"db": "ZDI",
"id": "ZDI-19-123"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-157669"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6234"
},
{
"date": "2019-01-22T00:00:00",
"db": "BID",
"id": "106691"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002224"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-825"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-6234"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-825"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Memory corruption vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002224"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-825"
}
],
"trust": 0.6
}
}