cvelistv5 - cve-2020-9999

CVE-2020-9999 (GCVE-0-2020-9999)

Vulnerability from cvelistv5 – Published: 2020-12-08 19:32 – Updated: 2024-08-04 10:50

Summary

Severity ?

No CVSS data available.

CWE

Processing a maliciously crafted text file may lead to arbitrary code execution

Assigner

apple

References

URL

Tags

	https://support.apple.com/kb/HT211843	x_refsource_CONFIRM
	https://support.apple.com/kb/HT211850	x_refsource_CONFIRM
	https://support.apple.com/kb/HT211844	x_refsource_CONFIRM
	https://support.apple.com/kb/HT211935	x_refsource_CONFIRM
	https://support.apple.com/en-us/HT211931	x_refsource_MISC
	https://support.apple.com/en-us/HT211952	x_refsource_MISC
	http://seclists.org/fulldisclosure/2020/Dec/32	mailing-listx_refsource_FULLDISC

Impacted products

Vendor

Product

Version

Apple

macOS

Affected: unspecified , < 11.0 (custom)

Apple

macOS

Affected: unspecified , < 12.10 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:50:57.249Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT211843"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT211850"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT211844"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT211935"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT211931"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT211952"
          },
          {
            "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "12.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing a maliciously crafted text file may lead to arbitrary code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-16T04:06:17",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT211843"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT211850"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT211844"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT211935"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT211931"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT211952"
        },
        {
          "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-9999",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "11.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "12.10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Processing a maliciously crafted text file may lead to arbitrary code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/kb/HT211843",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT211843"
            },
            {
              "name": "https://support.apple.com/kb/HT211850",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT211850"
            },
            {
              "name": "https://support.apple.com/kb/HT211844",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT211844"
            },
            {
              "name": "https://support.apple.com/kb/HT211935",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT211935"
            },
            {
              "name": "https://support.apple.com/en-us/HT211931",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT211931"
            },
            {
              "name": "https://support.apple.com/en-us/HT211952",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT211952"
            },
            {
              "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2020-9999",
    "datePublished": "2020-12-08T19:32:03",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:50:57.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\", \"versionEndExcluding\": \"11.5.0\", \"matchCriteriaId\": \"83F73A4A-BF43-4F89-812D-FBDD33CDEF44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*\", \"versionEndExcluding\": \"12.10.9\", \"matchCriteriaId\": \"82AF1567-8217-464E-896E-874EBB0FE463\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"14.0\", \"matchCriteriaId\": \"10CC9ED4-9AE1-415A-94FF-60CB209506CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"14.0\", \"matchCriteriaId\": \"16AF4D2F-3C55-4DCC-A253-3F8CB4F453EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.0.1\", \"matchCriteriaId\": \"5CD08100-FC49-42F0-A226-0E5B523EC027\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"14.0\", \"matchCriteriaId\": \"0D16EC4D-D2E7-476D-BFBC-3703C8F0B45E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.0\", \"matchCriteriaId\": \"C117BCCF-7789-40BB-AD25-1E712F6DCF7C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution.\"}, {\"lang\": \"es\", \"value\": \"Se abord\\u00f3 un problema de corrupci\\u00f3n de la memoria con una administraci\\u00f3n de estado mejorada. Este problema se corrigi\\u00f3 en MacOS Big Sur versi\\u00f3n 11.0.1, iTunes para Windows versi\\u00f3n 12.10.9. Un procesamiento de un archivo de texto malicioso puede conllevar a una ejecuci\\u00f3n de c\\u00f3digo arbitraria\"}]",
      "id": "CVE-2020-9999",
      "lastModified": "2024-11-21T05:41:40.180",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-12-08T20:15:18.357",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2020/Dec/32\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT211931\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT211952\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211843\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211844\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211850\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211935\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Dec/32\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT211931\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT211952\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211843\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211844\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211850\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211935\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-9999\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2020-12-08T20:15:18.357\",\"lastModified\":\"2024-11-21T05:41:40.180\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de corrupci\u00f3n de la memoria con una administraci\u00f3n de estado mejorada. Este problema se corrigi\u00f3 en MacOS Big Sur versi\u00f3n 11.0.1, iTunes para Windows versi\u00f3n 12.10.9. Un procesamiento de un archivo de texto malicioso puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"11.5.0\",\"matchCriteriaId\":\"83F73A4A-BF43-4F89-812D-FBDD33CDEF44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"12.10.9\",\"matchCriteriaId\":\"82AF1567-8217-464E-896E-874EBB0FE463\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.0\",\"matchCriteriaId\":\"10CC9ED4-9AE1-415A-94FF-60CB209506CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.0\",\"matchCriteriaId\":\"16AF4D2F-3C55-4DCC-A253-3F8CB4F453EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.0.1\",\"matchCriteriaId\":\"5CD08100-FC49-42F0-A226-0E5B523EC027\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.0\",\"matchCriteriaId\":\"0D16EC4D-D2E7-476D-BFBC-3703C8F0B45E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0\",\"matchCriteriaId\":\"C117BCCF-7789-40BB-AD25-1E712F6DCF7C\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2020/Dec/32\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211931\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211952\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211843\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211844\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211850\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211935\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Dec/32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211931\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211952\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211843\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211844\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211850\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

