var-201912-1845
Vulnerability from variot
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * * information leak * * User impersonation * * Arbitrary code execution * * UI Spoofing * * Insufficient access restrictions * * Service operation interruption (DoS) * * Privilege escalation * * Memory corruption * * Authentication bypass. Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple Safari prior to 13.0.3; iOS prior to 13.2; iPadOS prior to 13.2; tvOS prior to 13.2; Windows-based iCloud prior to 11.0; Windows-based iTunes prior to 12.10.2; Windows-based versions of iCloud prior to 7.15.
Installation note:
Safari 13.0.3 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: webkitgtk4 security, bug fix, and enhancement update Advisory ID: RHSA-2020:4035-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4035 Issue date: 2020-09-29 CVE Names: CVE-2019-6237 CVE-2019-6251 CVE-2019-8506 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 CVE-2019-8625 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8674 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-11070 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-10018 CVE-2020-11793 ==================================================================== 1. Summary:
An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
- Description:
WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3.
The following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144)
Security Fix(es):
- webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: webkitgtk4-2.28.2-2.el7.src.rpm
x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: webkitgtk4-2.28.2-2.el7.src.rpm
x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: webkitgtk4-2.28.2-2.el7.src.rpm
ppc64: webkitgtk4-2.28.2-2.el7.ppc.rpm webkitgtk4-2.28.2-2.el7.ppc64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm
ppc64le: webkitgtk4-2.28.2-2.el7.ppc64le.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm
s390x: webkitgtk4-2.28.2-2.el7.s390.rpm webkitgtk4-2.28.2-2.el7.s390x.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm
x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
ppc64: webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm
s390x: webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-devel-2.28.2-2.el7.s390.rpm webkitgtk4-devel-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: webkitgtk4-2.28.2-2.el7.src.rpm
x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-6237 https://access.redhat.com/security/cve/CVE-2019-6251 https://access.redhat.com/security/cve/CVE-2019-8506 https://access.redhat.com/security/cve/CVE-2019-8524 https://access.redhat.com/security/cve/CVE-2019-8535 https://access.redhat.com/security/cve/CVE-2019-8536 https://access.redhat.com/security/cve/CVE-2019-8544 https://access.redhat.com/security/cve/CVE-2019-8551 https://access.redhat.com/security/cve/CVE-2019-8558 https://access.redhat.com/security/cve/CVE-2019-8559 https://access.redhat.com/security/cve/CVE-2019-8563 https://access.redhat.com/security/cve/CVE-2019-8571 https://access.redhat.com/security/cve/CVE-2019-8583 https://access.redhat.com/security/cve/CVE-2019-8584 https://access.redhat.com/security/cve/CVE-2019-8586 https://access.redhat.com/security/cve/CVE-2019-8587 https://access.redhat.com/security/cve/CVE-2019-8594 https://access.redhat.com/security/cve/CVE-2019-8595 https://access.redhat.com/security/cve/CVE-2019-8596 https://access.redhat.com/security/cve/CVE-2019-8597 https://access.redhat.com/security/cve/CVE-2019-8601 https://access.redhat.com/security/cve/CVE-2019-8607 https://access.redhat.com/security/cve/CVE-2019-8608 https://access.redhat.com/security/cve/CVE-2019-8609 https://access.redhat.com/security/cve/CVE-2019-8610 https://access.redhat.com/security/cve/CVE-2019-8611 https://access.redhat.com/security/cve/CVE-2019-8615 https://access.redhat.com/security/cve/CVE-2019-8619 https://access.redhat.com/security/cve/CVE-2019-8622 https://access.redhat.com/security/cve/CVE-2019-8623 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8644 https://access.redhat.com/security/cve/CVE-2019-8649 https://access.redhat.com/security/cve/CVE-2019-8658 https://access.redhat.com/security/cve/CVE-2019-8666 https://access.redhat.com/security/cve/CVE-2019-8669 https://access.redhat.com/security/cve/CVE-2019-8671 https://access.redhat.com/security/cve/CVE-2019-8672 https://access.redhat.com/security/cve/CVE-2019-8673 https://access.redhat.com/security/cve/CVE-2019-8674 https://access.redhat.com/security/cve/CVE-2019-8676 https://access.redhat.com/security/cve/CVE-2019-8677 https://access.redhat.com/security/cve/CVE-2019-8678 https://access.redhat.com/security/cve/CVE-2019-8679 https://access.redhat.com/security/cve/CVE-2019-8680 https://access.redhat.com/security/cve/CVE-2019-8681 https://access.redhat.com/security/cve/CVE-2019-8683 https://access.redhat.com/security/cve/CVE-2019-8684 https://access.redhat.com/security/cve/CVE-2019-8686 https://access.redhat.com/security/cve/CVE-2019-8687 https://access.redhat.com/security/cve/CVE-2019-8688 https://access.redhat.com/security/cve/CVE-2019-8689 https://access.redhat.com/security/cve/CVE-2019-8690 https://access.redhat.com/security/cve/CVE-2019-8707 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8719 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8726 https://access.redhat.com/security/cve/CVE-2019-8733 https://access.redhat.com/security/cve/CVE-2019-8735 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8763 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8765 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8768 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8821 https://access.redhat.com/security/cve/CVE-2019-8822 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-11070 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX3OjINzjgjWX9erEAQjqsg/9FnSEJ3umFx0gtnsZIVRP9YxMIVZhVQ8z rNnK/LGQWq1nPlNC5OF60WRcWA7cC74lh1jl/+xU6p+9JXTq9y9hQTd7Fcf+6T01 RYj2zJe6kGBY/53rhZJKCdb9zNXz1CkqsuvTPqVGIabUWTTlsBFnd6l4GK6QL4kM XVQZyWtmSfmLII4Ocdav9WocJzH6o1TbEo+O9Fm6WjdVOK+/+VzPki0/dW50CQAK R8u5tTXZR5m52RLmvhs/LTv3yUnmhEkhvrR0TtuR8KRfcP1/ytNwn3VidFefuAO1 PWrgpjIPWy/kbtZaZWK4fBblYj6bKCVD1SiBKQcOfCq0f16aqRP2niFoDXdAy467 eGu0JHkRsIRCLG2rY+JfOau5KtLRhRr0iRe5AhOVpAtUelzjAvEQEcVv4GmZXcwX rXfeagSjWzdo8Mf55d7pjORXAKhGdO3FQSeiCvzq9miZq3NBX4Jm4raobeskw/rJ 1ONqg4fE7Gv7rks8QOy5xErwI8Ut1TGJAgYOD8rmRptr05hBWQFJCfmoc4KpxsMe PJoRag0AZfYxYoMe5avMcGCYHosU63z3wS7gao9flj37NkEi6M134vGmCpPNmpGr w5HQly9SO3mD0a92xOUn42rrXq841ZkVu89fR6j9wBn8NAKLWH6eUjZkVMNmLRzh PKg+HFNkMjk=dS3G -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2019-0006
Date reported : November 08, 2019 Advisory ID : WSA-2019-0006 WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2019-0006.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2019-0006.html CVE identifiers : CVE-2019-8710, CVE-2019-8743, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823.
