cvelistv5 - cve-2020-9839

CVE-2020-9839 (GCVE-0-2020-9839)

Vulnerability from cvelistv5 – Published: 2020-06-09 16:16 – Updated: 2024-08-04 10:43

Summary

Severity ?

No CVSS data available.

CWE

An application may be able to gain elevated privileges

Assigner

apple

References

URL

Tags

	https://support.apple.com/HT211168	x_refsource_MISC
	https://support.apple.com/HT211170	x_refsource_MISC
	https://support.apple.com/HT211171	x_refsource_MISC
	https://support.apple.com/HT211175	x_refsource_MISC

Impacted products

Vendor

Product

Version

Apple

iOS

Affected: unspecified , < iOS 13.5 and iPadOS 13.5 (custom)

Apple	macOS	Affected: unspecified , < macOS Catalina 10.15.5 (custom)
Apple	tvOS	Affected: unspecified , < tvOS 13.4.5 (custom)
Apple	watchOS	Affected: unspecified , < watchOS 6.2.5 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:43:05.374Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211168"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211170"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211171"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211175"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iOS 13.5 and iPadOS 13.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "macOS Catalina 10.15.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "tvOS 13.4.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "watchOS 6.2.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An application may be able to gain elevated privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-16T16:28:53",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211168"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211170"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211171"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211175"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-9839",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iOS 13.5 and iPadOS 13.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "macOS Catalina 10.15.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "tvOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "tvOS 13.4.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "watchOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "watchOS 6.2.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "An application may be able to gain elevated privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT211168",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211168"
            },
            {
              "name": "https://support.apple.com/HT211170",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211170"
            },
            {
              "name": "https://support.apple.com/HT211171",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211171"
            },
            {
              "name": "https://support.apple.com/HT211175",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211175"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2020-9839",
    "datePublished": "2020-06-09T16:16:12",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:43:05.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.5\", \"matchCriteriaId\": \"9145C3CB-429B-4FB8-A0AC-B543E9FFF938\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.5\", \"matchCriteriaId\": \"9C09256B-04A9-4D08-A791-8022B5AC5B14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.15.5\", \"matchCriteriaId\": \"99973242-A249-4C34-B042-5F833AE73708\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.4.5\", \"matchCriteriaId\": \"87753A67-6F9D-4264-BCEB-0694281F0477\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.2.5\", \"matchCriteriaId\": \"85301873-69B8-4A21-9EFD-F69A5E1ABF40\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.\"}, {\"lang\": \"es\", \"value\": \"Se abord\\u00f3 una condici\\u00f3n de carrera con un manejo del estado mejorado. Este problema es corregido en iOS versi\\u00f3n 13.5 y iPadOS versi\\u00f3n 13.5, macOS Catalina versi\\u00f3n 10.15.5, tvOS versi\\u00f3n 13.4.5, watchOS versi\\u00f3n 6.2.5. Una aplicaci\\u00f3n puede ser capaz de alcanzar privilegios elevados\"}]",
      "id": "CVE-2020-9839",
      "lastModified": "2024-11-21T05:41:22.693",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.0, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-06-09T17:15:14.643",
      "references": "[{\"url\": \"https://support.apple.com/HT211168\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211170\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211171\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211175\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211168\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211170\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211171\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211175\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-362\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-9839\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2020-06-09T17:15:14.643\",\"lastModified\":\"2024-11-21T05:41:22.693\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 una condici\u00f3n de carrera con un manejo del estado mejorado. Este problema es corregido en iOS versi\u00f3n 13.5 y iPadOS versi\u00f3n 13.5, macOS Catalina versi\u00f3n 10.15.5, tvOS versi\u00f3n 13.4.5, watchOS versi\u00f3n 6.2.5. Una aplicaci\u00f3n puede ser capaz de alcanzar privilegios elevados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.5\",\"matchCriteriaId\":\"9145C3CB-429B-4FB8-A0AC-B543E9FFF938\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.5\",\"matchCriteriaId\":\"9C09256B-04A9-4D08-A791-8022B5AC5B14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.15.5\",\"matchCriteriaId\":\"99973242-A249-4C34-B042-5F833AE73708\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.4.5\",\"matchCriteriaId\":\"87753A67-6F9D-4264-BCEB-0694281F0477\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.2.5\",\"matchCriteriaId\":\"85301873-69B8-4A21-9EFD-F69A5E1ABF40\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/HT211168\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211170\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211171\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211175\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211168\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211170\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211171\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211175\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2020-9839

Vulnerability from fkie_nvd - Published: 2020-06-09 17:15 - Updated: 2024-11-21 05:41

Severity ?