VAR-202012-1510

Vulnerability from variot - Updated: 2023-12-18 11:16

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the CoreText library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of TTF fonts. Crafted data in a TTF file can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202012-1510",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.5.0"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.10.9"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0.1"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.0"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.0"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.0"
      },
      {
        "model": "apple mac os x",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "tvos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "itunes",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "7.0"
      },
      {
        "model": "ios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "icloud",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "(apple watch series 3  or later )"
      },
      {
        "model": "ipados",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "macos",
        "scope": null,
        "trust": 0.7,
        "vendor": "apple",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-1406"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014249"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9999"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.10.9",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9999"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mickey Jin \u0026 Junzhi Lu of Trend Micro Mobile Security Research Team",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-1406"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-9999",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2020-9999",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-188124",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-9999",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2020-9999",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-9999",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2020-9999",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202011-1339",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-188124",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-1406"
      },
      {
        "db": "VULHUB",
        "id": "VHN-188124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014249"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9999"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1339"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the CoreText library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of TTF fonts. Crafted data in a TTF file can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014249"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-1406"
      },
      {
        "db": "VULHUB",
        "id": "VHN-188124"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-9999",
        "trust": 3.3
      },
      {
        "db": "JVN",
        "id": "JVNVU92546061",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99462952",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU92370378",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014249",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-11828",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-1406",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4060",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4060.2",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1339",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-188124",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9999",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-1406"
      },
      {
        "db": "VULHUB",
        "id": "VHN-188124"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014249"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9999"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1339"
      }
    ]
  },
  "id": "VAR-202012-1510",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-188124"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:16:00.572000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT211935 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211843"
      },
      {
        "title": "Multiple Apple Product Buffer Error Vulnerability Fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=136409"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014249"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1339"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-188124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014249"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9999"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht211843"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht211844"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht211850"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht211935"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2020/dec/32"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht211931"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht211952"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9999"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu92546061/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu92370378/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu99462952/index.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht211935"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-macos-11-multiple-vulnerabilities-33899"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4060/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4060.2/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht211844"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-188124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014249"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9999"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1339"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-20-1406"
      },
      {
        "db": "VULHUB",
        "id": "VHN-188124"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014249"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9999"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1339"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-12-08T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-1406"
      },
      {
        "date": "2020-12-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-188124"
      },
      {
        "date": "2020-12-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-9999"
      },
      {
        "date": "2021-08-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-014249"
      },
      {
        "date": "2020-12-08T20:15:18.357000",
        "db": "NVD",
        "id": "CVE-2020-9999"
      },
      {
        "date": "2020-11-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202011-1339"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-12-08T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-1406"
      },
      {
        "date": "2021-07-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-188124"
      },
      {
        "date": "2021-03-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-9999"
      },
      {
        "date": "2021-08-12T08:50:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-014249"
      },
      {
        "date": "2021-07-21T11:39:23.747000",
        "db": "NVD",
        "id": "CVE-2020-9999"
      },
      {
        "date": "2021-11-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202011-1339"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1339"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0Apple\u00a0 Memory corruption vulnerability in the product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014249"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1339"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2020-9999

