var-202010-1306
Vulnerability from variot
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Graphics Drivers is one of the graphics driver components. A security vulnerability exists in the Graphics Drivers component of Apple macOS Catalina prior to 10.15.6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra
macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra are now available and address the following:
Audio Available for: macOS Catalina 10.15.5 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9884: Yu Zhou(@yuzhou6666) of 小鸡帮 working with Trend Micro Zero Day Initiative CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
Audio Available for: macOS Catalina 10.15.5 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
Clang Available for: macOS Catalina 10.15.5 Impact: Clang may generate machine code that does not correctly enforce pointer authentication codes Description: A logic issue was addressed with improved validation. CVE-2020-9870: Samuel Groß of Google Project Zero
CoreAudio Available for: macOS High Sierra 10.13.6 Impact: A buffer overflow may result in arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-9866: Yu Zhou of 小鸡帮 and Jundong Xie of Ant-financial Light- Year Security Lab
CoreFoundation Available for: macOS Catalina 10.15.5 Impact: A local user may be able to view sensitive user information Description: An issue existed in the handling of environment variables. CVE-2020-9934: an anonymous researcher
Crash Reporter Available for: macOS Catalina 10.15.5 Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2020-9799: ABC Research s.r.o.
Heimdal Available for: macOS Catalina 10.15.5 Impact: A local user may be able to leak sensitive user information Description: This issue was addressed with improved data protection. CVE-2020-9913: Cody Thomas of SpecterOps
ImageIO Available for: macOS Catalina 10.15.5 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9936: Mickey Jin of Trend Micro
Kernel Available for: macOS Catalina 10.15.5 Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel Description: A routing issue was addressed with improved restrictions. CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall
Mail Available for: macOS Catalina 10.15.5 Impact: A remote attacker can cause a limited out-of-bounds write, resulting in a denial of service Description: An input validation issue was addressed. CVE-2019-19906
Messages Available for: macOS Catalina 10.15.5 Impact: A user that is removed from an iMessage group could rejoin the group Description: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. CVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha)
Model I/O Available for: macOS Catalina 10.15.5 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-9864: Alexander Holodny
Vim Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed with improved checks. CVE-2019-20807: Guilherme de Almeida Suckevicz
Wi-Fi Available for: macOS Catalina 10.15.5 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)
Additional recognition
USB Audio We would like to acknowledge Andy Davis of NCC Group for their assistance.
Installation note:
macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PNx0ACgkQBz4uGe3y 0M3aXhAAm0hhJpdR0h7uhbtT6LkOuBAYbn0ivAbaB2wzEgZJNXBi9pwd/eL+I1tZ FsYG2Ux0P7VOXClepKzM/yi2Y9w9JZt/u5jSpps7n4/6k4JpcBT74IBF8A4iUvfQ DZcd58rTYf7PuO28ZW9FcYVhgMrN1oPheg0yr+ZaM+0wJrBfPg5STX9AwtPw5P4B aDMYGqv6EQLRiI/cj18/BnLD9kuYq2/fvO/AVjTzAGWVWmY0jpEaaHoeEgSbocNd qVpobhb8K8aK3PjfocK62hSH9DF0yBQYVsnX+bRmTDqzkWK4FXN6fG2ObiI+9ytq wJ6RPT9N5rkIsru8iqaYW6vo5eS61tCAxSgsOsWsm9+KAaBLOnrLzago3kQbtnTG SQBDDSW5w1iI/+kypdCCE67I67psSxPfrDdPU2wG3arQjnE4xm7S4eOE+9cBlKY+ bsNpFcYgShyZ6GnaJ1yVbZgR2zK97xbKYp8xbEOICeCchO1vF31hlDxsMl09UV1U eYJ3sOqBUxDpUj2vjpP9pB4ocSlHdAENL/5dyWUPlx8wjpnodRX2HsPHonjTqM4y kgwJjHI26LZWU4icKIPvl8875ksw/sCmKpVZlbF0IRPvd58ITt5rSvUTQulKqVs6 ML/l/uIf4shjBmNz0xdQlzsdctxdnPh1ge1kNfH34X4JgPWVWaM= =GCJp -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1306",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.6"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.15.5"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009671"
},
{
"db": "NVD",
"id": "CVE-2020-9799"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009671"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "158457"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1063"
}
],
"trust": 0.7
},
"cve": "CVE-2020-9799",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-9799",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-009671",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-187924",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-9799",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009671",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9799",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-009671",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-1063",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-187924",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-9799",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187924"