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
CVE-2019-8710 Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before 2.26.0. Credit to found by OSS-Fuzz.
CVE-2019-8743 Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before 2.26.0. Credit to zhunki from Codesafe Team of Legendsec at Qi'anxin Group.
CVE-2019-8764 Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before 2.26.0. Credit to Sergei Glazunov of Google Project Zero.
CVE-2019-8765 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to Samuel Groß of Google Project Zero.
CVE-2019-8766 Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before 2.26.0. Credit to found by OSS-Fuzz.
CVE-2019-8782 Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before 2.26.0. Credit to Cheolung Lee of LINE+ Security Team.
CVE-2019-8783 Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before 2.26.1. Credit to Cheolung Lee of LINE+ Graylab Security Team.
CVE-2019-8808 Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before 2.26.0. Credit to found by OSS-Fuzz.
CVE-2019-8811 Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before 2.26.1. Credit to Soyeon Park of SSLab at Georgia Tech.
CVE-2019-8812 Versions affected: WebKitGTK before 2.26.2 and WPE WebKit before 2.26.2. Credit to an anonymous researcher.
CVE-2019-8813 Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before 2.26.1. Credit to an anonymous researcher.
CVE-2019-8814 Versions affected: WebKitGTK before 2.26.2 and WPE WebKit before 2.26.2. Credit to Cheolung Lee of LINE+ Security Team.
CVE-2019-8815 Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before 2.26.0. Credit to Apple.
CVE-2019-8816 Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before 2.26.1. Credit to Soyeon Park of SSLab at Georgia Tech.
CVE-2019-8819 Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before 2.26.1. Credit to Cheolung Lee of LINE+ Security Team.
CVE-2019-8820 Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before 2.26.1. Credit to Samuel Groß of Google Project Zero.
CVE-2019-8821 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to Sergei Glazunov of Google Project Zero.
CVE-2019-8822 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to Sergei Glazunov of Google Project Zero.
CVE-2019-8823 Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before 2.26.1. Credit to Sergei Glazunov of Google Project Zero.
We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.
Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/.
The WebKitGTK and WPE WebKit team, November 08, 2019
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-22
https://security.gentoo.org/
Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: March 15, 2020 Bugs: #699156, #706374, #709612 ID: 202003-22
Synopsis
Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.26.4 >= 2.26.4
Description
Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.
Impact
A remote attacker could execute arbitrary code, cause a Denial of Service condition, bypass intended memory-read restrictions, conduct a timing side-channel attack to bypass the Same Origin Policy or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.26.4"
References
[ 1 ] CVE-2019-8625 https://nvd.nist.gov/vuln/detail/CVE-2019-8625 [ 2 ] CVE-2019-8674 https://nvd.nist.gov/vuln/detail/CVE-2019-8674 [ 3 ] CVE-2019-8707 https://nvd.nist.gov/vuln/detail/CVE-2019-8707 [ 4 ] CVE-2019-8710 https://nvd.nist.gov/vuln/detail/CVE-2019-8710 [ 5 ] CVE-2019-8719 https://nvd.nist.gov/vuln/detail/CVE-2019-8719 [ 6 ] CVE-2019-8720 https://nvd.nist.gov/vuln/detail/CVE-2019-8720 [ 7 ] CVE-2019-8726 https://nvd.nist.gov/vuln/detail/CVE-2019-8726 [ 8 ] CVE-2019-8733 https://nvd.nist.gov/vuln/detail/CVE-2019-8733 [ 9 ] CVE-2019-8735 https://nvd.nist.gov/vuln/detail/CVE-2019-8735 [ 10 ] CVE-2019-8743 https://nvd.nist.gov/vuln/detail/CVE-2019-8743 [ 11 ] CVE-2019-8763 https://nvd.nist.gov/vuln/detail/CVE-2019-8763 [ 12 ] CVE-2019-8764 https://nvd.nist.gov/vuln/detail/CVE-2019-8764 [ 13 ] CVE-2019-8765 https://nvd.nist.gov/vuln/detail/CVE-2019-8765 [ 14 ] CVE-2019-8766 https://nvd.nist.gov/vuln/detail/CVE-2019-8766 [ 15 ] CVE-2019-8768 https://nvd.nist.gov/vuln/detail/CVE-2019-8768 [ 16 ] CVE-2019-8769 https://nvd.nist.gov/vuln/detail/CVE-2019-8769 [ 17 ] CVE-2019-8771 https://nvd.nist.gov/vuln/detail/CVE-2019-8771 [ 18 ] CVE-2019-8782 https://nvd.nist.gov/vuln/detail/CVE-2019-8782 [ 19 ] CVE-2019-8783 https://nvd.nist.gov/vuln/detail/CVE-2019-8783 [ 20 ] CVE-2019-8808 https://nvd.nist.gov/vuln/detail/CVE-2019-8808 [ 21 ] CVE-2019-8811 