var-202010-1512
Vulnerability from variot
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. Apple Safari 14.0 is vulnerable. An attacker could exploit this vulnerability to remotely boot without authentication. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Service Telemetry Framework 1.4 security update Advisory ID: RHSA-2022:5924-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:5924 Issue date: 2022-08-08 CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2018-25032 CVE-2018-1000858 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9169 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-20454 CVE-2019-20807 CVE-2019-25013 CVE-2020-1730 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 CVE-2020-10018 CVE-2020-11793 CVE-2020-13434 CVE-2020-14391 CVE-2020-15358 CVE-2020-15503 CVE-2020-27618 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2021-3326 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3521 CVE-2021-3537 CVE-2021-3541 CVE-2021-20305 CVE-2021-22946 CVE-2021-22947 CVE-2021-27218 CVE-2021-30666 CVE-2021-30761 CVE-2021-30762 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 CVE-2021-36222 CVE-2021-37750 CVE-2022-0778 CVE-2022-1271 CVE-2022-23852 CVE-2022-24407 CVE-2022-30631 =====================================================================
- Summary:
An update is now available for Service Telemetry Framework 1.4 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage, retrieval, and monitoring.
Security Fix(es):
- golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References). Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.
- Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- References:
https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2018-1000858 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-9952 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3520 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/cve/CVE-2021-27218 https://access.redhat.com/security/cve/CVE-2021-30666 https://access.redhat.com/security/cve/CVE-2021-30761 https://access.redhat.com/security/cve/CVE-2021-30762 https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/cve/CVE-2021-36222 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202012-10
https://security.gentoo.org/
Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: December 23, 2020 Bugs: #755947 ID: 202012-10
Synopsis
Multiple vulnerabilities have been found in WebKitGTK+, the worst of which could result in the arbitrary execution of code.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.30.3 >= 2.30.3
Description
Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.
Impact
An attacker, by enticing a user to visit maliciously crafted web content, may be able to execute arbitrary code or cause memory corruption.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.30.3"
References
[ 1 ] CVE-2020-13543 https://nvd.nist.gov/vuln/detail/CVE-2020-13543 [ 2 ] CVE-2020-13584 https://nvd.nist.gov/vuln/detail/CVE-2020-13584 [ 3 ] CVE-2020-9948 https://nvd.nist.gov/vuln/detail/CVE-2020-9948 [ 4 ] CVE-2020-9951 https://nvd.nist.gov/vuln/detail/CVE-2020-9951 [ 5 ] CVE-2020-9952 https://nvd.nist.gov/vuln/detail/CVE-2020-9952 [ 6 ] CVE-2020-9983 https://nvd.nist.gov/vuln/detail/CVE-2020-9983 [ 7 ] WSA-2020-0008 https://webkitgtk.org/security/WSA-2020-0008.html [ 8 ] WSA-2020-0009 https://webkitgtk.org/security/WSA-2020-0009.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202012-10
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0
tvOS 14.0 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211843. CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020
CoreCapture Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9968: Adam Chester (@xpn) of TrustedSec Entry updated September 17, 2020
SQLite Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 Entry added November 12, 2020
SQLite Available for: Apple TV 4K and Apple TV HD Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating SQLite to version 3.32.3. CVE-2020-15358 Entry added November 12, 2020
SQLite Available for: Apple TV 4K and Apple TV HD Impact: A maliciously crafted SQL query may lead to data corruption Description: This issue was addressed with improved checks. CVE-2020-10013: Yu Wang of Didi Research America Entry added November 12, 2020
Additional recognition
Audio We would like to acknowledge JunDong Xie and XingWei Lin of Ant- financial Light-Year Security Lab for their assistance. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."
To check the current version of software, select "Settings -> General -> About."