},
{
"db": "VULMON",
"id": "CVE-2020-9799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009671"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1063"
},
{
"db": "NVD",
"id": "CVE-2020-9799"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Graphics Drivers is one of the graphics driver components. A security vulnerability exists in the Graphics Drivers component of Apple macOS Catalina prior to 10.15.6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update\n2020-004 Mojave, Security Update 2020-004 High Sierra\n\nmacOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security\nUpdate 2020-004 High Sierra are now available and address the\nfollowing:\n\nAudio\nAvailable for: macOS Catalina 10.15.5\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro\nZero Day Initiative\nCVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year\nSecurity Lab\n\nAudio\nAvailable for: macOS Catalina 10.15.5\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year\nSecurity Lab\nCVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year\nSecurity Lab\nCVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year\nSecurity Lab\n\nClang\nAvailable for: macOS Catalina 10.15.5\nImpact: Clang may generate machine code that does not correctly\nenforce pointer authentication codes\nDescription: A logic issue was addressed with improved validation. \nCVE-2020-9870: Samuel Gro\u00df of Google Project Zero\n\nCoreAudio\nAvailable for: macOS High Sierra 10.13.6\nImpact: A buffer overflow may result in arbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2020-9866: Yu Zhou of \u5c0f\u9e21\u5e2e and Jundong Xie of Ant-financial Light-\nYear Security Lab\n\nCoreFoundation\nAvailable for: macOS Catalina 10.15.5\nImpact: A local user may be able to view sensitive user information\nDescription: An issue existed in the handling of environment\nvariables. \nCVE-2020-9934: an anonymous researcher\n\nCrash Reporter\nAvailable for: macOS Catalina 10.15.5\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A memory corruption issue was addressed by removing the\nvulnerable code. \nCVE-2020-9799: ABC Research s.r.o. \n\nHeimdal\nAvailable for: macOS Catalina 10.15.5\nImpact: A local user may be able to leak sensitive user information\nDescription: This issue was addressed with improved data protection. \nCVE-2020-9913: Cody Thomas of SpecterOps\n\nImageIO\nAvailable for: macOS Catalina 10.15.5\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9936: Mickey Jin of Trend Micro\n\nKernel\nAvailable for: macOS Catalina 10.15.5\nImpact: An attacker in a privileged network position may be able to\ninject into active connections within a VPN tunnel\nDescription: A routing issue was addressed with improved\nrestrictions. \nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. \nCrandall\n\nMail\nAvailable for: macOS Catalina 10.15.5\nImpact: A remote attacker can cause a limited out-of-bounds write,\nresulting in a denial of service\nDescription: An input validation issue was addressed. \nCVE-2019-19906\n\nMessages\nAvailable for: macOS Catalina 10.15.5\nImpact: A user that is removed from an iMessage group could rejoin\nthe group\nDescription: An issue existed in the handling of iMessage tapbacks. \nThe issue was resolved with additional verification. \nCVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP\nHigh School North (medium.com/@suryanshmansha)\n\nModel I/O\nAvailable for: macOS Catalina 10.15.5\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2020-9864: Alexander Holodny\n\nVim\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: This issue was addressed with improved checks. \nCVE-2019-20807: Guilherme de Almeida Suckevicz\n\nWi-Fi\nAvailable for: macOS Catalina 10.15.5\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud\n(bugcloud.360.cn)\n\nAdditional recognition\n\nUSB Audio\nWe would like to acknowledge Andy Davis of NCC Group for their\nassistance. \n\nInstallation note:\n\nmacOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security\nUpdate 2020-004 High Sierra may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PNx0ACgkQBz4uGe3y\n0M3aXhAAm0hhJpdR0h7uhbtT6LkOuBAYbn0ivAbaB2wzEgZJNXBi9pwd/eL+I1tZ\nFsYG2Ux0P7VOXClepKzM/yi2Y9w9JZt/u5jSpps7n4/6k4JpcBT74IBF8A4iUvfQ\nDZcd58rTYf7PuO28ZW9FcYVhgMrN1oPheg0yr+ZaM+0wJrBfPg5STX9AwtPw5P4B\naDMYGqv6EQLRiI/cj18/BnLD9kuYq2/fvO/AVjTzAGWVWmY0jpEaaHoeEgSbocNd\nqVpobhb8K8aK3PjfocK62hSH9DF0yBQYVsnX+bRmTDqzkWK4FXN6fG2ObiI+9ytq\nwJ6RPT9N5rkIsru8iqaYW6vo5eS61tCAxSgsOsWsm9+KAaBLOnrLzago3kQbtnTG\nSQBDDSW5w1iI/+kypdCCE67I67psSxPfrDdPU2wG3arQjnE4xm7S4eOE+9cBlKY+\nbsNpFcYgShyZ6GnaJ1yVbZgR2zK97xbKYp8xbEOICeCchO1vF31hlDxsMl09UV1U\neYJ3sOqBUxDpUj2vjpP9pB4ocSlHdAENL/5dyWUPlx8wjpnodRX2HsPHonjTqM4y\nkgwJjHI26LZWU4icKIPvl8875ksw/sCmKpVZlbF0IRPvd58ITt5rSvUTQulKqVs6\nML/l/uIf4shjBmNz0xdQlzsdctxdnPh1ge1kNfH34X4JgPWVWaM=\n=GCJp\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009671"