Vulnerability from fkie_nvd - Published: 2020-12-08 20:15 - Updated: 2024-11-21 05:41

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	http://seclists.org/fulldisclosure/2020/Dec/32	Mailing List, Third Party Advisory
product-security@apple.com	https://support.apple.com/en-us/HT211931	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT211952	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT211843	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT211844	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT211850	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT211935	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Dec/32	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT211931	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT211952	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT211843	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT211844	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT211850	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT211935	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	icloud	*
apple	itunes	*
apple	ipados	*
apple	iphone_os	*
apple	mac_os_x	*
apple	tvos	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "83F73A4A-BF43-4F89-812D-FBDD33CDEF44",
              "versionEndExcluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "82AF1567-8217-464E-896E-874EBB0FE463",
              "versionEndExcluding": "12.10.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10CC9ED4-9AE1-415A-94FF-60CB209506CA",
              "versionEndExcluding": "14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16AF4D2F-3C55-4DCC-A253-3F8CB4F453EF",
              "versionEndExcluding": "14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD08100-FC49-42F0-A226-0E5B523EC027",
              "versionEndExcluding": "11.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D16EC4D-D2E7-476D-BFBC-3703C8F0B45E",
              "versionEndExcluding": "14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C117BCCF-7789-40BB-AD25-1E712F6DCF7C",
              "versionEndExcluding": "7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un problema de corrupci\u00f3n de la memoria con una administraci\u00f3n de estado mejorada. Este problema se corrigi\u00f3 en MacOS Big Sur versi\u00f3n 11.0.1, iTunes para Windows versi\u00f3n 12.10.9. Un procesamiento de un archivo de texto malicioso puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria"
    }
  ],
  "id": "CVE-2020-9999",
  "lastModified": "2024-11-21T05:41:40.180",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-08T20:15:18.357",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211931"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211952"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT211843"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT211844"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT211850"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT211935"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT211843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT211844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT211850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT211935"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2020-AVI-747