https://nvd.nist.gov/vuln/detail/CVE-2019-8811 [ 22 ] CVE-2019-8812 https://nvd.nist.gov/vuln/detail/CVE-2019-8812 [ 23 ] CVE-2019-8813 https://nvd.nist.gov/vuln/detail/CVE-2019-8813 [ 24 ] CVE-2019-8814 https://nvd.nist.gov/vuln/detail/CVE-2019-8814 [ 25 ] CVE-2019-8815 https://nvd.nist.gov/vuln/detail/CVE-2019-8815 [ 26 ] CVE-2019-8816 https://nvd.nist.gov/vuln/detail/CVE-2019-8816 [ 27 ] CVE-2019-8819 https://nvd.nist.gov/vuln/detail/CVE-2019-8819 [ 28 ] CVE-2019-8820 https://nvd.nist.gov/vuln/detail/CVE-2019-8820 [ 29 ] CVE-2019-8821 https://nvd.nist.gov/vuln/detail/CVE-2019-8821 [ 30 ] CVE-2019-8822 https://nvd.nist.gov/vuln/detail/CVE-2019-8822 [ 31 ] CVE-2019-8823 https://nvd.nist.gov/vuln/detail/CVE-2019-8823 [ 32 ] CVE-2019-8835 https://nvd.nist.gov/vuln/detail/CVE-2019-8835 [ 33 ] CVE-2019-8844 https://nvd.nist.gov/vuln/detail/CVE-2019-8844 [ 34 ] CVE-2019-8846 https://nvd.nist.gov/vuln/detail/CVE-2019-8846 [ 35 ] CVE-2020-3862 https://nvd.nist.gov/vuln/detail/CVE-2020-3862 [ 36 ] CVE-2020-3864 https://nvd.nist.gov/vuln/detail/CVE-2020-3864 [ 37 ] CVE-2020-3865 https://nvd.nist.gov/vuln/detail/CVE-2020-3865 [ 38 ] CVE-2020-3867 https://nvd.nist.gov/vuln/detail/CVE-2020-3867 [ 39 ] CVE-2020-3868 https://nvd.nist.gov/vuln/detail/CVE-2020-3868
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-22
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-10-29-1 iOS 13.2 and iPadOS 13.2
iOS 13.2 and iPadOS 13.2 are now available and address the following:
Accounts Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at Technische Universität Darmstadt
App Store Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local attacker may be able to login to the account of a previously logged in user without valid credentials. CVE-2019-8803: Kiyeon An, 차민규 (CHA Minkyu)
Associated Domains Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Improper URL processing may lead to data exfiltration Description: An issue existed in the parsing of URLs. CVE-2019-8788: Juha Lindstedt of Pakastin, Mirko Tanania, Rauli Rikama of Zero Keyboard Ltd
Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8785: Ian Beer of Google Project Zero CVE-2019-8797: 08Tc3wBB working with SSD Secure Disclosure
AVEVideoEncoder Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8795: 08Tc3wBB working with SSD Secure Disclosure
Books Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: A validation issue existed in the handling of symlinks. CVE-2019-8789: Gertjan Franken of imec-DistriNet, KU Leuven
Contacts Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously contact may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com)
File System Events Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8798: ABC Research s.r.o. working with Trend Micro's Zero Day Initiative
Graphics Driver Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8784: Vasiliy Vasilyev and Ilya Finogeev of Webinar, LLC
Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8794: 08Tc3wBB working with SSD Secure Disclosure
Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8786: an anonymous researcher
Screen Time Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local user may be able to record the screen without a visible screen recording indicator Description: A consistency issue existed in deciding when to show the screen recording indicator. CVE-2019-8793: Ryan Jenkins of Lake Forrest Prep School
Setup Assistant Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup Description: An inconsistency in Wi-Fi network configuration settings was addressed. CVE-2019-8804: Christy Philip Mathew of Zimperium, Inc
WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2019-8813: an anonymous researcher
WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8782: Cheolung Lee of LINE+ Security Team CVE-2019-8783: Cheolung Lee of LINE+ Graylab Security Team CVE-2019-8808: found by OSS-Fuzz CVE-2019-8811: Soyeon Park of SSLab at Georgia Tech CVE-2019-8812: an anonymous researcher CVE-2019-8814: Cheolung Lee of LINE+ Security Team CVE-2019-8816: Soyeon Park of SSLab at Georgia Tech CVE-2019-8819: Cheolung Lee of LINE+ Security Team CVE-2019-8820: Samuel Groß of Google Project Zero CVE-2019-8821: Sergei Glazunov of Google Project Zero CVE-2019-8822: Sergei Glazunov of Google Project Zero CVE-2019-8823: Sergei Glazunov of Google Project Zero
WebKit Process Model Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8815: Apple
Additional recognition
CFNetwork We would like to acknowledge Lily Chen of Google for their assistance.