7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/HT211168	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211170	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211171	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211175	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211168	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211170	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211171	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211175	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	ipados	*
apple	iphone_os	*
apple	mac_os_x	*
apple	tvos	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9145C3CB-429B-4FB8-A0AC-B543E9FFF938",
              "versionEndExcluding": "13.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C09256B-04A9-4D08-A791-8022B5AC5B14",
              "versionEndExcluding": "13.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99973242-A249-4C34-B042-5F833AE73708",
              "versionEndExcluding": "10.15.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87753A67-6F9D-4264-BCEB-0694281F0477",
              "versionEndExcluding": "13.4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85301873-69B8-4A21-9EFD-F69A5E1ABF40",
              "versionEndExcluding": "6.2.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 una condici\u00f3n de carrera con un manejo del estado mejorado. Este problema es corregido en iOS versi\u00f3n 13.5 y iPadOS versi\u00f3n 13.5, macOS Catalina versi\u00f3n 10.15.5, tvOS versi\u00f3n 13.4.5, watchOS versi\u00f3n 6.2.5. Una aplicaci\u00f3n puede ser capaz de alcanzar privilegios elevados"
    }
  ],
  "id": "CVE-2020-9839",
  "lastModified": "2024-11-21T05:41:22.693",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-09T17:15:14.643",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211168"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211170"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211171"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211175"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2020-9839

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-9839

Aliases

CVE-2020-9839

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-9839",
    "description": "A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.",
    "id": "GSD-2020-9839",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2020-9839"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-9839"
      ],
      "details": "A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.",
      "id": "GSD-2020-9839",
      "modified": "2023-12-13T01:21:52.436688Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2020-9839",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "iOS 13.5 and iPadOS 13.5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "macOS Catalina 10.15.5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "tvOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "tvOS 13.4.5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "watchOS 6.2.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "An application may be able to gain elevated privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT211168",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211168"
          },
          {
            "name": "https://support.apple.com/HT211170",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211170"
          },
          {
            "name": "https://support.apple.com/HT211171",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211171"
          },
          {
            "name": "https://support.apple.com/HT211175",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211175"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.4.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-9839"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT211168",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211168"
            },
            {
              "name": "https://support.apple.com/HT211170",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211170"
            },
            {
              "name": "https://support.apple.com/HT211171",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211171"
            },
            {
              "name": "https://support.apple.com/HT211175",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211175"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-01-09T16:41Z",
      "publishedDate": "2020-06-09T17:15Z"
    }
  }
}

CNVD-2020-52144

Vulnerability from cnvd - Published: 2020-09-15

Title

多款Apple产品System Preferences组件竞争条件问题漏洞

Description

Apple iOS等都是美国苹果（Apple）公司的产品。Apple iOS是一套为移动设备所开发的操作系统。Apple iPadOS是一套用于iPad平板电脑的操作系统。Apple macOS Catalina是一套专为Mac计算机所开发的专用操作系统。System Preferences是其中的一个系统偏好设置组件。多款Apple产品中的System Preferences组件存在竞争条件问题漏洞，攻击者可利用该漏洞提升权限。

Severity

中

Patch Name

多款Apple产品System Preferences组件竞争条件问题漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.apple.com/zh-cn/HT211168 https://support.apple.com/zh-cn/HT211170 https://support.apple.com/zh-cn/HT211171 https://support.apple.com/zh-cn/HT211175