},
{
"db": "VULHUB",
"id": "VHN-187924"
},
{
"db": "VULMON",
"id": "CVE-2020-9799"
},
{
"db": "PACKETSTORM",
"id": "158457"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9799",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009671",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1063",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158457",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2430",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "50078",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-49315",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-187924",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-9799",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187924"
},
{
"db": "VULMON",
"id": "CVE-2020-9799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009671"
},
{
"db": "PACKETSTORM",
"id": "158457"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1063"
},
{
"db": "NVD",
"id": "CVE-2020-9799"
}
]
},
"id": "VAR-202010-1306",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187924"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:52:54.813000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT211289",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT211289"
},
{
"title": "HT211289",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT211289"
},
{
"title": "Apple macOS Catalina Graphics Drivers Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124550"
},
{
"title": "Apple: macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa30f53f014f01d7a0510a965599d2a9"
},
{
"title": null,
"trust": 0.1,
"url": "https://www.theregister.co.uk/2020/07/16/apple_july_updates/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-9799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009671"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1063"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187924"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009671"
},
{
"db": "NVD",
"id": "CVE-2020-9799"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.apple.com/ht211289"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9799"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9799"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht211289"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158457/apple-security-advisory-2020-07-15-2.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht211289"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/50078"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2430/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9913"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14899"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9885"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9891"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9870"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9936"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9890"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9865"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187924"
},
{
"db": "VULMON",
"id": "CVE-2020-9799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009671"
},
{
"db": "PACKETSTORM",
"id": "158457"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1063"
},
{
"db": "NVD",
"id": "CVE-2020-9799"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-187924"
},
{
"db": "VULMON",
"id": "CVE-2020-9799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009671"
},
{
"db": "PACKETSTORM",
"id": "158457"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1063"
},
{
"db": "NVD",
"id": "CVE-2020-9799"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-187924"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9799"
},
{
"date": "2020-11-27T03:54:10",
"db": "JVNDB",
"id": "JVNDB-2020-009671"
},
{
"date": "2020-07-17T19:23:49",
"db": "PACKETSTORM",
"id": "158457"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1063"
},
{
"date": "2020-10-16T17:15:13.637000",
"db": "NVD",
"id": "CVE-2020-9799"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-187924"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9799"
},
{
"date": "2020-11-27T03:54:10",
"db": "JVNDB",
"id": "JVNDB-2020-009671"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1063"
},
{
"date": "2024-11-21T05:41:18.337000",
"db": "NVD",
"id": "CVE-2020-9799"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1063"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "macOS Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009671"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1063"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.