WebKit We would like to acknowledge Dlive of Tencent's Xuanwu Lab and Zhiyi Zhang of Codesafe Team of Legendsec at Qi'anxin Group for their assistance.
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "iOS 13.2 and iPadOS 13.2"
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1845",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.10.2"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.15"
},
{
"model": "icloud",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.0"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.2"
},
{
"model": "icloud",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.4"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.2"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.2"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0.3"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 11.0 earlier"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 7.15 earlier"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "13.2 earlier"
},
{
"model": "ipados",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "13.2 earlier"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.10.2 for windows earlier"
},
{
"model": "macos catalina",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.15.1 earlier"
},
{
"model": "macos high sierra",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.13.6 (security update 2019-006 not applied )"
},
{
"model": "macos mojave",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.14.6 (security update 2019-001 not applied )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "13.0.3 earlier"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "13.2 earlier"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.1 earlier"
},
{
"model": "xcode",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.2 earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011304"
},
{
"db": "NVD",
"id": "CVE-2019-8822"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "7.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "10.4",
"versionStartIncluding": "10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "12.10.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.0.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8822"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Google Security Research,Apple,WebKitGTK+ Team",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1758"
}
],
"trust": 0.6
},
"cve": "CVE-2019-8822",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-160257",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-8822",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1758",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160257",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160257"
},
{
"db": "NVD",
"id": "CVE-2019-8822"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1758"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * * information leak * * User impersonation * * Arbitrary code execution * * UI Spoofing * * Insufficient access restrictions * * Service operation interruption (DoS) * * Privilege escalation * * Memory corruption * * Authentication bypass. Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple Safari prior to 13.0.3; iOS prior to 13.2; iPadOS prior to 13.2; tvOS prior to 13.2; Windows-based iCloud prior to 11.0; Windows-based iTunes prior to 12.10.2; Windows-based versions of iCloud prior to 7.15. \n\nInstallation note:\n\nSafari 13.0.3 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: webkitgtk4 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:4035-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4035\nIssue date: 2020-09-29\nCVE Names: CVE-2019-6237 CVE-2019-6251 CVE-2019-8506\n CVE-2019-8524 CVE-2019-8535 CVE-2019-8536\n CVE-2019-8544 CVE-2019-8551 CVE-2019-8558\n CVE-2019-8559 CVE-2019-8563 CVE-2019-8571\n CVE-2019-8583 CVE-2019-8584 CVE-2019-8586\n CVE-2019-8587 CVE-2019-8594 CVE-2019-8595\n CVE-2019-8596 CVE-2019-8597 CVE-2019-8601\n CVE-2019-8607 CVE-2019-8608 CVE-2019-8609\n CVE-2019-8610 CVE-2019-8611 CVE-2019-8615\n CVE-2019-8619 CVE-2019-8622 CVE-2019-8623\n CVE-2019-8625 CVE-2019-8644 CVE-2019-8649\n CVE-2019-8658 CVE-2019-8666 CVE-2019-8669\n CVE-2019-8671 CVE-2019-8672 CVE-2019-8673\n CVE-2019-8674 CVE-2019-8676 CVE-2019-8677\n CVE-2019-8678 CVE-2019-8679 CVE-2019-8680\n CVE-2019-8681 CVE-2019-8683 CVE-2019-8684\n CVE-2019-8686 CVE-2019-8687 CVE-2019-8688\n CVE-2019-8689 CVE-2019-8690 CVE-2019-8707\n CVE-2019-8710 CVE-2019-8719 CVE-2019-8720\n CVE-2019-8726 CVE-2019-8733 CVE-2019-8735\n CVE-2019-8743 CVE-2019-8763 CVE-2019-8764\n CVE-2019-8765 CVE-2019-8766 CVE-2019-8768\n CVE-2019-8769 CVE-2019-8771 CVE-2019-8782\n CVE-2019-8783 CVE-2019-8808 CVE-2019-8811\n CVE-2019-8812 CVE-2019-8813 CVE-2019-8814\n CVE-2019-8815 CVE-2019-8816 CVE-2019-8819\n CVE-2019-8820 CVE-2019-8821 CVE-2019-8822\n CVE-2019-8823 CVE-2019-8835 CVE-2019-8844\n CVE-2019-8846 CVE-2019-11070 CVE-2020-3862\n CVE-2020-3864 CVE-2020-3865 CVE-2020-3867\n CVE-2020-3868 CVE-2020-3885 CVE-2020-3894\n CVE-2020-3895 CVE-2020-3897 CVE-2020-3899\n CVE-2020-3900 CVE-2020-3901 CVE-2020-3902\n CVE-2020-10018 CVE-2020-11793\n====================================================================\n1. Summary:\n\nAn update for webkitgtk4 is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch\n\n3. Description:\n\nWebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+\nplatform. These packages provide WebKitGTK+ for GTK+ 3. \n\nThe following packages have been upgraded to a later upstream version:\nwebkitgtk4 (2.28.2). (BZ#1817144)\n\nSecurity