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-9839

Impacted products

Name
['Apple macOS Catalina <10.15.5', 'Apple iOS <13.5', 'Apple iPadOS <13.5', 'Apple tvOS <13.4.5', 'Apple watchOS <6.2.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-9839"
    }
  },
  "description": "Apple iOS\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple macOS Catalina\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002System Preferences\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7cfb\u7edf\u504f\u597d\u8bbe\u7f6e\u7ec4\u4ef6\u3002\n\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684System Preferences\u7ec4\u4ef6\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/zh-cn/HT211168\r\nhttps://support.apple.com/zh-cn/HT211170\r\nhttps://support.apple.com/zh-cn/HT211171\r\nhttps://support.apple.com/zh-cn/HT211175",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-52144",
  "openTime": "2020-09-15",
  "patchDescription": "Apple iOS\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple macOS Catalina\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002System Preferences\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7cfb\u7edf\u504f\u597d\u8bbe\u7f6e\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684System Preferences\u7ec4\u4ef6\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1System Preferences\u7ec4\u4ef6\u7ade\u4e89\u6761\u4ef6\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple  macOS Catalina \u003c10.15.5",
      "Apple  iOS \u003c13.5",
      "Apple  iPadOS \u003c13.5",
      "Apple  tvOS \u003c13.4.5",
      "Apple  watchOS \u003c6.2.5"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-9839",
  "serverity": "\u4e2d",
  "submitTime": "2020-05-28",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1System Preferences\u7ec4\u4ef6\u7ade\u4e89\u6761\u4ef6\u95ee\u9898\u6f0f\u6d1e"
}

CERTFR-2020-AVI-321

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS Catalina versions antérieures à 10.15.5
Apple	N/A	iCloud pour Windows versions 11.x antérieures à 11.2
Apple	Safari	Safari versions antérieures à 13.1.1
Apple	N/A	iCloud pour Windows versions antérieures à 7.19
Apple	macOS	macOS Mojave sans le correctif de sécurité 2020-003
Apple	macOS	macOS High Sierra sans le correctif de sécurité 2020-003
Apple	N/A	Windows Migration Assistant versions antérieures à 2.2.0.0 (v. 1A11)

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211170 du 26 mai 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211177 du 26 mai 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211181 du 26 mai 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211179 du 26 mai 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211186 du 26 mai 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.5",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions 11.x ant\u00e9rieures \u00e0 11.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 13.1.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 7.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave sans le correctif de s\u00e9curit\u00e9 2020-003",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS High Sierra sans le correctif de s\u00e9curit\u00e9 2020-003",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Migration Assistant versions ant\u00e9rieures \u00e0 2.2.0.0 (v. 1A11)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-9817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9817"
    },
    {
      "name": "CVE-2020-9788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9788"
    },
    {
      "name": "CVE-2019-20503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20503"
    },
    {
      "name": "CVE-2020-3878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3878"
    },
    {
      "name": "CVE-2020-9839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9839"
    },
    {
      "name": "CVE-2020-9856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9856"
    },
    {
      "name": "CVE-2020-9834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9834"
    },
    {
      "name": "CVE-2020-9855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9855"
    },
    {
      "name": "CVE-2020-9844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9844"
    },
    {
      "name": "CVE-2020-9812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9812"
    },
    {
      "name": "CVE-2020-9826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9826"
    },
    {
      "name": "CVE-2020-9816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9816"
    },
    {
      "name": "CVE-2020-9790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9790"
    },
    {
      "name": "CVE-2020-9847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9847"
    },
    {
      "name": "CVE-2020-9789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9789"
    },
    {
      "name": "CVE-2020-9858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9858"
    },
    {
      "name": "CVE-2020-9825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9825"