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uyHoACgkQZcsbuWJ6 jjAwvw/+LOihEZ6W7DntL6nfl432KOZ58vNbauzTxYCo6HHsfu9d80SP7BF/BiIf 5rXBfJSyP8K0cQwmhli5xv4DH2VPSwP9GKZXDEG9OYQoHZJ3aie2bOUyPlH14WTZ JbL00oIdSXaPeovCNah6ahyI6apX63NpJr3FZkbNCDFsGdv7bjkoshRacGMkVSqG ytAoAsTpuaQEzHCWkvj0hdUasB/VmlnZQS5CzasGplL+1Y6pkwxjxEnN4BlV1/Zn r7ZWn2SOrf1UZoB/TAE39WdXY7pZ2WfDIyOzIqCioPc3ZlE7bRh7KKRMHwXNDp6Q XMeb6G818+XpHFKTV/NbLKpq0SjS8YEVhPmpS5e30HepgGbU3h/ufjqJQdnSWyj4 P33pI5Bfo5nFISyyJ+EsDczfWjpUn10F3xiOUb3IZcFuXrbkCFx4GrpnZ25eg1Z0 sXSTq9+lSc1lqDkyBVRNyWAKp5/lsLAmV+WaFugv9svXoxdDyYVA9waFiaxnGHPy E1hTrVKUFKZmUmiYxEo4b/LSdr8IdaLvsdlWb/4z+C9c1ei/U+yMtOYU8U+JCsVP 4v5hVcnPvL7sFiKfBPW7LsvRq5z1L58l61AivGbPZRkRG4oObOtoWvec4ygQ6tbM Hmc8HATllbUSoeu0eTtnlYgIKdia14DQFclcbTdMBU37y0DrBJc= =CBpG -----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
iOS 14.0 and iPadOS 14.0 are now available and address the following:
AppleAVD Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to cause unexpected system termination or write kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9958: Mohamed Ghannam (@_simo36)
Assets Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An attacker may be able to misuse a trust relationship to download malicious content Description: A trust issue was addressed by removing a legacy API. CVE-2020-9979: CodeColorist of Ant-Financial LightYear Labs
Icons Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to identify what other applications a user has installed Description: The issue was addressed with improved handling of icon caches. CVE-2020-9773: Chilik Tamir of Zimperium zLabs
IDE Device Support Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network Description: This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen
IOSurfaceAccelerator Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)
Keyboard Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany
Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9973: Aleksandar Nikolic of Cisco Talos
Phone Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: The screen lock may not engage after the specified time period Description: This issue was addressed with improved checks. CVE-2020-9946: Daniel Larsson of iolight AB
Sandbox Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to access restricted files Description: A logic issue was addressed with improved restrictions. CVE-2020-9968: Adam Chester(@xpn) of TrustedSec
Siri Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen Description: A lock screen issue allowed access to messages on a locked device. CVE-2020-9959: an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, Andrew Goldberg The University of Texas at Austin, McCombs School of Business, Meli̇h Kerem Güneş of Li̇v College, Sinan Gulguler
WebKit Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-9952: Ryan Pickren (ryanpickren.com)
Additional recognition
App Store We would like to acknowledge Giyas Umarov of Holmdel High School for their assistance.
Bluetooth We would like to acknowledge Andy Davis of NCC Group and Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.
CallKit We would like to acknowledge Federico Zanetello for their assistance.
CarPlay We would like to acknowledge an anonymous researcher for their assistance.
Core Location We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.
debugserver We would like to acknowledge Linus Henze (pinauten.de) for their assistance.
iAP We would like to acknowledge Andy Davis of NCC Group for their assistance.
iBoot We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.
Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.
libarchive We would like to acknowledge Dzmitry Plotnikau and an anonymous researcher for their assistance.
Location Framework We would like to acknowledge an anonymous researcher for their assistance.
Maps We would like to acknowledge Matthew Dolan of Amazon Alexa for their assistance.
NetworkExtension We would like to acknowledge Thijs Alkemade of Computest and ‘Qubo Song’ of ‘Symantec, a division of Broadcom’ for their assistance.
Phone Keypad We would like to acknowledge an anonymous researcher for their assistance.