Fix(es):\n\n* webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251,\nCVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544,\nCVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571,\nCVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594,\nCVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607,\nCVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615,\nCVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644,\nCVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671,\nCVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677,\nCVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683,\nCVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689,\nCVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720,\nCVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763,\nCVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769,\nCVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811,\nCVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816,\nCVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823,\nCVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862,\nCVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885,\nCVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900,\nCVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.9 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nwebkitgtk4-2.28.2-2.el7.src.rpm\n\nx86_64:\nwebkitgtk4-2.28.2-2.el7.i686.rpm\nwebkitgtk4-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.i686.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nwebkitgtk4-doc-2.28.2-2.el7.noarch.rpm\n\nx86_64:\nwebkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-devel-2.28.2-2.el7.i686.rpm\nwebkitgtk4-devel-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nwebkitgtk4-2.28.2-2.el7.src.rpm\n\nx86_64:\nwebkitgtk4-2.28.2-2.el7.i686.rpm\nwebkitgtk4-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.i686.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nwebkitgtk4-doc-2.28.2-2.el7.noarch.rpm\n\nx86_64:\nwebkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-devel-2.28.2-2.el7.i686.rpm\nwebkitgtk4-devel-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nwebkitgtk4-2.28.2-2.el7.src.rpm\n\nppc64:\nwebkitgtk4-2.28.2-2.el7.ppc.rpm\nwebkitgtk4-2.28.2-2.el7.ppc64.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.ppc.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm\n\nppc64le:\nwebkitgtk4-2.28.2-2.el7.ppc64le.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm\nwebkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm\n\ns390x:\nwebkitgtk4-2.28.2-2.el7.s390.rpm\nwebkitgtk4-2.28.2-2.el7.s390x.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.s390.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.s390x.rpm\n\nx86_64:\nwebkitgtk4-2.28.2-2.el7.i686.rpm\nwebkitgtk4-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-devel-2.28.2-2.el7.i686.rpm\nwebkitgtk4-devel-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.i686.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nwebkitgtk4-doc-2.28.2-2.el7.noarch.rpm\n\nppc64:\nwebkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm\nwebkitgtk4-devel-2.28.2-2.el7.ppc.rpm\nwebkitgtk4-devel-2.28.2-2.el7.ppc64.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm\n\ns390x:\nwebkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm\nwebkitgtk4-devel-2.28.2-2.el7.s390.rpm\nwebkitgtk4-devel-2.28.2-2.el7.s390x.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nwebkitgtk4-2.28.2-2.el7.src.rpm\n\nx86_64:\nwebkitgtk4-2.28.2-2.el7.i686.rpm\nwebkitgtk4-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-devel-2.28.2-2.el7.i686.rpm\nwebkitgtk4-devel-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.i686.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nwebkitgtk4-doc-2.28.2-2.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-6237\nhttps://access.redhat.com/security/cve/CVE-2019-6251\nhttps://access.redhat.com/security/cve/CVE-2019-8506\nhttps://access.redhat.com/security/cve/CVE-2019-8524\nhttps://access.redhat.com/security/cve/CVE-2019-8535\nhttps://access.redhat.com/security/cve/CVE-2019-8536\nhttps://access.redhat.com/security/cve/CVE-2019-8544\nhttps://access.redhat.com/security/cve/CVE-2019-8551\nhttps://access.redhat.com/security/cve/CVE-2019-8558\nhttps://access.redhat.com/security/cve/CVE-2019-8559\nhttps://access.redhat.com/security/cve/CVE-2019-8563\nhttps://access.redhat.com/security/cve/CVE-2019-8571\nhttps://access.redhat.com/security/cve/CVE-2019-8583\nhttps://access.redhat.com/security/cve/CVE-2019-8584\nhttps://access.redhat.com/security/cve/CVE-2019-8586\nhttps://access.redhat.com/security/cve/CVE-2019-8587\nhttps://access.redhat.com/security/cve/CVE-2019-8594\nhttps://access.redhat.com/security/cve/CVE-2019-8595\nhttps://access.redhat.com/security/cve/CVE-2019-8596\nhttps://access.redhat.com/security/cve/CVE-2019-8597\nhttps://access.redhat.com/security/cve/CVE-2019-8601\nhttps://access.redhat.com/security/cve/CVE-2019-8607\nhttps://access.redhat.com/security/cve/CVE-2019-8608\nhttps://access.redhat.com/security/cve/CVE-2019-8609\nhttps://access.redhat.com/security/cve/CVE-2019-8610\nhttps://access.redhat.com/security/cve/CVE-2019-8611\nhttps://access.redhat.com/security/cve/CVE-2019-8615\nhttps://access.redhat.com/security/cve/CVE-2019-8619\nhttps://access.redhat.com/security/cve/CVE-2019-8622\nhttps://access.redhat.com/security/cve/CVE-2019-8623\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8644\nhttps://access.redhat.com/security/cve/CVE-2019-8649\nhttps://access.redhat.com/security/cve/CVE-2019-8658\nhttps://access.redhat.com/security/cve/CVE-2019-8666\nhttps://access.redhat.com/security/cve/CVE-2019-8669\nhttps://access.redhat.com/security/cve/CVE-2019-8671\nhttps://access.redhat.com/security/cve/CVE-2019-8672\nhttps://access.redhat.com/security/cve/CVE-2019-8673\nhttps://access.redhat.com/security/cve/CVE-2019-8674\nhttps://access.redhat.com/security/cve/CVE-2019-8676\nhttps://access.redhat.com/security/cve/CVE-2019-8677\nhttps://access.redhat.com/security/cve/CVE-2019-8678\nhttps://access.redhat.com/security/cve/CVE-2019-8679\nhttps://access.redhat.com/security/cve/CVE-2019-8680\nhttps://access.redhat.com/security/cve/CVE-2019-8681\nhttps://access.redhat.com/security/cve/CVE-2019-8683\nhttps://access.redhat.com/security/cve/CVE-2019-8684\nhttps://access.redhat.com/security/cve/CVE-2019-8686\nhttps://access.redhat.com/security/cve/CVE-2019-8687\nhttps://access.redhat.com/security/cve/CVE-2019-8688\nhttps://access.redhat.com/security/cve/CVE-2019-8689\nhttps://access.redhat.com/security/cve/CVE-2019-8690\nhttps://access.redhat.com/security/cve/CVE-2019-8707\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8719\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8726\nhttps://access.redhat.com/security/cve/CVE-2019-8733\nhttps://access.redhat.com/security/cve/CVE-2019-8735\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8763\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8765\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8768\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8821\nhttps://access.redhat.com/security/cve/CVE-2019-8822\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-11070\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3OjINzjgjWX9erEAQjqsg/9FnSEJ3umFx0gtnsZIVRP9YxMIVZhVQ8z\nrNnK/LGQWq1nPlNC5OF60WRcWA7cC74lh1jl/+xU6p+9JXTq9y9hQTd7Fcf+6T01\nRYj2zJe6kGBY/53rhZJKCdb9zNXz1CkqsuvTPqVGIabUWTTlsBFnd6l4GK6QL4kM\nXVQZyWtmSfmLII4Ocdav9WocJzH6o1TbEo+O9Fm6WjdVOK+/+VzPki0/dW50CQAK\nR8u5tTXZR5m52RLmvhs/LTv3yUnmhEkhvrR0TtuR8KRfcP1/ytNwn3VidFefuAO1\nPWrgpjIPWy/kbtZaZWK4fBblYj6bKCVD1SiBKQcOfCq0f16aqRP2niFoDXdAy467\neGu0JHkRsIRCLG2rY+JfOau5KtLRhRr0iRe5AhOVpAtUelzjAvEQEcVv4GmZXcwX\nrXfeagSjWzdo8Mf55d7pjORXAKhGdO3FQSeiCvzq9miZq3NBX4Jm4raobeskw/rJ\n1ONqg4fE7Gv7rks8QOy5xErwI8Ut1TGJAgYOD8rmRptr05hBWQFJCfmoc4KpxsMe\nPJoRag0AZfYxYoMe5avMcGCYHosU63z3wS7gao9flj37NkEi6M134vGmCpPNmpGr\nw5HQly9SO3mD0a92xOUn42rrXq841ZkVu89fR6j9wBn8NAKLWH6eUjZkVMNmLRzh\nPKg+HFNkMjk=dS3G\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ------------------------------------------------------------------------\nWebKitGTK and WPE WebKit Security Advisory WSA-2019-0006\n------------------------------------------------------------------------\n\nDate reported : November 08, 2019\nAdvisory ID : WSA-2019-0006\nWebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2019-0006.html\nWPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2019-0006.html\nCVE identifiers : CVE-2019-8710, CVE-2019-8743, CVE-2019-8764,\n CVE-2019-8765, CVE-2019-8766, CVE-2019-8782,\n CVE-2019-8783, CVE-2019-8808, CVE-2019-8811,\n CVE-2019-8812, CVE-2019-8813, CVE-2019-8814,\n CVE-2019-8815, CVE-2019-8816, CVE-2019-8819,\n CVE-2019-8820, CVE-2019-8821, CVE-2019-8822,\n CVE-2019-8823. \n\nSeveral vulnerabilities were discovered in WebKitGTK and WPE WebKit. \n\nCVE-2019-8710\n Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before\n 2.26.0. \n Credit to found by OSS-Fuzz. \n\nCVE-2019-8743\n Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before\n 2.26.0. \n Credit to zhunki from Codesafe Team of Legendsec at Qi\u0027anxin Group. \n\nCVE-2019-8764\n Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before\n 2.26.0. \n Credit to Sergei Glazunov of Google Project Zero. \n\nCVE-2019-8765\n Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before\n 2.24.3. \n Credit to Samuel Gro\u00df of Google Project Zero. \n\nCVE-2019-8766\n Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before\n 2.26.0. \n Credit to found by OSS-Fuzz. \n\nCVE-2019-8782\n Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before\n 2.26.0. \n Credit to Cheolung Lee of LINE+ Security Team. \n\nCVE-2019-8783\n Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before\n 2.26.1. \n Credit to Cheolung Lee of LINE+ Graylab Security Team. \n\nCVE-2019-8808\n Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before\n 2.26.0. \n Credit to found by OSS-Fuzz. \n\nCVE-2019-8811\n Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before\n 2.26.1. \n Credit to Soyeon Park of SSLab at Georgia Tech. \n\nCVE-2019-8812\n Versions affected: WebKitGTK before 2.26.2 and WPE WebKit before\n 2.26.2. \n Credit to an anonymous researcher. \n\nCVE-2019-8813\n Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before\n 2.26.1. \n Credit to an anonymous researcher. \n\nCVE-2019-8814\n Versions affected: WebKitGTK before 2.26.2 and WPE WebKit before\n 2.26.2. \n Credit to Cheolung Lee of LINE+ Security Team. \n\nCVE-2019-8815\n Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before\n 2.26.0. \n Credit to Apple. \n\nCVE-2019-8816\n Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before\n 2.26.1. \n Credit to Soyeon Park of SSLab at Georgia Tech. \n\nCVE-2019-8819\n Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before\n 2.26.1. \n Credit to Cheolung Lee of LINE+ Security Team. \n\nCVE-2019-8820\n Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before\n 2.26.1. \n Credit to Samuel Gro\u00df of Google Project Zero. \n\nCVE-2019-8821\n Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before\n 2.24.3. \n Credit to Sergei Glazunov of Google Project Zero. \n\nCVE-2019-8822\n Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before\n 