    },
    {
      "name": "CVE-2020-9809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9809"
    },
    {
      "name": "CVE-2020-9857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9857"
    },
    {
      "name": "CVE-2020-9808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9808"
    },
    {
      "name": "CVE-2020-9831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9831"
    },
    {
      "name": "CVE-2020-9828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9828"
    },
    {
      "name": "CVE-2020-9801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9801"
    },
    {
      "name": "CVE-2020-9807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9807"
    },
    {
      "name": "CVE-2020-9852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9852"
    },
    {
      "name": "CVE-2020-9805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9805"
    },
    {
      "name": "CVE-2019-20044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20044"
    },
    {
      "name": "CVE-2020-9806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9806"
    },
    {
      "name": "CVE-2020-9815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9815"
    },
    {
      "name": "CVE-2020-9841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9841"
    },
    {
      "name": "CVE-2020-9797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9797"
    },
    {
      "name": "CVE-2020-9793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9793"
    },
    {
      "name": "CVE-2020-9832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9832"
    },
    {
      "name": "CVE-2020-9837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9837"
    },
    {
      "name": "CVE-2020-9791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9791"
    },
    {
      "name": "CVE-2020-9813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9813"
    },
    {
      "name": "CVE-2019-14868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14868"
    },
    {
      "name": "CVE-2020-9803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9803"
    },
    {
      "name": "CVE-2020-9843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9843"
    },
    {
      "name": "CVE-2020-9821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9821"
    },
    {
      "name": "CVE-2020-9811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9811"
    },
    {
      "name": "CVE-2020-9802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9802"
    },
    {
      "name": "CVE-2020-3882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3882"
    },
    {
      "name": "CVE-2020-9771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9771"
    },
    {
      "name": "CVE-2020-9814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9814"
    },
    {
      "name": "CVE-2020-9830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9830"
    },
    {
      "name": "CVE-2020-9827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9827"
    },
    {
      "name": "CVE-2020-9851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9851"
    },
    {
      "name": "CVE-2020-9842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9842"
    },
    {
      "name": "CVE-2020-9800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9800"
    },
    {
      "name": "CVE-2020-9772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9772"
    },
    {
      "name": "CVE-2020-9792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9792"
    },
    {
      "name": "CVE-2020-9822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9822"
    },
    {
      "name": "CVE-2020-9833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9833"
    },
    {
      "name": "CVE-2020-9824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9824"
    },
    {
      "name": "CVE-2020-9794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9794"
    },
    {
      "name": "CVE-2020-9795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9795"
    },
    {
      "name": "CVE-2020-9850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9850"
    },
    {
      "name": "CVE-2020-9804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9804"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-321",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-05-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211170 du 26 mai 2020",
      "url": "https://support.apple.com/en-us/HT211170"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211177 du 26 mai 2020",
      "url": "https://support.apple.com/en-us/HT211177"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211181 du 26 mai 2020",
      "url": "https://support.apple.com/en-us/HT211181"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211179 du 26 mai 2020",
      "url": "https://support.apple.com/en-us/HT211179"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211186 du 26 mai 2020",
      "url": "https://support.apple.com/en-us/HT211186"
    }
  ]
}