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS High Sierra versions 10.13.x versions antérieures à 10.13.6
Apple	Safari	Safari versions antérieures à 14.0.1
Apple	macOS	macOS Mojave versions 10.14.x versions antérieures à 10.14.6
Apple	macOS	macOS Big Sur versions 11.0.x versions antérieures à 11.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211934 du 12 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211946 du 12 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211931 du 12 novembre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS High Sierra versions 10.13.x versions ant\u00e9rieures \u00e0 10.13.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 14.0.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave versions 10.14.x versions ant\u00e9rieures \u00e0 10.14.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions 11.0.x versions ant\u00e9rieures \u00e0 11.0.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-27903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27903"
    },
    {
      "name": "CVE-2020-9977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9977"
    },
    {
      "name": "CVE-2020-9945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9945"
    },
    {
      "name": "CVE-2020-9991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9991"
    },
    {
      "name": "CVE-2020-9941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9941"
    },
    {
      "name": "CVE-2020-9963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9963"
    },
    {
      "name": "CVE-2020-13434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
    },
    {
      "name": "CVE-2020-27894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27894"
    },
    {
      "name": "CVE-2020-9883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9883"
    },
    {
      "name": "CVE-2019-20838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
    },
    {
      "name": "CVE-2020-27918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27918"
    },
    {
      "name": "CVE-2020-27912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27912"
    },
    {
      "name": "CVE-2020-9944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9944"
    },
    {
      "name": "CVE-2020-10016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10016"
    },
    {
      "name": "CVE-2020-9974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9974"
    },
    {
      "name": "CVE-2020-10003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10003"
    },
    {
      "name": "CVE-2020-27906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27906"
    },
    {
      "name": "CVE-2020-27950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27950"
    },
    {
      "name": "CVE-2020-27911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27911"
    },
    {
      "name": "CVE-2020-9988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9988"
    },
    {
      "name": "CVE-2020-13630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
    },
    {
      "name": "CVE-2020-10009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10009"
    },
    {
      "name": "CVE-2020-9849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9849"
    },
    {
      "name": "CVE-2020-27932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27932"
    },
    {
      "name": "CVE-2020-10002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10002"
    },
    {
      "name": "CVE-2020-9996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9996"
    },
    {
      "name": "CVE-2019-14899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14899"
    },
    {
      "name": "CVE-2020-27930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27930"
    },
    {
      "name": "CVE-2020-9876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9876"
    },
    {
      "name": "CVE-2020-9999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9999"
    },
    {
      "name": "CVE-2020-10014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10014"
    },
    {
      "name": "CVE-2020-9949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9949"
    },
    {
      "name": "CVE-2020-10006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10006"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2020-9942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9942"
    },
    {
      "name": "CVE-2020-10007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10007"
    },
    {
      "name": "CVE-2020-10663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10663"
    },
    {
      "name": "CVE-2020-10004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10004"
    },
    {
      "name": "CVE-2020-9966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9966"
    },
    {
      "name": "CVE-2020-9965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9965"
    },
    {
      "name": "CVE-2020-13524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13524"
    },
    {
      "name": "CVE-2020-9969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9969"
    },
    {
      "name": "CVE-2020-27900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27900"
    },
    {
      "name": "CVE-2020-10012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10012"
    },
    {
      "name": "CVE-2020-27917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27917"
    },
    {
      "name": "CVE-2020-13631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
    },
    {
      "name": "CVE-2020-9989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9989"
    },
    {
      "name": "CVE-2020-27896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27896"
    },
    {
      "name": "CVE-2020-27904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27904"
    },
    {
      "name": "CVE-2020-27898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27898"
    },
    {
      "name": "CVE-2020-27916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27916"
    },
    {
      "name": "CVE-2020-14155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
    },
    {
      "name": "CVE-2020-10017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10017"
    },
    {
      "name": "CVE-2020-27910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27910"
    },
    {
      "name": "CVE-2020-10010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10010"
    },
    {
      "name": "CVE-2020-9943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9943"
    },
    {
      "name": "CVE-2020-27927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27927"
    },
    {
      "name": "CVE-2020-13435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-747",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211934 du 12 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211934"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211946 du 12 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211946"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211931 du 12 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211931"
    }
  ]
}