2.24.3. \n Credit to Sergei Glazunov of Google Project Zero. \n\nCVE-2019-8823\n Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before\n 2.26.1. \n Credit to Sergei Glazunov of Google Project Zero. \n\n\nWe recommend updating to the latest stable versions of WebKitGTK and WPE\nWebKit. It is the best way to ensure that you are running safe versions\nof WebKit. Please check our websites for information about the latest\nstable releases. \n\nFurther information about WebKitGTK and WPE WebKit security advisories\ncan be found at: https://webkitgtk.org/security.html or\nhttps://wpewebkit.org/security/. \n\nThe WebKitGTK and WPE WebKit team,\nNovember 08, 2019\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202003-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: March 15, 2020\n Bugs: #699156, #706374, #709612\n ID: 202003-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in WebKitGTK+, the worst of\nwhich may lead to arbitrary code execution. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.26.4 \u003e= 2.26.4\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the referenced CVE identifiers for details. \n\nImpact\n======\n\nA remote attacker could execute arbitrary code, cause a Denial of\nService condition, bypass intended memory-read restrictions, conduct a\ntiming side-channel attack to bypass the Same Origin Policy or obtain\nsensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.26.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-8625\n https://nvd.nist.gov/vuln/detail/CVE-2019-8625\n[ 2 ] CVE-2019-8674\n https://nvd.nist.gov/vuln/detail/CVE-2019-8674\n[ 3 ] CVE-2019-8707\n https://nvd.nist.gov/vuln/detail/CVE-2019-8707\n[ 4 ] CVE-2019-8710\n https://nvd.nist.gov/vuln/detail/CVE-2019-8710\n[ 5 ] CVE-2019-8719\n https://nvd.nist.gov/vuln/detail/CVE-2019-8719\n[ 6 ] CVE-2019-8720\n https://nvd.nist.gov/vuln/detail/CVE-2019-8720\n[ 7 ] CVE-2019-8726\n https://nvd.nist.gov/vuln/detail/CVE-2019-8726\n[ 8 ] CVE-2019-8733\n https://nvd.nist.gov/vuln/detail/CVE-2019-8733\n[ 9 ] CVE-2019-8735\n https://nvd.nist.gov/vuln/detail/CVE-2019-8735\n[ 10 ] CVE-2019-8743\n https://nvd.nist.gov/vuln/detail/CVE-2019-8743\n[ 11 ] CVE-2019-8763\n https://nvd.nist.gov/vuln/detail/CVE-2019-8763\n[ 12 ] CVE-2019-8764\n https://nvd.nist.gov/vuln/detail/CVE-2019-8764\n[ 13 ] CVE-2019-8765\n https://nvd.nist.gov/vuln/detail/CVE-2019-8765\n[ 14 ] CVE-2019-8766\n https://nvd.nist.gov/vuln/detail/CVE-2019-8766\n[ 15 ] CVE-2019-8768\n https://nvd.nist.gov/vuln/detail/CVE-2019-8768\n[ 16 ] CVE-2019-8769\n https://nvd.nist.gov/vuln/detail/CVE-2019-8769\n[ 17 ] CVE-2019-8771\n https://nvd.nist.gov/vuln/detail/CVE-2019-8771\n[ 18 ] CVE-2019-8782\n https://nvd.nist.gov/vuln/detail/CVE-2019-8782\n[ 19 ] CVE-2019-8783\n https://nvd.nist.gov/vuln/detail/CVE-2019-8783\n[ 20 ] CVE-2019-8808\n https://nvd.nist.gov/vuln/detail/CVE-2019-8808\n[ 21 ] CVE-2019-8811\n https://nvd.nist.gov/vuln/detail/CVE-2019-8811\n[ 22 ] CVE-2019-8812\n https://nvd.nist.gov/vuln/detail/CVE-2019-8812\n[ 23 ] CVE-2019-8813\n https://nvd.nist.gov/vuln/detail/CVE-2019-8813\n[ 24 ] CVE-2019-8814\n https://nvd.nist.gov/vuln/detail/CVE-2019-8814\n[ 25 ] CVE-2019-8815\n https://nvd.nist.gov/vuln/detail/CVE-2019-8815\n[ 26 ] CVE-2019-8816\n https://nvd.nist.gov/vuln/detail/CVE-2019-8816\n[ 27 ] CVE-2019-8819\n https://nvd.nist.gov/vuln/detail/CVE-2019-8819\n[ 28 ] CVE-2019-8820\n https://nvd.nist.gov/vuln/detail/CVE-2019-8820\n[ 29 ] CVE-2019-8821\n https://nvd.nist.gov/vuln/detail/CVE-2019-8821\n[ 30 ] CVE-2019-8822\n https://nvd.nist.gov/vuln/detail/CVE-2019-8822\n[ 31 ] CVE-2019-8823\n https://nvd.nist.gov/vuln/detail/CVE-2019-8823\n[ 32 ] CVE-2019-8835\n https://nvd.nist.gov/vuln/detail/CVE-2019-8835\n[ 33 ] CVE-2019-8844\n https://nvd.nist.gov/vuln/detail/CVE-2019-8844\n[ 34 ] CVE-2019-8846\n https://nvd.nist.gov/vuln/detail/CVE-2019-8846\n[ 35 ] CVE-2020-3862\n https://nvd.nist.gov/vuln/detail/CVE-2020-3862\n[ 36 ] CVE-2020-3864\n https://nvd.nist.gov/vuln/detail/CVE-2020-3864\n[ 37 ] CVE-2020-3865\n https://nvd.nist.gov/vuln/detail/CVE-2020-3865\n[ 38 ] CVE-2020-3867\n https://nvd.nist.gov/vuln/detail/CVE-2020-3867\n[ 39 ] CVE-2020-3868\n https://nvd.nist.gov/vuln/detail/CVE-2020-3868\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-22\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-10-29-1 iOS 13.2 and iPadOS 13.2\n\niOS 13.2 and iPadOS 13.2 are now available and address the following:\n\nAccounts\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to leak memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at\nTechnische Universit\u00e4t Darmstadt\n\nApp Store\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A local attacker may be able to login to the account of a\npreviously logged in user without valid credentials. \nCVE-2019-8803: Kiyeon An, \ucc28\ubbfc\uaddc (CHA Minkyu)\n\nAssociated Domains\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Improper URL processing may lead to data exfiltration\nDescription: An issue existed in the parsing of URLs. \nCVE-2019-8788: Juha Lindstedt of Pakastin, Mirko Tanania, Rauli\nRikama of Zero Keyboard Ltd\n\nAudio\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8785: Ian Beer of Google Project Zero\nCVE-2019-8797: 08Tc3wBB working with SSD Secure Disclosure\n\nAVEVideoEncoder\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8795: 08Tc3wBB working with SSD Secure Disclosure\n\nBooks\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Parsing a maliciously crafted iBooks file may lead to\ndisclosure of