var-201912-0629
Vulnerability from variot
A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Falsification of information * Arbitrary code execution * Service operation interruption (DoS) * Privilege escalation * Authentication bypass. The product supports storage of music, photos, App and contacts, etc. WebKit is one of the web browser engine components. Cross-site scripting vulnerabilities exist in the WebKit components of Apple iTunes versions prior to 12.10.1, iCloud versions prior to 7.14, and versions prior to 10.7 based on the Windows platform. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237) WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. This issue is fixed in iOS 13, Safari 13. (CVE-2019-8719) This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766) "Clear History and Website Data" did not clear the history. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768) An issue existed in the drawing of web page elements. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. This issue is fixed in Safari 13.0.1, iOS 13. (CVE-2019-8846) WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018) A use-after-free flaw exists in WebKitGTK. This flaw allows remote malicious users to execute arbitrary code or cause a denial of service. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885) A race condition was addressed with additional validation. An application may be able to read restricted memory. A remote attacker may be able to cause arbitrary code execution. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-3902).
Bug Fix(es): * NVD feed fixed in Clair-v2 (clair-jwt image)
- Solution:
Download the release images via:
quay.io/redhat/quay:v3.3.3 quay.io/redhat/clair-jwt:v3.3.3 quay.io/redhat/quay-builder:v3.3.3 quay.io/redhat/clair:v3.3.3
- Bugs fixed (https://bugzilla.redhat.com/):
1905758 - CVE-2020-27831 quay: email notifications authorization bypass 1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display
- JIRA issues fixed (https://issues.jboss.org/):
PROJQUAY-1124 - NVD feed is broken for latest Clair v2 version
For the stable distribution (buster), these problems have been fixed in version 2.26.1-3~deb10u1.
We recommend that you upgrade your webkit2gtk packages.
Bug Fix(es):
-
Aggregator pod tries to parse ConfigMaps without results (BZ#1899479)
-
The compliancesuite object returns error with ocp4-cis tailored profile (BZ#1902251)
-
The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object (BZ#1902634)
-
[OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object (BZ#1907414)
-
The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator (BZ#1908991)
-
Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" (BZ#1909081)
-
[OCP v46] Always update the default profilebundles on Compliance operator startup (BZ#1909122)
-
Bugs fixed (https://bugzilla.redhat.com/):
1899479 - Aggregator pod tries to parse ConfigMaps without results 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902251 - The compliancesuite object returns error with ocp4-cis tailored profile 1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object 1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object 1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator 1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" 1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-10-07-2 iTunes for Windows 12.10.1
iTunes for Windows 12.10.1 is now available and addresses the following:
UIFoundation Available for: Windows 7 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8707: an anonymous researcher working with Trend Micro's Zero Day Initiative, cc working with Trend Micro Zero Day Initiative CVE-2019-8720: Wen Xu of SSLab at Georgia Tech CVE-2019-8726: Jihui Lu of Tencent KeenLab CVE-2019-8733: Sergei Glazunov of Google Project Zero CVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8763: Sergei Glazunov of Google Project Zero
Additional recognition
Software Update We would like to acknowledge Michael Gorelik (@smgoreli) of Morphisec (morphisec.com) for their assistance.
WebKit We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) and Zhihua Yao of DBAPPSecurity Zion Lab for their assistance.
Installation note:
iTunes for Windows 12.10.1 may be obtained from: https://www.apple.com/itunes/download/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2biHQpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M2l2w/8 CFBwglpJCrfPpY9BoPkHRgMEWB+9hPfa3PQ5R4+OhXkT19UKFDwkhCFqgDgPS98o e7QVX9224AIdVDK3ZiViq7O4ToFiJDOYUEu9xdMAqH3qhY7lvBbaUijs3fH6DNFQ KhiNHhhbZyMc73p9wd03ykASA0VFwLXg0YS0SdQNlKCqKe988+87t02NlvDuVlQB VR47deoDbeYg51HmUU2a3sD5l/IVHWan9Vzya+rCUpdUpOHTI2kow0B2+AQbZT0C FUx0qBze8i6WE8An3E/rEJ2gz2wLpyGXDwQfNyZ/4cmyV7U6PjiYf9JIWE3T2nOm FHZUEYvYejNqaFe0tIulsq4IqEE8f3vszKPkRkYsuFYASN/3EYVSlqoHEEpw58bm 8JvRDloxlJwIgA6hRaDalzDDRJaDOR2oWL4L0vhi+JEO57cKZb6KciUEsOX4xb7Z 6BxCVAFzz2NFn8qnVx8QHP+L5DMFioJTkyhx+hxjYpKSpygrXob1BZnwnqlP1aS0 9tjZhQx4+/lULGoh88ICJWDQDwQmyTxgWGuYj5VZ1HYjSuBzlZ7/+CZiD6dM37jS CYSFG7xRV3bb+mHQaBmEa8pKUkpjbU8hVOcipT5kEPb2MLlakNrjtxo/VYA4aPKI n1x9sk0QBlyxN1hI/ayKHV0JsnnXFJHArIiBTcLm/lc= =kwOT -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.7.0 extras and security update Advisory ID: RHSA-2020:5635-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:5635 Issue date: 2021-02-24 CVE Names: CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-13050 CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15903 CVE-2019-16168 CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 CVE-2019-19221 CVE-2019-19906 CVE-2019-19956 CVE-2019-20218 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20807 CVE-2019-20907 CVE-2019-20916 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-8492 CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-11793 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14040 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 CVE-2020-15999 CVE-2020-24659 CVE-2020-24750 CVE-2020-25211 CVE-2020-25658 CVE-2021-3121 ==================================================================== 1. Summary:
Red Hat OpenShift Container Platform release 4.7.0 is now available with updates to packages and images that fix several bugs and add enhancements.
