var-202012-1511
Vulnerability from variot
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing. macOS and Safari Exists in a user interface mismatch vulnerability due to poor state management.malicious Web The address bar can be spoofed through access to the site. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1511",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.1.2"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(mac mini 2014 or later )"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(macbook air 2013 or later )"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(imac pro all models )"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(imac 2014 or later )"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(macbook pro late 2013 or later )"
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(mac pro 2013 or later )"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(macbook 2015 or later )"
},
{
"model": "apple mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "11.0.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"db": "NVD",
"id": "CVE-2020-9942"
}
]
},
"cve": "CVE-2020-9942",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-9942",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-188067",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-9942",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-9942",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9942",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-9942",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-1349",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-188067",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-9942",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-188067"
},
{
"db": "VULMON",
"id": "CVE-2020-9942"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1349"
},
{
"db": "NVD",
"id": "CVE-2020-9942"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing. macOS and Safari Exists in a user interface mismatch vulnerability due to poor state management.malicious Web The address bar can be spoofed through access to the site. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9942"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"db": "VULHUB",
"id": "VHN-188067"
},
{
"db": "VULMON",
"id": "CVE-2020-9942"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9942",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU99462952",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94090210",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014204",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.4060",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4060.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1349",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-188067",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-9942",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-188067"
},
{
"db": "VULMON",
"id": "CVE-2020-9942"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1349"
},
{
"db": "NVD",
"id": "CVE-2020-9942"
}
]
},
"id": "VAR-202012-1511",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-188067"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:34:23.790000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT211292 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT211292"
},
{
"title": "Apple Safari Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134644"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1349"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1021",
"trust": 1.0
},
{
"problemtype": "Inappropriate restrictions on rendered user interface layers or frames (CWE-1021) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"db": "NVD",
"id": "CVE-2020-9942"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://seclists.org/fulldisclosure/2020/dec/32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht211292"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht211931"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9942"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94090210/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99462952/index.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-11-multiple-vulnerabilities-33899"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4060/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4060.2/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/1021.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-188067"
},
{
"db": "VULMON",
"id": "CVE-2020-9942"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1349"
},
{
"db": "NVD",
"id": "CVE-2020-9942"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-188067"
},
{
"db": "VULMON",
"id": "CVE-2020-9942"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1349"
},
{
"db": "NVD",
"id": "CVE-2020-9942"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-188067"
},
{
"date": "2020-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9942"
},
{
"date": "2021-08-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"date": "2020-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1349"
},
{
"date": "2020-12-08T20:15:16.230000",
"db": "NVD",
"id": "CVE-2020-9942"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-02T00:00:00",
"db": "VULHUB",
"id": "VHN-188067"
},
{
"date": "2020-12-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9942"
},
{
"date": "2021-08-11T03:01:00",
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"date": "2020-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1349"
},
{
"date": "2024-11-21T05:41:34.190000",
"db": "NVD",
"id": "CVE-2020-9942"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1349"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "macOS\u00a0 and \u00a0Safari\u00a0 User Interface Mismatch Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1349"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…