Status Bar We would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and an anonymous researcher for their assistance.
Telephony We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.
UIKit We would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt, and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk Inc for their assistance.
Web App We would like to acknowledge Augusto Alvarez of Outcourse Limited for their assistance.
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "iOS 14.0 and iPadOS 14.0". -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl9igm4ACgkQZcsbuWJ6 jjDK/hAAndL9caBfy/uHMnz9jhpDNrJuDai5gTZeAhUSwRalVppYwTEMpcSrx7u6 O7R0uLcvd1v9AiTGpF2zcERNlQbd7L1GaErPBaWnPbXSzLoUDkCNxuw5S+EEGuF5 nOxvh+qaS1ISny6teXpW6VLvLqV6n3BuNHUAbyP1JuF/EB7V9R1MD8zOUM7jsn6t Lwyz++s1nQbwt2jH1OKZa0pP2cSjVJjlKi8iDnFnMUjaSn8LCsgNXTsvipX8rA7r aeUxlPkIA2bwM5/0CFoPWpoPjNKXxoADjryJOat0GjPp/dSewrXncE/aKvrJGcJ7 Hwg4Q2Ep8a6NKL1QZ3ST64kf28UTA06xcypzinIpJVqtLj8LOvRDUGak3h+xETHB E4evSHlNfDzKrzu7kArguneeh4IwSpN1kSc4kt2rGpAQ0ch0bT34AzbNDpoUidm1 oPU3WVcEeBD9PYKGAWMiBcm3X6B0wHsAYDLCgkqnxrbDgz7NlsmVIl3dvrVbLrl1 jxaVaofaqANk+uTzoB1QArZRowf5GzW17htRijPazna1qYHo6jp/fzrGbdoMDuhb 80JpytEZrrVvscbth4bTeex52ibn1XFM9kqAX/Mfxaob2zBKt0fF6v3utFRKmx9g fhqMR3CPf7QVG8mlYMQ57OT7iuQ4lYkFw9qGgPI4SGWiMWWVtUU= =7kDq -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1512", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webkitgtk\\+", "scope": "lte", "trust": 1.0, "vendor": "webkit", "version": "2.30.3" }, { "model": "icloud", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "11.0" }, { "model": "icloud", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "7.21" }, { "model": "safari", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "14.0" }, { "model": "ipados", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "14.0" }, { "model": "tvos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "14.0" }, { "model": "watchos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "7.0" }, { "model": "icloud", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "11.4" }, { "model": "iphone os", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "14.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2020-9952" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Gentoo", "sources": [ { "db": "PACKETSTORM", "id": "160701" }, { "db": "CNNVD", "id": "CNNVD-202009-1034" } ], "trust": 0.7 }, "cve": "CVE-2020-9952", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2020-9952", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-188077", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2020-9952", "impactScore": 3.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-9952", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202009-1034", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-188077", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-188077" }, { "db": "CNNVD", "id": "CNNVD-202009-1034" }, { "db": "NVD", "id": "CVE-2020-9952" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. Apple Safari 14.0 is vulnerable. An attacker could exploit this vulnerability to remotely boot without authentication. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Service Telemetry Framework 1.4 security update\nAdvisory ID: RHSA-2022:5924-01\nProduct: Red Hat OpenStack Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:5924\nIssue date: 2022-08-08\nCVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2018-25032 \n CVE-2018-1000858 CVE-2019-8625 CVE-2019-8710 \n CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 \n CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 \n CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 \n CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 \n CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 \n CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 \n CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 \n CVE-2019-9169 CVE-2019-13050 CVE-2019-13627 \n CVE-2019-14889 CVE-2019-20454 CVE-2019-20807 \n CVE-2019-25013 CVE-2020-1730 CVE-2020-3862 \n CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 \n CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 \n CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 \n CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 \n CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 \n CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 \n CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 \n CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 \n CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 \n CVE-2020-10018 CVE-2020-11793 CVE-2020-13434 \n CVE-2020-14391 CVE-2020-15358 CVE-2020-15503 \n CVE-2020-27618 CVE-2020-29361 CVE-2020-29362 \n CVE-2020-29363 CVE-2021-3326 CVE-2021-3516 \n CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 \n CVE-2021-3521 CVE-2021-3537 CVE-2021-3541 \n CVE-2021-20305 CVE-2021-22946 CVE-2021-22947 \n CVE-2021-27218 CVE-2021-30666 CVE-2021-30761 \n CVE-2021-30762 CVE-2021-33928 CVE-2021-33929 \n CVE-2021-33930 CVE-2021-33938 CVE-2021-36222 \n