This release also includes a security update for Red Hat OpenShift Container Platform 4.7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)
-
gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
-
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.0. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHEA-2020:5633
All OpenShift Container Platform users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor.
- Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html.
- Bugs fixed (https://bugzilla.redhat.com/):
1823765 - nfd-workers crash under an ipv6 environment 1838802 - mysql8 connector from operatorhub does not work with metering operator 1838845 - Metering operator can't connect to postgres DB from Operator Hub 1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1868294 - NFD operator does not allow customisation of nfd-worker.conf 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1890672 - NFD is missing a build flag to build correctly 1890741 - path to the CA trust bundle ConfigMap is broken in report operator 1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster 1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel 1900125 - FIPS error while generating RSA private key for CA 1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub 1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub 1913837 - The CI and ART 4.7 metering images are not mirrored 1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le 1916010 - olm skip range is set to the wrong range 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923998 - NFD Operator is failing to update and remains in Replacing state
- References:
https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-3884 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-17450 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3898 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-8566 https://access.redhat.com/security/cve/CVE-2020-8619 https://access.redhat.com/security/cve/CVE-2020-8622 https://access.redhat.com/security/cve/CVE-2020-8623 https://access.redhat.com/security/cve/CVE-2020-8624 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15157 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYDZx29zjgjWX9erEAQiEgw/8DBuxuo7e4Ww4JhGygUbWXrPRpqJ7EJGr drhHbl+7uxzEcIIPBh3yN41AHKAJDfdCrGglmGdqrtDjrO94T+yVOucl0wwFPOoY 0zSdNBgpQlgRIzbmtpsDFv3N09kP6rWiUMbCGWiGTPKTSzYKP1T7ugA2WeK5pwXR QeEbmp4Ewbur3KOgdcj75++PgJ8OIQhZcN+u5q/6ThcKmXOUSflVp1U6V8X5vm6i vyV91W2uQcbE3ttBp2n2utrDi1c2C6dQL8AcnApetB/Kz7tHxviW+ZV9hzOhQEtd w4rMKx4HTntvWnvrETVTxYI4Zq+Zs4CAGVfemika/GzhM9z+BTsmeoNXEWVDcp3X g+4ItofTYQON4WhPBzaPdCLFNbBIOxZpqFbVblVouwCw5e+QKOx0PJPtLk5XlePt ofKaoxgu9OYonOafKvTncZu4gBL4vNHrggnDBB8TKxgojh6lELImxAndjuD8hmca 2WWhFDqANz4ib4ldVfPvLm6uwaXpqCNgYNYWMtzWTSYtr/K3emmKWDzfRn2UXFEB aFeds0m0Z7DBMnlq2wEecaZMYW1r10AZs/MAlpTkeiRu7EGOlepiw5HKFBZFhkUB vAHKSnP4VTZRNTG5xa5b4abWcYYAJo3dvvsLGTwy4aBM4j/zR01mDbXYE3+APfHS uytAlyUdH6c=Ibze -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-22
https://security.gentoo.org/
Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: March 15, 2020 Bugs: #699156, #706374, #709612 ID: 202003-22
Synopsis
Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.26.4 >= 2.26.4
Description
Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.26.4"
References
[ 1 ] CVE-2019-8625 https://nvd.nist.gov/vuln/detail/CVE-2019-8625 [ 2 ] CVE-2019-8674 https://nvd.nist.gov/vuln/detail/CVE-2019-8674 [ 3 ] CVE-2019-8707 https://nvd.nist.gov/vuln/detail/CVE-2019-8707 [ 4 ] CVE-2019-8710 https://nvd.nist.gov/vuln/detail/CVE-2019-8710 [ 5 ] CVE-2019-8719 https://nvd.nist.gov/vuln/detail/CVE-2019-8719 [ 6 ] CVE-2019-8720 https://nvd.nist.gov/vuln/detail/CVE-2019-8720 [ 7 ] CVE-2019-8726 https://nvd.nist.gov/vuln/detail/CVE-2019-8726 [ 8 ] CVE-2019-8733 https://nvd.nist.gov/vuln/detail/CVE-2019-8733 [ 9 ] CVE-2019-8735 https://nvd.nist.gov/vuln/detail/CVE-2019-8735 [ 10 ] CVE-2019-8743 https://nvd.nist.gov/vuln/detail/CVE-2019-8743 [ 11 ] CVE-2019-8763 https://nvd.nist.gov/vuln/detail/CVE-2019-8763 [ 12 ] CVE-2019-8764 https://nvd.nist.gov/vuln/detail/CVE-2019-8764 [ 13 ] CVE-2019-8765 https://nvd.nist.gov/vuln/detail/CVE-2019-8765 [ 14 ] CVE-2019-8766 https://nvd.nist.gov/vuln/detail/CVE-2019-8766 [ 15 ] CVE-2019-8768 https://nvd.nist.gov/vuln/detail/CVE-2019-8768 [ 16 ] CVE-2019-8769 https://nvd.nist.gov/vuln/detail/CVE-2019-8769 [ 17 ] CVE-2019-8771 https://nvd.nist.gov/vuln/detail/CVE-2019-8771 [ 18 ] CVE-2019-8782 https://nvd.nist.gov/vuln/detail/CVE-2019-8782 [ 19 ] CVE-2019-8783 https://nvd.nist.gov/vuln/detail/CVE-2019-8783 [ 20 ] CVE-2019-8808 https://nvd.nist.gov/vuln/detail/CVE-2019-8808 [ 21 ] CVE-2019-8811 https://nvd.nist.gov/vuln/detail/CVE-2019-8811 [ 22 ] CVE-2019-8812 https://nvd.nist.gov/vuln/detail/CVE-2019-8812 [ 23 ] CVE-2019-8813 https://nvd.nist.gov/vuln/detail/CVE-2019-8813 [ 24 ] CVE-2019-8814 https://nvd.nist.gov/vuln/detail/CVE-2019-8814 [ 25 ] CVE-2019-8815 https://nvd.nist.gov/vuln/detail/CVE-2019-8815 [ 26 ] CVE-2019-8816 https://nvd.nist.gov/vuln/detail/CVE-2019-8816 [ 27 ] CVE-2019-8819 https://nvd.nist.gov/vuln/detail/CVE-2019-8819 [ 28 ] CVE-2019-8820 https://nvd.nist.gov/vuln/detail/CVE-2019-8820 [ 29 ] CVE-2019-8821 https://nvd.nist.gov/vuln/detail/CVE-2019-8821 [ 30 ] CVE-2019-8822 https://nvd.nist.gov/vuln/detail/CVE-2019-8822 [ 31 ] CVE-2019-8823 https://nvd.nist.gov/vuln/detail/CVE-2019-8823 [ 32 ] CVE-2019-8835 https://nvd.nist.gov/vuln/detail/CVE-2019-8835 [ 33 ] CVE-2019-8844 https://nvd.nist.gov/vuln/detail/CVE-2019-8844 [ 34 ] CVE-2019-8846 https://nvd.nist.gov/vuln/detail/CVE-2019-8846 [ 35 ] CVE-2020-3862 https://nvd.nist.gov/vuln/detail/CVE-2020-3862 [ 36 ] CVE-2020-3864 https://nvd.nist.gov/vuln/detail/CVE-2020-3864 [ 37 ] CVE-2020-3865 https://nvd.nist.gov/vuln/detail/CVE-2020-3865 [ 38 ] CVE-2020-3867 https://nvd.nist.gov/vuln/detail/CVE-2020-3867 [ 39 ] CVE-2020-3868 https://nvd.nist.gov/vuln/detail/CVE-2020-3868