CERTFR-2020-AVI-321

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS Catalina versions antérieures à 10.15.5
Apple	N/A	iCloud pour Windows versions 11.x antérieures à 11.2
Apple	Safari	Safari versions antérieures à 13.1.1
Apple	N/A	iCloud pour Windows versions antérieures à 7.19
Apple	macOS	macOS Mojave sans le correctif de sécurité 2020-003
Apple	macOS	macOS High Sierra sans le correctif de sécurité 2020-003
Apple	N/A	Windows Migration Assistant versions antérieures à 2.2.0.0 (v. 1A11)

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211170 du 26 mai 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211177 du 26 mai 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211181 du 26 mai 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211179 du 26 mai 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211186 du 26 mai 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.5",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions 11.x ant\u00e9rieures \u00e0 11.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 13.1.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 7.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave sans le correctif de s\u00e9curit\u00e9 2020-003",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS High Sierra sans le correctif de s\u00e9curit\u00e9 2020-003",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Migration Assistant versions ant\u00e9rieures \u00e0 2.2.0.0 (v. 1A11)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-9817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9817"
    },
    {
      "name": "CVE-2020-9788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9788"
    },
    {
      "name": "CVE-2019-20503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20503"
    },
    {
      "name": "CVE-2020-3878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3878"
    },
    {
      "name": "CVE-2020-9839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9839"
    },
    {
      "name": "CVE-2020-9856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9856"
    },
    {
      "name": "CVE-2020-9834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9834"
    },
    {
      "name": "CVE-2020-9855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9855"
    },
    {
      "name": "CVE-2020-9844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9844"
    },
    {
      "name": "CVE-2020-9812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9812"
    },
    {
      "name": "CVE-2020-9826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9826"
    },
    {
      "name": "CVE-2020-9816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9816"
    },
    {
      "name": "CVE-2020-9790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9790"
    },
    {
      "name": "CVE-2020-9847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9847"
    },
    {
      "name": "CVE-2020-9789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9789"
    },
    {
      "name": "CVE-2020-9858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9858"
    },
    {
      "name": "CVE-2020-9825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9825"
    },
    {
      "name": "CVE-2020-9809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9809"
    },
    {
      "name": "CVE-2020-9857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9857"
    },
    {
      "name": "CVE-2020-9808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9808"
    },
    {
      "name": "CVE-2020-9831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9831"
    },
    {
      "name": "CVE-2020-9828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9828"
    },
    {
      "name": "CVE-2020-9801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9801"
    },
    {
      "name": "CVE-2020-9807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9807"
    },
    {
      "name": "CVE-2020-9852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9852"
    },
    {
      "name": "CVE-2020-9805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9805"
    },
    {
      "name": "CVE-2019-20044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20044"
    },
    {
      "name": "CVE-2020-9806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9806"
    },
    {
      "name": "CVE-2020-9815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9815"
    },
    {
      "name": "CVE-2020-9841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9841"
    },
    {
      "name": "CVE-2020-9797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9797"
    },
    {
      "name": "CVE-2020-9793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9793"
    },
    {
      "name": "CVE-2020-9832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9832"
    },
    {
      "name": "CVE-2020-9837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9837"
    },
    {
      "name": "CVE-2020-9791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9791"
    },
    {
      "name": "CVE-2020-9813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9813"
    },
    {
      "name": "CVE-2019-14868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14868"
    },
    {
      "name": "CVE-2020-9803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9803"
    },
    {
      "name": "CVE-2020-9843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9843"
    },
    {
      "name": "CVE-2020-9821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9821"
    },
    {
      "name": "CVE-2020-9811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9811"
    },
    {
      "name": "CVE-2020-9802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9802"
    },
    {
      "name": "CVE-2020-3882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3882"
    },
    {
      "name": "CVE-2020-9771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9771"
    },
    {
      "name": "CVE-2020-9814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9814"
    },
    {
      "name": "CVE-2020-9830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9830"
    },
    {
      "name": "CVE-2020-9827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9827"
    },
    {
      "name": "CVE-2020-9851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9851"
    },
    {
      "name": "CVE-2020-9842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9842"
    },
    {
      "name": "CVE-2020-9800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9800"
    },
    {
      "name": "CVE-2020-9772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9772"
    },
    {
      "name": "CVE-2020-9792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9792"
    },
    {
      "name": "CVE-2020-9822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9822"
    },
    {
      "name": "CVE-2020-9833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9833"
    },
    {
      "name": "CVE-2020-9824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9824"
    },
    {
      "name": "CVE-2020-9794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9794"
    },
    {
      "name": "CVE-2020-9795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9795"
    },
    {
      "name": "CVE-2020-9850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9850"
    },
    {
      "name": "CVE-2020-9804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9804"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-321",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-05-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211170 du 26 mai 2020",
      "url": "https://support.apple.com/en-us/HT211170"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211177 du 26 mai 2020",
      "url": "https://support.apple.com/en-us/HT211177"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211181 du 26 mai 2020",
      "url": "https://support.apple.com/en-us/HT211181"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211179 du 26 mai 2020",
      "url": "https://support.apple.com/en-us/HT211179"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211186 du 26 mai 2020",
      "url": "https://support.apple.com/en-us/HT211186"
    }
  ]
}

