var-202010-1323
Vulnerability from variot
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to gain elevated privileges. mac OS Is vulnerable to the use of freed memory due to poor memory management.Elevated privileges may be obtained through the application. Apple macOS Catalina is a set of dedicated operating systems developed for Mac computers by Apple Inc. There is a resource management error vulnerability in the IOTThunderboltFamily component in Apple macOS Catalina versions prior to 10.15.4. CVE-2020-3903: Proteas of Qihoo 360 Nirvan Team
AppleGraphicsControl Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team
AppleMobileFileIntegrity Available for: macOS Catalina 10.15.3 Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3907: Yu Wang of Didi Research America CVE-2020-3908: Yu Wang of Didi Research America CVE-2020-3912: Yu Wang of Didi Research America
Bluetooth Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab
Bluetooth Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-3892: Yu Wang of Didi Research America CVE-2020-3893: Yu Wang of Didi Research America CVE-2020-3905: Yu Wang of Didi Research America
Call History Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to access a user's call history Description: This issue was addressed with a new entitlement. CVE-2020-9776: Benjamin Randazzo (@____benjamin)
CoreFoundation Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to elevate privileges Description: A permissions issue existed. CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
FaceTime Available for: macOS Catalina 10.15.3 Impact: A local user may be able to view sensitive user information Description: A logic issue was addressed with improved state management. CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion - Israel Institute of Technology
Icons Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to identify what other applications a user has installed Description: The issue was addressed with improved handling of icon caches. CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Intel Graphics Driver Available for: macOS Catalina 10.15.3 Impact: A malicious application may disclose restricted memory Description: An information disclosure issue was addressed with improved state management. CVE-2019-14615: Wenjian HE of Hong Kong University of Science and Technology, Wei Zhang of Hong Kong University of Science and Technology, Sharad Sinha of Indian Institute of Technology Goa, and Sanjeev Das of University of North Carolina
IOHIDFamily Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington
Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2 Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-3910: LGTM.com
Mail Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3 Impact: A remote attacker may be able to cause arbitrary javascript code execution Description: An injection issue was addressed with improved validation. CVE-2020-3884: Apple
sudo Available for: macOS Catalina 10.15.3 Impact: An attacker may be able to run commands as a non-existent user Description: This issue was addressed by updating to sudo version 1.8.31. CVE-2019-19232
TCC Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A maliciously crafted application may be able to bypass code signing enforcement Description: A logic issue was addressed with improved restrictions. CVE-2020-3906: Patrick Wardle of Jamf
Vim Available for: macOS Catalina 10.15.3 Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating to version 8.1.1850. CVE-2020-9769: Steve Hahn from LinkedIn
Additional recognition
CoreText We would like to acknowledge an anonymous researcher for their assistance.
FireWire Audio We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington for their assistance.
FontParser We would like to acknowledge Matthew Denton of Google Chrome for their assistance.
Install Framework Legacy We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch of UAL Creative Computing Institute, and an anonymous researcher for their assistance.
LinkPresentation We would like to acknowledge Travis for their assistance.
OpenSSH We would like to acknowledge an anonymous researcher for their assistance.
rapportd We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of Technische Universität Darmstadt for their assistance.
Sidecar We would like to acknowledge Rick Backley (@rback_sec) for their assistance
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1323",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.4"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.2"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.13.6"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.3"
},
{
"model": "apple mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "10.15.2"
},
{
"model": "apple mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "10.14.6"
},
{
"model": "apple mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "10.13.6"
},
{
"model": "apple mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012776"
},
{
"db": "NVD",
"id": "CVE-2020-3851"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple,Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1529"
}
],
"trust": 0.6
},
"cve": "CVE-2020-3851",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-3851",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-181976",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-3851",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-3851",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3851",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-3851",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1529",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-181976",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-3851",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181976"
},
{
"db": "VULMON",
"id": "CVE-2020-3851"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012776"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1529"
},
{
"db": "NVD",
"id": "CVE-2020-3851"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to gain elevated privileges. mac OS Is vulnerable to the use of freed memory due to poor memory management.Elevated privileges may be obtained through the application. Apple macOS Catalina is a set of dedicated operating systems developed for Mac computers by Apple Inc. \nThere is a resource management error vulnerability in the IOTThunderboltFamily component in Apple macOS Catalina versions prior to 10.15.4. \nCVE-2020-3903: Proteas of Qihoo 360 Nirvan Team\n\nAppleGraphicsControl\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.3\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: Multiple memory corruption issues were addressed with\nimproved state management. \nCVE-2020-3904: Proteas of Qihoo 360 Nirvan Team\n\nAppleMobileFileIntegrity\nAvailable for: macOS Catalina 10.15.3\nImpact: An application may be able to use arbitrary entitlements\nDescription: This issue was addressed with improved checks. \nCVE-2020-3883: Linus Henze (pinauten.de)\n\nBluetooth\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.3\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-3907: Yu Wang of Didi Research America\nCVE-2020-3908: Yu Wang of Didi Research America\nCVE-2020-3912: Yu Wang of Didi Research America\n\nBluetooth\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab\n\nBluetooth\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.3\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2020-3892: Yu Wang of Didi Research America\nCVE-2020-3893: Yu Wang of Didi Research America\nCVE-2020-3905: Yu Wang of Didi Research America\n\nCall History\nAvailable for: macOS Catalina 10.15.3\nImpact: A malicious application may be able to access a user\u0027s call\nhistory\nDescription: This issue was addressed with a new entitlement. \nCVE-2020-9776: Benjamin Randazzo (@____benjamin)\n\nCoreFoundation\nAvailable for: macOS Catalina 10.15.