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-22
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0629",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.7"
},
{
"model": "icloud",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.0"
},
{
"model": "webkitgtk\\+",
"scope": "lt",
"trust": 1.0,
"vendor": "webkitgtk",
"version": "2.26.4"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.14"
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.10.1"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 10.9 earlier"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 7.16 (includes aas 8.2) earlier"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.4.4 earlier"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "13.3 earlier"
},
{
"model": "ipados",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "13.3 earlier"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.10.3 for windows earlier"
},
{
"model": "macos catalina",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.15.2 earlier"
},
{
"model": "macos high sierra",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.13.6 (security update 2019-007 not applied )"
},
{
"model": "macos mojave",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.14.6 (security update 2019-002 not applied )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "13.0.4 earlier"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "13.3 earlier"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.3.4 earlier"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.1.1 earlier"
},
{
"model": "xcode",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.3 earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012754"
},
{
"db": "NVD",
"id": "CVE-2019-8625"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:icloud",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:ipados",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_catalina",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_high_sierra",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_mojave",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:watchos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:xcode",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012754"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "161016"
},
{
"db": "PACKETSTORM",
"id": "161536"
}
],
"trust": 0.3
},
"cve": "CVE-2019-8625",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-8625",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-160060",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-8625",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-8625",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-160060",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-8625",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160060"
},
{
"db": "VULMON",
"id": "CVE-2019-8625"
},
{
"db": "NVD",
"id": "CVE-2019-8625"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Falsification of information * Arbitrary code execution * Service operation interruption (DoS) * Privilege escalation * Authentication bypass. The product supports storage of music, photos, App and contacts, etc. WebKit is one of the web browser engine components. Cross-site scripting vulnerabilities exist in the WebKit components of Apple iTunes versions prior to 12.10.1, iCloud versions prior to 7.14, and versions prior to 10.7 based on the Windows platform. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237)\nWebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. This issue is fixed in iOS 13, Safari 13. (CVE-2019-8719)\nThis fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766)\n\"Clear History and Website Data\" did not clear the history. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768)\nAn issue existed in the drawing of web page elements. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. This issue is fixed in Safari 13.0.1, iOS 13. (CVE-2019-8846)\nWebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018)\nA use-after-free flaw exists in WebKitGTK. This flaw allows remote malicious users to execute arbitrary code or cause a denial of service. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885)\nA race condition was addressed with additional validation. An application may be able to read restricted memory. A remote attacker may be able to cause arbitrary code execution. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-3902). \n\nBug Fix(es):\n* NVD feed fixed in Clair-v2 (clair-jwt image)\n\n3. Solution:\n\nDownload the release images via:\n\nquay.io/redhat/quay:v3.3.3\nquay.io/redhat/clair-jwt:v3.3.3\nquay.io/redhat/quay-builder:v3.3.3\nquay.io/redhat/clair:v3.3.3\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1905758 - CVE-2020-27831 quay: email notifications authorization bypass\n1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nPROJQUAY-1124 - NVD feed is broken for latest Clair v2 version\n\n6. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.26.1-3~deb10u1. \n\nWe recommend that you upgrade your webkit2gtk packages. \n\nBug Fix(es):\n\n* Aggregator pod tries to parse ConfigMaps without results (BZ#1899479)\n\n* The compliancesuite object returns error with ocp4-cis tailored profile\n(BZ#1902251)\n\n* The compliancesuite does not trigger when there are multiple rhcos4\nprofiles added in scansettingbinding object (BZ#1902634)\n\n* [OCP v46] Not all remediations get applied through machineConfig although\nthe status of all rules shows Applied in ComplianceRemediations object\n(BZ#1907414)\n\n* The profile parser pod deployment and associated profiles should get\nremoved after upgrade the compliance operator (BZ#1908991)\n\n* Applying the \"rhcos4-moderate\" compliance profile leads to Ignition error\n\"something else exists at that path\" (BZ#1909081)\n\n* [OCP v46] Always update the default profilebundles on Compliance operator\nstartup (BZ#1909122)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1899479 - Aggregator pod tries to parse ConfigMaps without results\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1902251 - The compliancesuite object returns error with ocp4-cis tailored profile\n1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object\n1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object\n1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator\n1909081 - Applying the \"rhcos4-moderate\" compliance profile leads to Ignition error \"something else exists at that path\"\n1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-10-07-2 iTunes for Windows 12.10.1\n\niTunes for Windows 12.10.1 is now available and addresses the\nfollowing:\n\nUIFoundation\nAvailable for: Windows 7 and later\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8707: an anonymous researcher working with Trend Micro\u0027s\nZero Day Initiative, cc working with Trend Micro Zero Day Initiative\nCVE-2019-8720: Wen Xu of SSLab at Georgia Tech\nCVE-2019-8726: Jihui Lu of Tencent KeenLab\nCVE-2019-8733: Sergei Glazunov of Google Project Zero\nCVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative\nCVE-2019-8763: Sergei Glazunov of Google Project Zero\n\nAdditional recognition\n\nSoftware Update\nWe would like to acknowledge Michael Gorelik (@smgoreli) of Morphisec\n(morphisec.com) for their assistance. \n\nWebKit\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) and\nZhihua Yao of DBAPPSecurity Zion Lab for their assistance. \n\nInstallation note:\n\niTunes for Windows 12.10.1 may be obtained from:\nhttps://www.apple.com/itunes/download/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2biHQpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M2l2w/8\nCFBwglpJCrfPpY9BoPkHRgMEWB+9hPfa3PQ5R4+OhXkT19UKFDwkhCFqgDgPS98o\ne7QVX9224AIdVDK3ZiViq7O4ToFiJDOYUEu9xdMAqH3qhY7lvBbaUijs3fH6DNFQ\nKhiNHhhbZyMc73p9wd03ykASA0VFwLXg0YS0SdQNlKCqKe988+87t02NlvDuVlQB\nVR47deoDbeYg51HmUU2a3sD5l/IVHWan9Vzya+rCUpdUpOHTI2kow0B2+AQbZT0C\nFUx0qBze8i6WE8An3E/rEJ2gz2wLpyGXDwQfNyZ/4cmyV7U6PjiYf9JIWE3T2nOm\nFHZUEYvYejNqaFe0tIulsq4IqEE8f3vszKPkRkYsuFYASN/3EYVSlqoHEEpw58bm\n8JvRDloxlJwIgA6hRaDalzDDRJaDOR2oWL4L0vhi+JEO57cKZb6KciUEsOX4xb7Z\n6BxCVAFzz2NFn8qnVx8QHP+L5DMFioJTkyhx+hxjYpKSpygrXob1BZnwnqlP1aS0\n9tjZhQx4+/lULGoh88ICJWDQDwQmyTxgWGuYj5VZ1HYjSuBzlZ7/+CZiD6dM37jS\nCYSFG7xRV3bb+mHQaBmEa8pKUkpjbU8hVOcipT5kEPb2MLlakNrjtxo/VYA4aPKI\nn1x9sk0QBlyxN1hI/ayKHV0JsnnXFJHArIiBTcLm/lc=\n=kwOT\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: OpenShift Container Platform 4.7.0 extras and security update\nAdvisory ID: RHSA-2020:5635-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:5635\nIssue date: 2021-02-24\nCVE Names: CVE-2018-20843 CVE-2019-3884 CVE-2019-5018\n CVE-2019-8625 CVE-2019-8710 CVE-2019-8720\n CVE-2019-8743 CVE-2019-8764 CVE-2019-8766\n CVE-2019-8769 CVE-2019-8771 CVE-2019-8782\n CVE-2019-8783 CVE-2019-8808 CVE-2019-8811\n CVE-2019-8812 CVE-2019-8813 CVE-2019-8814\n CVE-2019-8815 CVE-2019-8816 CVE-2019-8819\n CVE-2019-8820 CVE-2019-8823 CVE-2019-8835\n CVE-2019-8844 CVE-2019-8846 CVE-2019-13050\n CVE-2019-13225 CVE-2019-13627 CVE-2019-14889\n CVE-2019-15165 CVE-2019-15903 CVE-2019-16168\n CVE-2019-16935 CVE-2019-17450 CVE-2019-17546\n CVE-2019-19221 CVE-2019-19906 CVE-2019-19956\n CVE-2019-20218 CVE-2019-20387 CVE-2019-20388\n CVE-2019-20454 CVE-2019-20807 CVE-2019-20907\n CVE-2019-20916 CVE-2020-1730 CVE-2020-1751\n CVE-2020-1752 CVE-2020-1971 CVE-2020-3862\n CVE-2020-3864 CVE-2020-3865 CVE-2020-3867\n CVE-2020-3868 CVE-2020-3885 CVE-2020-3894\n CVE-2020-3895 CVE-2020-3897 CVE-2020-3898\n CVE-2020-3899 CVE-2020-3900 CVE-2020-3901\n CVE-2020-3902 CVE-2020-6405 CVE-2020-7595\n CVE-2020-8492 CVE-2020-8566 CVE-2020-8619\n CVE-2020-8622 CVE-2020-8623 CVE-2020-8624\n CVE-2020-9327 CVE-2020-9802 CVE-2020-9803\n CVE-2020-9805 CVE-2020-9806 CVE-2020-9807\n CVE-2020-9843 CVE-2020-9850 CVE-2020-9862\n CVE-2020-9893 CVE-2020-9894 CVE-2020-9895\n CVE-2020-9915 CVE-2020-9925 CVE-2020-10018\n CVE-2020-10029 CVE-2020-11793 CVE-2020-13630\n CVE-2020-13631 CVE-2020-13632 CVE-2020-14040\n CVE-2020-14382 CVE-2020-14391 CVE-2020-14422\n CVE-2020-15157 CVE-2020-15503 CVE-2020-15999\n CVE-2020-24659 CVE-2020-24750 CVE-2020-25211\n CVE-2020-25658 CVE-2021-3121\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.7.0 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nThis release also includes a security update for Red Hat OpenShift\nContainer Platform 4.7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in\ncom.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.7.0. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHEA-2020:5633\n\nAll OpenShift Container Platform users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. \n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1823765 - nfd-workers crash under an ipv6 environment\n1838802 - mysql8 connector from operatorhub does not work with metering operator\n1838845 - Metering operator can\u0027t connect to postgres DB from Operator Hub\n1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1868294 - NFD operator does not allow customisation of nfd-worker.conf\n1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration\n1890672 - NFD is missing a build flag to build correctly\n1890741 - path to the CA trust bundle ConfigMap is broken in report operator\n1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster\n1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel\n1900125 - FIPS error while generating RSA private key for CA\n1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub\n1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub\n1913837 - The CI and ART 4.7 metering images are not mirrored\n1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le\n1916010 - olm skip range is set to the wrong range\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923998 - NFD Operator is failing to update and remains in Replacing state\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2019-3884\nhttps://access.redhat.com/security/cve/CVE-2019-5018\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13225\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15165\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-16168\nhttps://access.redhat.com/security/cve/CVE-2019-16935\nhttps://access.redhat.com/security/cve/CVE-2019-17450\nhttps://access.redhat.com/security/cve/CVE-2019-17546\nhttps://access.redhat.com/security/cve/CVE-2019-19221\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-19956\nhttps://access.redhat.com/security/cve/CVE-2019-20218\nhttps://access.redhat.com/security/cve/CVE-2019-20387\nhttps://access.redhat.com/security/cve/CVE-2019-20388\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-20907\nhttps://access.redhat.com/security/cve/CVE-2019-20916\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-1751\nhttps://access.redhat.com/security/cve/CVE-2020-1752\nhttps://access.redhat.com/security/cve/CVE-2020-1971\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3898\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-6405\nhttps://access.redhat.com/security/cve/CVE-2020-7595\nhttps://access.redhat.com/security/cve/CVE-2020-8492\nhttps://access.redhat.com/security/cve/CVE-2020-8566\nhttps://access.redhat.com/security/cve/CVE-2020-8619\nhttps://access.redhat.com/security/cve/CVE-2020-8622\nhttps://access.redhat.com/security/cve/CVE-2020-8623\nhttps://access.redhat.com/security/cve/CVE-2020-8624\nhttps://access.redhat.com/security/cve/CVE-2020-9327\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-10029\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-13630\nhttps://access.redhat.com/security/cve/CVE-2020-13631\nhttps://access.redhat.com/security/cve/CVE-2020-13632\nhttps://access.redhat.com/security/cve/CVE-2020-14040\nhttps://access.redhat.com/security/cve/CVE-2020-14382\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-14422\nhttps://access.redhat.com/security/cve/CVE-2020-15157\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-15999\nhttps://access.redhat.com/security/cve/CVE-2020-24659\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-25211\nhttps://access.redhat.com/security/cve/CVE-2020-25658\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYDZx29zjgjWX9erEAQiEgw/8DBuxuo7e4Ww4JhGygUbWXrPRpqJ7EJGr\ndrhHbl+7uxzEcIIPBh3yN41AHKAJDfdCrGglmGdqrtDjrO94T+yVOucl0wwFPOoY\n0zSdNBgpQlgRIzbmtpsDFv3N09kP6rWiUMbCGWiGTPKTSzYKP1T7ugA2WeK5pwXR\nQeEbmp4Ewbur3KOgdcj75++PgJ8OIQhZcN+u5q/6ThcKmXOUSflVp1U6V8X5vm6i\nvyV91W2uQcbE3ttBp2n2utrDi1c2C6dQL8AcnApetB/Kz7tHxviW+ZV9hzOhQEtd\nw4rMKx4HTntvWnvrETVTxYI4Zq+Zs4CAGVfemika/GzhM9z+BTsmeoNXEWVDcp3X\ng+4ItofTYQON4WhPBzaPdCLFNbBIOxZpqFbVblVouwCw5e+QKOx0PJPtLk5XlePt\nofKaoxgu9OYonOafKvTncZu4gBL4vNHrggnDBB8TKxgojh6lELImxAndjuD8hmca\n2WWhFDqANz4ib4ldVfPvLm6uwaXpqCNgYNYWMtzWTSYtr/K3emmKWDzfRn2UXFEB\naFeds0m0Z7DBMnlq2wEecaZMYW1r10AZs/MAlpTkeiRu7EGOlepiw5HKFBZFhkUB\nvAHKSnP4VTZRNTG5xa5b4abWcYYAJo3dvvsLGTwy4aBM4j/zR01mDbXYE3+APfHS\nuytAlyUdH6c=Ibze\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202003-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: March 15, 2020\n Bugs: #699156, #706374, #709612\n ID: 202003-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in WebKitGTK+, the worst of\nwhich may lead to arbitrary code execution. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from\nhybrid HTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.26.4 \u003e= 2.26.4\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.26.