VAR-202006-1633

Vulnerability from variot - Updated: 2023-12-18 11:34

A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges. plural Apple The product is vulnerable to race conditions due to flawed state handling.Elevated privileges may be obtained through the application. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of file permisions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the root. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. System Preferences is one of the System Preferences components. A race condition issue exists in the System Preferences component in several Apple products. An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Apple iOS prior to 13.5; iPadOS prior to 13.5; macOS Catalina prior to 10.15.5; tvOS prior to 13.4.5; watchOS prior to 6.2.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1633",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.2.5"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.5"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.5"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.5"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.4.5"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.4.5 \u672a\u6e80 (apple tv 4k)"
      },
      {
        "model": "ipados",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.5 \u672a\u6e80 (ipad air 2 \u4ee5\u964d)"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.2.5 \u672a\u6e80 (apple watch series 1 \u4ee5\u964d )"
      },
      {
        "model": "ipados",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.5 \u672a\u6e80 (ipad mini 4 \u4ee5\u964d)"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.13.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.5 \u672a\u6e80 (ipod touch \u7b2c 7 \u4e16\u4ee3)"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.14.6"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.4.5 \u672a\u6e80 (apple tv hd)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.5 \u672a\u6e80 (iphone 6s \u4ee5\u964d)"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.15.4"
      },
      {
        "model": "macos",
        "scope": null,
        "trust": 0.7,
        "vendor": "apple",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-681"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006162"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9839"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.4.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9839"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "@jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-681"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-9839",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006162",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "VHN-187964",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.0,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.0,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006162",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2020-9839",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "NONE",
            "vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-9839",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-006162",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2020-9839",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202005-1272",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-187964",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-681"
      },
      {
        "db": "VULHUB",
        "id": "VHN-187964"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006162"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9839"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1272"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges. plural Apple The product is vulnerable to race conditions due to flawed state handling.Elevated privileges may be obtained through the application. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of file permisions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the root. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. System Preferences is one of the System Preferences components. A race condition issue exists in the System Preferences component in several Apple products. An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Apple iOS prior to 13.5; iPadOS prior to 13.5; macOS Catalina prior to 10.15.5; tvOS prior to 13.4.5; watchOS prior to 6.2.5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9839"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006162"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-681"
      },
      {
        "db": "VULHUB",
        "id": "VHN-187964"
      }
    ],
    "trust": 2.34
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-187964",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187964"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-9839",
        "trust": 3.2
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-681",
        "trust": 1.3
      },
      {
        "db": "JVN",
        "id": "JVNVU98042162",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006162",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-10777",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "159084",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1272",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1861",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "48675",
        "trust": 0.6
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2020090042",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-52144",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-187964",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-681"
      },
      {
        "db": "VULHUB",
        "id": "VHN-187964"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006162"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9839"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1272"
      }
    ]
  },
  "id": "VAR-202006-1633",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187964"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:34:02.483000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT211168",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211168"
      },
      {
        "title": "HT211170",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211170"
      },
      {
        "title": "HT211171",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211171"
      },
      {
        "title": "HT211175",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211175"
      },
      {
        "title": "HT211170",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211170"
      },
      {
        "title": "HT211171",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211171"
      },
      {
        "title": "HT211175",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211175"
      },
      {
        "title": "HT211168",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211168"
      },
      {
        "title": "",
        "trust": 0.7,
        "url": "https://support.apple.com/en-gb/ht211170"
      },
      {
        "title": "Multiple Apple product System Preferences Repair measures for component race condition problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=121022"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-681"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006162"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1272"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187964"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006162"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9839"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht211168"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht211170"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht211171"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht211175"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9839"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9839"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98042162/index.html"
      },
      {
        "trust": 0.7,
        "url": "https://support.apple.com/en-gb/ht211170"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2020090042"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/kb/ht211168"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1861/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht211170"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht211175"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-32343"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/kb/ht211170"
      },
      {
        "trust": 0.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-20-681/"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/48675"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159084/macos-cfprefsd-arbitrary-file-write-local-privilege-escalation.html"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-681"
      },
      {
        "db": "VULHUB",
        "id": "VHN-187964"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006162"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9839"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1272"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-20-681"
      },
      {
        "db": "VULHUB",
        "id": "VHN-187964"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006162"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9839"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1272"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-05-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-681"
      },
      {
        "date": "2020-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-187964"
      },
      {
        "date": "2020-07-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006162"
      },
      {
        "date": "2020-06-09T17:15:14.643000",
        "db": "NVD",
        "id": "CVE-2020-9839"
      },
      {
        "date": "2020-05-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-1272"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-05-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-681"
      },
      {
        "date": "2023-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-187964"
      },
      {
        "date": "2020-07-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006162"
      },
      {
        "date": "2023-01-09T16:41:59.350000",
        "db": "NVD",
        "id": "CVE-2020-9839"
      },
      {
        "date": "2021-11-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-1272"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1272"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Product Race Condition Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006162"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "competition condition problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1272"
      }
    ],
    "trust": 0.6
  }
}

GHSA-38PP-34CQ-8XPR

Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2022-06-03 00:00

Details

Severity ?

7.0 (High)


                  
                    CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-9839"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-09T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.",
  "id": "GHSA-38pp-34cq-8xpr",
  "modified": "2022-06-03T00:00:35Z",
  "published": "2022-05-24T17:19:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9839"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211168"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211170"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211171"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211175"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/159084/macOS-cfprefsd-Arbitrary-File-Write-Local-Privilege-Escalation.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-9839 (GCVE-0-2020-9839)

FKIE_CVE-2020-9839

GSD-2020-9839

CNVD-2020-52144

CERTFR-2020-AVI-321

Solution

CERTFR-2020-AVI-321

Solution

VAR-202006-1633

GHSA-38PP-34CQ-8XPR

Tags

Sightings

Nomenclature