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A permissions issue existed. \nCVE-2020-3913: Timo Christ of Avira Operations GmbH \u0026 Co. KG\n\nFaceTime\nAvailable for: macOS Catalina 10.15.3\nImpact: A local user may be able to view sensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion -\nIsrael Institute of Technology\n\nIcons\nAvailable for: macOS Catalina 10.15.3\nImpact: A malicious application may be able to identify what other\napplications a user has installed\nDescription: The issue was addressed with improved handling of icon\ncaches. \nCVE-2020-9773: Chilik Tamir of Zimperium zLabs\n\nIntel Graphics Driver\nAvailable for: macOS Catalina 10.15.3\nImpact: A malicious application may disclose restricted memory\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2019-14615: Wenjian HE of Hong Kong University of Science and\nTechnology, Wei Zhang of Hong Kong University of Science and\nTechnology, Sharad Sinha of Indian Institute of Technology Goa, and\nSanjeev Das of University of North Carolina\n\nIOHIDFamily\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.3\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and\nLuyi Xing of Indiana University Bloomington\n\nKernel\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.3\nImpact: An application may be able to read restricted memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2020-3914: pattern-f (@pattern_F_) of WaCai\n\nKernel\nAvailable for: macOS Catalina 10.15.3\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: Multiple memory corruption issues were addressed with\nimproved state management. \nCVE-2020-9785: Proteas of Qihoo 360 Nirvan Team\n\nlibxml2\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.3\nImpact: Multiple issues in libxml2\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2020-3910: LGTM.com\n\nMail\nAvailable for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3\nImpact: A remote attacker may be able to cause arbitrary javascript\ncode execution\nDescription: An injection issue was addressed with improved\nvalidation. \nCVE-2020-3884: Apple\n\nsudo\nAvailable for: macOS Catalina 10.15.3\nImpact: An attacker may be able to run commands as a non-existent\nuser\nDescription: This issue was addressed by updating to sudo version\n1.8.31. \nCVE-2019-19232\n\nTCC\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.3\nImpact: A maliciously crafted application may be able to bypass code\nsigning enforcement\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-3906: Patrick Wardle of Jamf\n\nVim\nAvailable for: macOS Catalina 10.15.3\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating to version\n8.1.1850. \nCVE-2020-9769: Steve Hahn from LinkedIn\n\nAdditional recognition\n\nCoreText\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFireWire Audio\nWe would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of\nAlibaba Inc. and Luyi Xing of Indiana University Bloomington for\ntheir assistance. \n\nFontParser\nWe would like to acknowledge Matthew Denton of Google Chrome for\ntheir assistance. \n\nInstall Framework Legacy\nWe would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch\nof UAL Creative Computing Institute, and an anonymous researcher for\ntheir assistance. \n\nLinkPresentation\nWe would like to acknowledge Travis for their assistance. \n\nOpenSSH\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nrapportd\nWe would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of\nTechnische Universit\u00e4t Darmstadt for their assistance. \n\nSidecar\nWe would like to acknowledge Rick Backley (@rback_sec) for their\nassistance",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3851"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012776"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1529"
},
{
"db": "VULHUB",
"id": "VHN-181976"
},
{
"db": "VULMON",
"id": "CVE-2020-3851"
},
{
"db": "PACKETSTORM",
"id": "156894"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3851",
"trust": 2.7
},
{
"db": "JVN",
"id": "JVNVU96545608",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95678717",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012776",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1529",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156894",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1042",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-181976",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-3851",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181976"
},
{
"db": "VULMON",
"id": "CVE-2020-3851"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012776"
},
{
"db": "PACKETSTORM",
"id": "156894"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1529"
},
{
"db": "NVD",
"id": "CVE-2020-3851"
}
]
},
"id": "VAR-202010-1323",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-181976"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:58:16.220000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT210919 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT210919"
},
{
"title": "Apple macOS Catalina IOThunderboltFamily Fixes for component resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112942"
},
{
"title": "Apple: macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=dc4464f799ce1dde4908444fa27beb09"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-3851"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012776"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1529"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181976"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012776"
},
{
"db": "NVD",
"id": "CVE-2020-3851"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht210919"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht211100"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3851"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95678717/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96545608/index.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht211100"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156894/apple-security-advisory-2020-03-24-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1042/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-31874"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178601"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3911"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3905"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3893"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3909"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3881"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3912"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8853"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3908"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3914"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3910"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3892"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3919"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3913"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9776"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3904"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181976"
},
{
"db": "VULMON",
"id": "CVE-2020-3851"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012776"
},
{
"db": "PACKETSTORM",
"id": "156894"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1529"
},
{
"db": "NVD",
"id": "CVE-2020-3851"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-181976"
},
{
"db": "VULMON",
"id": "CVE-2020-3851"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012776"
},
{
"db": "PACKETSTORM",
"id": "156894"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1529"
},
{
"db": "NVD",
"id": "CVE-2020-3851"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-181976"
},
{
"date": "2020-10-27T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3851"
},
{
"date": "2021-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012776"
},
{
"date": "2020-03-25T14:22:53",
"db": "PACKETSTORM",
"id": "156894"
},
{
"date": "2020-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1529"
},
{
"date": "2020-10-27T21:15:14.867000",
"db": "NVD",
"id": "CVE-2020-3851"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-181976"
},
{
"date": "2020-11-03T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3851"
},
{
"date": "2021-06-01T07:20:00",
"db": "JVNDB",
"id": "JVNDB-2020-012776"
},
{
"date": "2020-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1529"
},
{
"date": "2024-11-21T05:31:50.337000",
"db": "NVD",
"id": "CVE-2020-3851"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1529"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mac\u00a0OS\u00a0 Vulnerabilities in the use of freed memory",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012776"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1529"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.