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-8625\n https://nvd.nist.gov/vuln/detail/CVE-2019-8625\n[ 2 ] CVE-2019-8674\n https://nvd.nist.gov/vuln/detail/CVE-2019-8674\n[ 3 ] CVE-2019-8707\n https://nvd.nist.gov/vuln/detail/CVE-2019-8707\n[ 4 ] CVE-2019-8710\n https://nvd.nist.gov/vuln/detail/CVE-2019-8710\n[ 5 ] CVE-2019-8719\n https://nvd.nist.gov/vuln/detail/CVE-2019-8719\n[ 6 ] CVE-2019-8720\n https://nvd.nist.gov/vuln/detail/CVE-2019-8720\n[ 7 ] CVE-2019-8726\n https://nvd.nist.gov/vuln/detail/CVE-2019-8726\n[ 8 ] CVE-2019-8733\n https://nvd.nist.gov/vuln/detail/CVE-2019-8733\n[ 9 ] CVE-2019-8735\n https://nvd.nist.gov/vuln/detail/CVE-2019-8735\n[ 10 ] CVE-2019-8743\n https://nvd.nist.gov/vuln/detail/CVE-2019-8743\n[ 11 ] CVE-2019-8763\n https://nvd.nist.gov/vuln/detail/CVE-2019-8763\n[ 12 ] CVE-2019-8764\n https://nvd.nist.gov/vuln/detail/CVE-2019-8764\n[ 13 ] CVE-2019-8765\n https://nvd.nist.gov/vuln/detail/CVE-2019-8765\n[ 14 ] CVE-2019-8766\n https://nvd.nist.gov/vuln/detail/CVE-2019-8766\n[ 15 ] CVE-2019-8768\n https://nvd.nist.gov/vuln/detail/CVE-2019-8768\n[ 16 ] CVE-2019-8769\n https://nvd.nist.gov/vuln/detail/CVE-2019-8769\n[ 17 ] CVE-2019-8771\n https://nvd.nist.gov/vuln/detail/CVE-2019-8771\n[ 18 ] CVE-2019-8782\n https://nvd.nist.gov/vuln/detail/CVE-2019-8782\n[ 19 ] CVE-2019-8783\n https://nvd.nist.gov/vuln/detail/CVE-2019-8783\n[ 20 ] CVE-2019-8808\n https://nvd.nist.gov/vuln/detail/CVE-2019-8808\n[ 21 ] CVE-2019-8811\n https://nvd.nist.gov/vuln/detail/CVE-2019-8811\n[ 22 ] CVE-2019-8812\n https://nvd.nist.gov/vuln/detail/CVE-2019-8812\n[ 23 ] CVE-2019-8813\n https://nvd.nist.gov/vuln/detail/CVE-2019-8813\n[ 24 ] CVE-2019-8814\n https://nvd.nist.gov/vuln/detail/CVE-2019-8814\n[ 25 ] CVE-2019-8815\n https://nvd.nist.gov/vuln/detail/CVE-2019-8815\n[ 26 ] CVE-2019-8816\n https://nvd.nist.gov/vuln/detail/CVE-2019-8816\n[ 27 ] CVE-2019-8819\n https://nvd.nist.gov/vuln/detail/CVE-2019-8819\n[ 28 ] CVE-2019-8820\n https://nvd.nist.gov/vuln/detail/CVE-2019-8820\n[ 29 ] CVE-2019-8821\n https://nvd.nist.gov/vuln/detail/CVE-2019-8821\n[ 30 ] CVE-2019-8822\n https://nvd.nist.gov/vuln/detail/CVE-2019-8822\n[ 31 ] CVE-2019-8823\n https://nvd.nist.gov/vuln/detail/CVE-2019-8823\n[ 32 ] CVE-2019-8835\n https://nvd.nist.gov/vuln/detail/CVE-2019-8835\n[ 33 ] CVE-2019-8844\n https://nvd.nist.gov/vuln/detail/CVE-2019-8844\n[ 34 ] CVE-2019-8846\n https://nvd.nist.gov/vuln/detail/CVE-2019-8846\n[ 35 ] CVE-2020-3862\n https://nvd.nist.gov/vuln/detail/CVE-2020-3862\n[ 36 ] CVE-2020-3864\n https://nvd.nist.gov/vuln/detail/CVE-2020-3864\n[ 37 ] CVE-2020-3865\n https://nvd.nist.gov/vuln/detail/CVE-2020-3865\n[ 38 ] CVE-2020-3867\n https://nvd.nist.gov/vuln/detail/CVE-2020-3867\n[ 39 ] CVE-2020-3868\n https://nvd.nist.gov/vuln/detail/CVE-2020-3868\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-22\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8625"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012754"
},
{
"db": "VULHUB",
"id": "VHN-160060"
},
{
"db": "VULMON",
"id": "CVE-2019-8625"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "155096"
},
{
"db": "PACKETSTORM",
"id": "161016"
},
{
"db": "PACKETSTORM",
"id": "154771"
},
{
"db": "PACKETSTORM",
"id": "154769"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "PACKETSTORM",
"id": "156742"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-160060",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160060"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-8625",
"trust": 2.7
},
{
"db": "JVN",
"id": "JVNVU99404393",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012754",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156742",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161016",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161536",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154769",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154771",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160889",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "155096",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161429",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155062",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155201",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154780",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166279",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159816",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155057",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168011",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155061",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201910-335",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-160060",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-8625",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160060"
},
{
"db": "VULMON",
"id": "CVE-2019-8625"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012754"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "155096"
},
{
"db": "PACKETSTORM",
"id": "161016"
},
{
"db": "PACKETSTORM",
"id": "154771"
},
{
"db": "PACKETSTORM",
"id": "154769"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "PACKETSTORM",
"id": "156742"
},
{
"db": "NVD",
"id": "CVE-2019-8625"
}
]
},