CVE-2021-37750 CVE-2022-0778 CVE-2022-1271 \n CVE-2022-23852 CVE-2022-24407 CVE-2022-30631 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Service Telemetry Framework 1.4 for RHEL 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nService Telemetry Framework (STF) provides automated collection of\nmeasurements and data from remote clients, such as Red Hat OpenStack\nPlatform or third-party nodes. STF then transmits the information to a\ncentralized, receiving Red Hat OpenShift Container Platform (OCP)\ndeployment for storage, retrieval, and monitoring. \n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nThe Service Telemetry Framework container image provided by this update can\nbe downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References). \nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2017-14502\nhttps://access.redhat.com/security/cve/CVE-2018-25032\nhttps://access.redhat.com/security/cve/CVE-2018-1000858\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-9952\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-3516\nhttps://access.redhat.com/security/cve/CVE-2021-3517\nhttps://access.redhat.com/security/cve/CVE-2021-3518\nhttps://access.redhat.com/security/cve/CVE-2021-3520\nhttps://access.redhat.com/security/cve/CVE-2021-3521\nhttps://access.redhat.com/security/cve/CVE-2021-3537\nhttps://access.redhat.com/security/cve/CVE-2021-3541\nhttps://access.redhat.com/security/cve/CVE-2021-20305\nhttps://access.redhat.com/security/cve/CVE-2021-22946\nhttps://access.redhat.com/security/cve/CVE-2021-22947\nhttps://access.redhat.com/security/cve/CVE-2021-27218\nhttps://access.redhat.com/security/cve/CVE-2021-30666\nhttps://access.redhat.com/security/cve/CVE-2021-30761\nhttps://access.redhat.com/security/cve/CVE-2021-30762\nhttps://access.redhat.com/security/cve/CVE-2021-33928\nhttps://access.redhat.com/security/cve/CVE-2021-33929\nhttps://access.redhat.com/security/cve/CVE-2021-33930\nhttps://access.redhat.com/security/cve/CVE-2021-33938\nhttps://access.redhat.com/security/cve/CVE-2021-36222\nhttps://access.redhat.com/security/cve/CVE-2021-37750\nhttps://access.redhat.com/security/cve/CVE-2022-0778\nhttps://access.redhat.com/security/cve/CVE-2022-1271\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/cve/CVE-2022-30631\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202012-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: December 23, 2020\n Bugs: #755947\n ID: 202012-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in WebKitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from\nhybrid HTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.30.3 \u003e= 2.30.3\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nAn attacker, by enticing a user to visit maliciously crafted web\ncontent, may be able to execute arbitrary code or cause memory\ncorruption. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.30.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-13543\n https://nvd.nist.gov/vuln/detail/CVE-2020-13543\n[ 2 ] CVE-2020-13584\n https://nvd.nist.gov/vuln/detail/CVE-2020-13584\n[ 3 ] CVE-2020-9948\n https://nvd.nist.gov/vuln/detail/CVE-2020-9948\n[ 4 ] CVE-2020-9951\n https://nvd.nist.gov/vuln/detail/CVE-2020-9951\n[ 5 ] CVE-2020-9952\n https://nvd.nist.gov/vuln/detail/CVE-2020-9952\n[ 6 ] CVE-2020-9983\n https://nvd.nist.gov/vuln/detail/CVE-2020-9983\n[ 7 ] WSA-2020-0008\n https://webkitgtk.org/security/WSA-2020-0008.html\n[ 8 ] WSA-2020-0009\n https://webkitgtk.org/security/WSA-2020-0009.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202012-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-11-13-4 Additional information for\nAPPLE-SA-2020-09-16-2 tvOS 14.0\n\ntvOS 14.0 addresses the following issues. Information about the\nsecurity content is also available at\nhttps://support.apple.com/HT211843. \nCVE-2020-9954: Francis working with Trend Micro Zero Day Initiative,\nJunDong Xie of Ant Group Light-Year Security Lab\nEntry added November 12, 2020\n\nCoreCapture\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec\nEntry updated September 17, 2020\n\nSQLite\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-13434\nCVE-2020-13435\nCVE-2020-9991\nEntry added November 12, 2020\n\nSQLite\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Multiple issues in SQLite\nDescription: Multiple issues were addressed by updating SQLite to\nversion 3.32.3. \nCVE-2020-15358\nEntry added November 12, 2020\n\nSQLite\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A maliciously crafted SQL query may lead to data corruption\nDescription: This issue was addressed with improved checks. \nCVE-2020-10013: Yu Wang of Didi Research America\nEntry added November 12, 2020\n\nAdditional recognition\n\nAudio\nWe would like to acknowledge JunDong Xie and XingWei Lin of Ant-\nfinancial Light-Year Security Lab for their assistance. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uyHoACgkQZcsbuWJ6\njjAwvw/+LOihEZ6W7DntL6nfl432KOZ58vNbauzTxYCo6HHsfu9d80SP7BF/BiIf\n5rXBfJSyP8K0cQwmhli5xv4DH2VPSwP9GKZXDEG9OYQoHZJ3aie2bOUyPlH14WTZ\nJbL00oIdSXaPeovCNah6ahyI6apX63NpJr3FZkbNCDFsGdv7bjkoshRacGMkVSqG\nytAoAsTpuaQEzHCWkvj0hdUasB/VmlnZQS5CzasGplL+1Y6pkwxjxEnN4BlV1/Zn\nr7ZWn2SOrf1UZoB/TAE39WdXY7pZ2WfDIyOzIqCioPc3ZlE7bRh7KKRMHwXNDp6Q\nXMeb6G818+XpHFKTV/NbLKpq0SjS8YEVhPmpS5e30HepgGbU3h/ufjqJQdnSWyj4\nP33pI5Bfo5nFISyyJ+EsDczfWjpUn10F3xiOUb3IZcFuXrbkCFx4GrpnZ25eg1Z0\nsXSTq9+lSc1lqDkyBVRNyWAKp5/lsLAmV+WaFugv9svXoxdDyYVA9waFiaxnGHPy\nE1hTrVKUFKZmUmiYxEo4b/LSdr8IdaLvsdlWb/4z+C9c1ei/U+yMtOYU8U+JCsVP\n4v5hVcnPvL7sFiKfBPW7LsvRq5z1L58l61AivGbPZRkRG4oObOtoWvec4ygQ6tbM\nHmc8HATllbUSoeu0eTtnlYgIKdia14DQFclcbTdMBU37y0DrBJc=\n=CBpG\n-----END PGP SIGNATURE-----\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0\n\niOS 14.0 and iPadOS 14.0 are now available and address the following:\n\nAppleAVD\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9958: Mohamed Ghannam (@_simo36)\n\nAssets\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: An attacker may be able to misuse a trust relationship to\ndownload malicious content\nDescription: A trust issue was addressed by removing a legacy API. \nCVE-2020-9979: CodeColorist of Ant-Financial LightYear Labs\n\nIcons\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A malicious application may be able to identify what other\napplications a user has installed\nDescription: The issue was addressed with improved handling of icon\ncaches. \nCVE-2020-9773: Chilik Tamir of Zimperium zLabs\n\nIDE Device Support\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code on a paired device during a debug session over\nthe network\nDescription: This issue was addressed by encrypting communications\nover the network to devices running iOS 14, iPadOS 14, tvOS 14, and\nwatchOS 7. \nCVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen\n\nIOSurfaceAccelerator\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A local user may be able to read kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)\n\nKeyboard\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany\n\nModel I/O\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9973: Aleksandar Nikolic of Cisco Talos\n\nPhone\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: The screen lock may not engage after the specified time\nperiod\nDescription: This issue was addressed with improved checks. \nCVE-2020-9946: Daniel Larsson of iolight AB\n\nSandbox\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9968: Adam Chester(@xpn) of TrustedSec\n\nSiri\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A person with physical access to an iOS device may be able to\nview notification contents from the lockscreen\nDescription: A lock screen issue allowed access to messages on a\nlocked device. \nCVE-2020-9959: an anonymous researcher, an anonymous researcher, an\nanonymous researcher, an anonymous researcher, an anonymous\nresearcher, Andrew Goldberg The University of Texas at Austin,\nMcCombs School of Business, Meli\u0307h Kerem G\u00fcne\u015f of Li\u0307v College, Sinan\nGulguler\n\nWebKit\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2020-9952: Ryan Pickren (ryanpickren.com)\n\nAdditional recognition\n\nApp Store\nWe would like to acknowledge Giyas Umarov of Holmdel High School for\ntheir assistance. \n\nBluetooth\nWe would like to acknowledge Andy Davis of NCC Group and Dennis\nHeinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for\ntheir assistance. \n\nCallKit\nWe would like to acknowledge Federico Zanetello for their assistance. \n\nCarPlay\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nCore Location\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\ndebugserver\nWe would like to acknowledge Linus Henze (pinauten.de) for their\nassistance. \n\niAP\nWe would like to acknowledge Andy Davis of NCC Group for their\nassistance. \n\niBoot\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nlibarchive\nWe would like to acknowledge Dzmitry Plotnikau and an anonymous\nresearcher for their assistance. \n\nLocation Framework\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMaps\nWe would like to acknowledge Matthew Dolan of Amazon Alexa for their\nassistance. \n\nNetworkExtension\nWe would like to acknowledge Thijs Alkemade of Computest and \u2018Qubo\nSong\u2019 of \u2018Symantec, a division of Broadcom\u2019 for their assistance. \n\nPhone Keypad\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nStatus Bar\nWe would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah\nof Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and\nan anonymous researcher for their assistance. \n\nTelephony\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nUIKit\nWe would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt,\nand Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk\nInc for their assistance. \n\nWeb App\nWe would like to acknowledge Augusto Alvarez of Outcourse Limited for\ntheir assistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 14.0 and iPadOS 