CERTFR-2020-AVI-747

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS High Sierra versions 10.13.x versions antérieures à 10.13.6
Apple	Safari	Safari versions antérieures à 14.0.1
Apple	macOS	macOS Mojave versions 10.14.x versions antérieures à 10.14.6
Apple	macOS	macOS Big Sur versions 11.0.x versions antérieures à 11.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211934 du 12 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211946 du 12 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211931 du 12 novembre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS High Sierra versions 10.13.x versions ant\u00e9rieures \u00e0 10.13.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 14.0.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave versions 10.14.x versions ant\u00e9rieures \u00e0 10.14.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions 11.0.x versions ant\u00e9rieures \u00e0 11.0.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-27903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27903"
    },
    {
      "name": "CVE-2020-9977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9977"
    },
    {
      "name": "CVE-2020-9945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9945"
    },
    {
      "name": "CVE-2020-9991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9991"
    },
    {
      "name": "CVE-2020-9941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9941"
    },
    {
      "name": "CVE-2020-9963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9963"
    },
    {
      "name": "CVE-2020-13434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
    },
    {
      "name": "CVE-2020-27894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27894"
    },
    {
      "name": "CVE-2020-9883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9883"
    },
    {
      "name": "CVE-2019-20838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
    },
    {
      "name": "CVE-2020-27918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27918"
    },
    {
      "name": "CVE-2020-27912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27912"
    },
    {
      "name": "CVE-2020-9944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9944"
    },
    {
      "name": "CVE-2020-10016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10016"
    },
    {
      "name": "CVE-2020-9974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9974"
    },
    {
      "name": "CVE-2020-10003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10003"
    },
    {
      "name": "CVE-2020-27906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27906"
    },
    {
      "name": "CVE-2020-27950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27950"
    },
    {
      "name": "CVE-2020-27911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27911"
    },
    {
      "name": "CVE-2020-9988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9988"
    },
    {
      "name": "CVE-2020-13630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
    },
    {
      "name": "CVE-2020-10009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10009"
    },
    {
      "name": "CVE-2020-9849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9849"
    },
    {
      "name": "CVE-2020-27932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27932"
    },
    {
      "name": "CVE-2020-10002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10002"
    },
    {
      "name": "CVE-2020-9996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9996"
    },
    {
      "name": "CVE-2019-14899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14899"
    },
    {
      "name": "CVE-2020-27930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27930"
    },
    {
      "name": "CVE-2020-9876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9876"
    },
    {
      "name": "CVE-2020-9999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9999"
    },
    {
      "name": "CVE-2020-10014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10014"
    },
    {
      "name": "CVE-2020-9949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9949"
    },
    {
      "name": "CVE-2020-10006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10006"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2020-9942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9942"
    },
    {
      "name": "CVE-2020-10007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10007"
    },
    {
      "name": "CVE-2020-10663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10663"
    },
    {
      "name": "CVE-2020-10004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10004"
    },
    {
      "name": "CVE-2020-9966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9966"
    },
    {
      "name": "CVE-2020-9965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9965"
    },
    {
      "name": "CVE-2020-13524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13524"
    },
    {
      "name": "CVE-2020-9969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9969"
    },
    {
      "name": "CVE-2020-27900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27900"
    },
    {
      "name": "CVE-2020-10012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10012"
    },
    {
      "name": "CVE-2020-27917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27917"
    },
    {
      "name": "CVE-2020-13631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
    },
    {
      "name": "CVE-2020-9989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9989"
    },
    {
      "name": "CVE-2020-27896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27896"
    },
    {
      "name": "CVE-2020-27904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27904"
    },
    {
      "name": "CVE-2020-27898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27898"
    },
    {
      "name": "CVE-2020-27916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27916"
    },
    {
      "name": "CVE-2020-14155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
    },
    {
      "name": "CVE-2020-10017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10017"
    },
    {
      "name": "CVE-2020-27910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27910"
    },
    {
      "name": "CVE-2020-10010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10010"
    },
    {
      "name": "CVE-2020-9943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9943"
    },
    {
      "name": "CVE-2020-27927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27927"
    },
    {
      "name": "CVE-2020-13435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-747",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211934 du 12 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211934"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211946 du 12 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211946"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211931 du 12 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211931"
    }
  ]
}

GSD-2020-9999

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-9999

Aliases

CVE-2020-9999

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-9999",
    "description": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution.",
    "id": "GSD-2020-9999"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-9999"
      ],
      "details": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution.",
      "id": "GSD-2020-9999",
      "modified": "2023-12-13T01:21:52.619135Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2020-9999",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "11.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "12.10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Processing a maliciously crafted text file may lead to arbitrary code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/kb/HT211843",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT211843"
          },
          {
            "name": "https://support.apple.com/kb/HT211850",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT211850"
          },
          {
            "name": "https://support.apple.com/kb/HT211844",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT211844"
          },
          {
            "name": "https://support.apple.com/kb/HT211935",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT211935"
          },
          {
            "name": "https://support.apple.com/en-us/HT211931",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT211931"
          },
          {
            "name": "https://support.apple.com/en-us/HT211952",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT211952"
          },
          {
            "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.10.9",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-9999"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT211931",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT211931"
            },
            {
              "name": "https://support.apple.com/en-us/HT211952",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT211952"
            },
            {
              "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
            },
            {
              "name": "https://support.apple.com/kb/HT211843",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT211843"
            },
            {
              "name": "https://support.apple.com/kb/HT211850",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT211850"
            },
            {
              "name": "https://support.apple.com/kb/HT211935",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT211935"
            },
            {
              "name": "https://support.apple.com/kb/HT211844",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT211844"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-12-08T20:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-9999 (GCVE-0-2020-9999)

VAR-202012-1510

FKIE_CVE-2020-9999

CERTFR-2020-AVI-747

Solution

CERTFR-2020-AVI-747

Solution

GSD-2020-9999

Tags

Sightings

Nomenclature