"id": "VAR-201912-0629",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160060"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T22:08:43.620000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About the security content of Safari 13.0.4",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT210792"
},
{
"title": "About the security content of Xcode 11.3",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT210796"
},
{
"title": "Mac \u306b\u642d\u8f09\u3055\u308c\u3066\u3044\u308b macOS \u3092\u8abf\u3079\u308b",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT201260"
},
{
"title": "About the security content of iOS 13.3 and iPadOS 13.3",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT210785"
},
{
"title": "About the security content of iCloud for Windows 10.9",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT210794"
},
{
"title": "About the security content of iOS 12.4.4",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT210787"
},
{
"title": "About the security content of iCloud for Windows 7.16 (includes AAS 8.2)",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT210795"
},
{
"title": "About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT210788"
},
{
"title": "About the security content of iTunes 12.10.3 for Windows",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT210793"
},
{
"title": "About the security content of watchOS 6.1.1",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT210789"
},
{
"title": "About the security content of tvOS 13.3",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT210790"
},
{
"title": "About the security content of watchOS 5.3.4",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT210791"
},
{
"title": "Ubuntu Security Notice: webkit2gtk vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4178-1"
},
{
"title": "Debian Security Advisories: DSA-4558-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a98a6bdc1e45372a45a166582a9eb9bc"
},
{
"title": "Red Hat: Moderate: GNOME security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204451 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Quay v3.3.3 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210050 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210190 - Security Advisory"
},
{
"title": "Red Hat: Important: Service Telemetry Framework 1.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225924 - Security Advisory"
},
{
"title": "Red Hat: Moderate: webkitgtk4 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204035 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210436 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220056 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205605 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1563",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1563"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2019-8625 "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/apple-tackles-a-dozen-bugs-in-catalina/148988/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-8625"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012754"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160060"
},
{
"db": "NVD",
"id": "CVE-2019-8625"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/202003-22"
},
{
"trust": 1.2,
"url": "https://support.apple.com/ht210635"
},
{
"trust": 1.2,
"url": "https://support.apple.com/ht210636"
},
{
"trust": 1.2,
"url": "https://support.apple.com/ht210637"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8719"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8726"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8763"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8733"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8707"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8745"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8768"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8701"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8745"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8770"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8705"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8748"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8772"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8707"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8755"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8781"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8717"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8757"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8719"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8758"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8726"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8763"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8730"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8768"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8625"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8733"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8769"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99404393/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8758"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8730"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8701"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8770"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8705"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8748"