14.0\". \n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl9igm4ACgkQZcsbuWJ6\njjDK/hAAndL9caBfy/uHMnz9jhpDNrJuDai5gTZeAhUSwRalVppYwTEMpcSrx7u6\nO7R0uLcvd1v9AiTGpF2zcERNlQbd7L1GaErPBaWnPbXSzLoUDkCNxuw5S+EEGuF5\nnOxvh+qaS1ISny6teXpW6VLvLqV6n3BuNHUAbyP1JuF/EB7V9R1MD8zOUM7jsn6t\nLwyz++s1nQbwt2jH1OKZa0pP2cSjVJjlKi8iDnFnMUjaSn8LCsgNXTsvipX8rA7r\naeUxlPkIA2bwM5/0CFoPWpoPjNKXxoADjryJOat0GjPp/dSewrXncE/aKvrJGcJ7\nHwg4Q2Ep8a6NKL1QZ3ST64kf28UTA06xcypzinIpJVqtLj8LOvRDUGak3h+xETHB\nE4evSHlNfDzKrzu7kArguneeh4IwSpN1kSc4kt2rGpAQ0ch0bT34AzbNDpoUidm1\noPU3WVcEeBD9PYKGAWMiBcm3X6B0wHsAYDLCgkqnxrbDgz7NlsmVIl3dvrVbLrl1\njxaVaofaqANk+uTzoB1QArZRowf5GzW17htRijPazna1qYHo6jp/fzrGbdoMDuhb\n80JpytEZrrVvscbth4bTeex52ibn1XFM9kqAX/Mfxaob2zBKt0fF6v3utFRKmx9g\nfhqMR3CPf7QVG8mlYMQ57OT7iuQ4lYkFw9qGgPI4SGWiMWWVtUU=\n=7kDq\n-----END PGP SIGNATURE-----\n\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2020-9952" }, { "db": "VULHUB", "id": "VHN-188077" }, { "db": "PACKETSTORM", "id": "168011" }, { "db": "PACKETSTORM", "id": "160701" }, { "db": "PACKETSTORM", "id": "159227" }, { "db": "PACKETSTORM", "id": "160063" }, { "db": "PACKETSTORM", "id": "160062" }, { "db": "PACKETSTORM", "id": "159223" }, { "db": "PACKETSTORM", "id": "159226" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-9952", "trust": 2.4 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2020/11/23/3", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "160701", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "159228", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "160061", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.3185", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4205", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1025", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0382", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3181.2", "trust": 0.6 }, { "db": "NSFOCUS", "id": "50229", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202009-1034", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "160063", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "159223", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "159226", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "159227", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "160062", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "160064", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-188077", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168011", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-188077" }, { "db": "PACKETSTORM", "id": "168011" }, { "db": "PACKETSTORM", "id": "160701" }, { "db": "PACKETSTORM", "id": "159227" }, { "db": "PACKETSTORM", "id": "160063" }, { "db": "PACKETSTORM", "id": "160062" }, { "db": "PACKETSTORM", "id": "159223" }, { "db": "PACKETSTORM", "id": "159226" }, { "db": "CNNVD", "id": "CNNVD-202009-1034" }, { "db": "NVD", "id": "CVE-2020-9952" } ] }, "id": "VAR-202010-1512", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-188077" } ], "trust": 0.01 }, "last_update_date": "2024-11-29T20:57:58.848000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Apple Safari Fixes for cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131076" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202009-1034" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-188077" }, { "db": "NVD", "id": "CVE-2020-9952" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.gentoo.org/glsa/202012-10" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2020/nov/20" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2020/nov/19" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2020/nov/18" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2020/nov/22" }, { "trust": 1.7, "url": "https://support.apple.com/ht211843" }, { "trust": 1.7, "url": "https://support.apple.com/ht211844" }, { "trust": 1.7, "url": "https://support.apple.com/ht211845" }, { "trust": 1.7, "url": "https://support.apple.com/ht211846" }, { "trust": 1.7, "url": "https://support.apple.com/ht211847" }, { "trust": 1.7, "url": "https://support.apple.com/ht211850" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2020/11/23/3" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9952" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht211847" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/50229" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht211846" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1025" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/webkit-four-vulnerabilities-33478" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0382" }, { "trust": 0.6, "url": "https://support.apple.com/kb/ht211847" }, { "trust": 0.6, "url": "https://support.apple.com/kb/ht211845" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-33346" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/160061/apple-security-advisory-2020-11-13-3.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4205/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3181.2/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/160701/gentoo-linux-security-advisory-202012-10.