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8772"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8755"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8781"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8717"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8757"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8771"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20218"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-15165"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14382"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-19221"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1751"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16168"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-24659"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9327"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20916"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-5018"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20387"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1752"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15165"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-6405"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13632"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10029"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13630"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13631"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8735"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8764"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8766"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17450"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17450"
},
{
"trust": 0.2,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4178-1/"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2020-1563.html"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27832"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1551"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht204283"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhea-2020:5633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8624"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13225"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25211"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15157"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17546"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3884"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13225"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8765"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8821"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3867"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8835"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3868"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8846"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8816"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160060"
},
{
"db": "VULMON",
"id": "CVE-2019-8625"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012754"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "155096"
},
{
"db": "PACKETSTORM",
"id": "161016"
},
{
"db": "PACKETSTORM",
"id": "154771"
},
{
"db": "PACKETSTORM",
"id": "154769"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "PACKETSTORM",
"id": "156742"
},
{
"db": "NVD",
"id": "CVE-2019-8625"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160060"
},
{
"db": "VULMON",
"id": "CVE-2019-8625"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012754"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "155096"
},
{
"db": "PACKETSTORM",
"id": "161016"
},
{
"db": "PACKETSTORM",
"id": "154771"
},
{
"db": "PACKETSTORM",
"id": "154769"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "PACKETSTORM",
"id": "156742"
},
{
"db": "NVD",
"id": "CVE-2019-8625"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-160060"
},
{
"date": "2019-12-18T00:00:00",
"db": "VULMON",
"id": "CVE-2019-8625"
},
{
"date": "2019-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012754"
},
{
"date": "2021-01-11T16:29:48",
"db": "PACKETSTORM",
"id": "160889"
},
{
"date": "2019-11-05T15:12:41",
"db": "PACKETSTORM",
"id": "155096"
},
{
"date": "2021-01-19T14:45:45",
"db": "PACKETSTORM",
"id": "161016"
},
{
"date": "2019-10-08T20:00:56",
"db": "PACKETSTORM",
"id": "154771"
},
{
"date": "2019-10-08T19:59:44",
"db": "PACKETSTORM",
"id": "154769"
},
{
"date": "2021-02-25T15:26:54",
"db": "PACKETSTORM",
"id": "161536"
},
{
"date": "2020-03-15T14:00:23",
"db": "PACKETSTORM",
"id": "156742"
},
{
"date": "2019-12-18T18:15:30.163000",
"db": "NVD",
"id": "CVE-2019-8625"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "VULHUB",
"id": "VHN-160060"
},
{
"date": "2022-10-14T00:00:00",
"db": "VULMON",
"id": "CVE-2019-8625"
},
{
"date": "2020-01-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012754"
},
{
"date": "2024-11-21T04:50:11.663000",
"db": "NVD",
"id": "CVE-2019-8625"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Updates to product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012754"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, code execution, xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "154771"
},
{
"db": "PACKETSTORM",
"id": "154769"
}
],
"trust": 0.2
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.