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3185/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159228/apple-security-advisory-2020-09-16-4.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9983" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9951" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9948" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9976" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9968" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9979" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9947" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9950" }, { "trust": 0.2, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-37750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3867" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9805" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3894" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9807" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3899" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30761" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8743" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8823" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-10228" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3900" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9894" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33938" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27618" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8782" }, { "trust": 0.1, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8771" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9952" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8846" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24407" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9915" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1271" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8783" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3326" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8813" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9806" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3885" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9802" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20305" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8764" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22946" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8769" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000858" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10018" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9895" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8811" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-14502" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8819" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3862" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13050" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3868" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29361" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9169" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3895" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3865" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3518" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33930" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14391" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3864" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9862" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3541" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33929" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29362" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14889" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8816" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8927" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3897" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8808" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3520" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8625" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22947" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8766" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11793" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9803" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3521" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9850" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3537" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30666" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3517" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33928" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-30631" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8820" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9893" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23852" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1730" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8844" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20807" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3516" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3902" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:5924" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8814" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13434" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8812" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-25013" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8815" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9843" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20454" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3901" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-25032" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30762" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29363" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9925" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0778" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15503" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720" }, { "trust": 0.1, "url": "https://webkitgtk.org/security/wsa-2020-0009.html" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13584" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://webkitgtk.org/security/wsa-2020-0008.html" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13543" }, { "trust": 0.1, "url": "https://support.apple.com/ht211845." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9993" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9987" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9981" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9961" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9991" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9944" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9954" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9965" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9966" }, { "trust": 0.1, "url": "https://support.apple.com/ht211843." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9969" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9876" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9949" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9849" }, { "trust": 0.1, "url": "https://www.apple.com/itunes/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9964" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9992" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9946" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9773" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9959" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9973" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9958" } ], "sources": [ { "db": "VULHUB", "id": "VHN-188077" }, { "db": "PACKETSTORM", "id": "168011" }, { "db": "PACKETSTORM", "id": "160701" }, { "db": "PACKETSTORM", "id": "159227" }, { "db": "PACKETSTORM", "id": "160063" }, { "db": "PACKETSTORM", "id": "160062" }, { "db": "PACKETSTORM", "id": "159223" }, { "db": "PACKETSTORM", "id": "159226" }, { "db": "CNNVD", "id": "CNNVD-202009-1034" }, { "db": "NVD", "id": "CVE-2020-9952" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-188077" }, { "db": "PACKETSTORM", "id": "168011" }, { "db": "PACKETSTORM", "id": "160701" }, { "db": "PACKETSTORM", "id": "159227" }, { "db": "PACKETSTORM", "id": "160063" }, { "db": "PACKETSTORM", "id": "160062" }, { "db": "PACKETSTORM", "id": "159223" }, { "db": "PACKETSTORM", "id": "159226" }, { "db": "CNNVD", "id": "CNNVD-202009-1034" }, { "db": "NVD", "id": "CVE-2020-9952" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-16T00:00:00", "db": "VULHUB", "id": "VHN-188077" }, { "date": "2022-08-09T14:36:05", "db": "PACKETSTORM", "id": "168011" }, { "date": "2020-12-24T17:14:56", "db": "PACKETSTORM", "id": "160701" }, { "date": "2020-09-18T19:10:43", "db": "PACKETSTORM", "id": "159227" }, { "date": "2020-11-13T23:33:33", "db": "PACKETSTORM", "id": "160063" }, { "date": "2020-11-13T22:22:22", "db": "PACKETSTORM", "id": "160062" }, { "date": "2020-09-18T17:15:27", "db": "PACKETSTORM", "id": "159223" }, { "date": "2020-09-18T19:10:31", "db": "PACKETSTORM", "id": "159226" }, { "date": "2020-09-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202009-1034" }, { "date": "2020-10-16T17:15:17.950000", "db": "NVD", "id": "CVE-2020-9952" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-09T00:00:00", "db": "VULHUB", "id": "VHN-188077" }, { "date": "2022-03-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202009-1034" }, { "date": "2024-11-21T05:41:35.360000", "db": "NVD", "id": "CVE-2020-9952" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "168011" }, { "db": "CNNVD", "id": "CNNVD-202009-1034" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple Safari Cross-site scripting vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202009-1034" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "xss", "sources": [ { "db": "PACKETSTORM", "id": "159226" }, { "db": "CNNVD", "id": "CNNVD-202009-1034" } ], "trust": 0.7 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.