user information\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2019-8789: Gertjan Franken of imec-DistriNet, KU Leuven\n\nContacts\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously contact may lead to UI spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com)\n\nFile System Events\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8798: ABC Research s.r.o. working with Trend Micro\u0027s Zero\nDay Initiative\n\nGraphics Driver\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8784: Vasiliy Vasilyev and Ilya Finogeev of Webinar, LLC\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2019-8794: 08Tc3wBB working with SSD Secure Disclosure\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8786: an anonymous researcher\n\nScreen Time\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A local user may be able to record the screen without a\nvisible screen recording indicator\nDescription: A consistency issue existed in deciding when to show the\nscreen recording indicator. \nCVE-2019-8793: Ryan Jenkins of Lake Forrest Prep School\n\nSetup Assistant\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An attacker in physical proximity may be able to force a user\nonto a malicious Wi-Fi network during device setup\nDescription: An inconsistency in Wi-Fi network configuration settings\nwas addressed. \nCVE-2019-8804: Christy Philip Mathew of Zimperium, Inc\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8813: an anonymous researcher\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2019-8782: Cheolung Lee of LINE+ Security Team\nCVE-2019-8783: Cheolung Lee of LINE+ Graylab Security Team\nCVE-2019-8808: found by OSS-Fuzz\nCVE-2019-8811: Soyeon Park of SSLab at Georgia Tech\nCVE-2019-8812: an anonymous researcher\nCVE-2019-8814: Cheolung Lee of LINE+ Security Team\nCVE-2019-8816: Soyeon Park of SSLab at Georgia Tech\nCVE-2019-8819: Cheolung Lee of LINE+ Security Team\nCVE-2019-8820: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8821: Sergei Glazunov of Google Project Zero\nCVE-2019-8822: Sergei Glazunov of Google Project Zero\nCVE-2019-8823: Sergei Glazunov of Google Project Zero\n\nWebKit Process Model\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2019-8815: Apple\n\nAdditional recognition\n\nCFNetwork\nWe would like to acknowledge Lily Chen of Google for their\nassistance. \n\nWebKit\nWe would like to acknowledge Dlive of Tencent\u0027s Xuanwu Lab and Zhiyi\nZhang of Codesafe Team of Legendsec at Qi\u0027anxin Group for their\nassistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 13.2 and iPadOS 13.2\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011304"
},
{
"db": "VULHUB",
"id": "VHN-160257"
},
{
"db": "PACKETSTORM",
"id": "155069"
},
{
"db": "PACKETSTORM",
"id": "155059"
},
{
"db": "PACKETSTORM",
"id": "159375"
},
{
"db": "PACKETSTORM",
"id": "155216"
},
{
"db": "PACKETSTORM",
"id": "156742"
},
{
"db": "PACKETSTORM",
"id": "155058"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-8822",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU96749516",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011304",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1758",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155179",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155069",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155216",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3399",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4456",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4012",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4233",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-160257",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155059",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159375",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156742",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155058",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160257"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011304"
},
{
"db": "PACKETSTORM",
"id": "155069"
},
{
"db": "PACKETSTORM",
"id": "155059"
},
{
"db": "PACKETSTORM",
"id": "159375"
},
{
"db": "PACKETSTORM",
"id": "155216"
},
{
"db": "PACKETSTORM",
"id": "156742"
},
{
"db": "PACKETSTORM",
"id": "155058"
},
{
"db": "NVD",
"id": "CVE-2019-8822"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1758"
}
]
},
"id": "VAR-201912-1845",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160257"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:21:58.702000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About the security content of iCloud for Windows 11.0",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210727"
},
{
"title": "About the security content of iCloud for Windows 7.15",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210728"
},
{
"title": "About the security content of iOS 13.2 and iPadOS 13.2",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210721"
},
{
"title": "About the security content of Xcode 11.2",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210729"
},
{
"title": "About the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210722"
},
{
"title": "About the security content of tvOS 13.2",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210723"
},
{
"title": "About the security content of watchOS 6.1",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210724"
},
{
"title": "About the security content of Safari 13.0.3",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210725"
},
{
"title": "About the security content of iTunes 12.10.2 for Windows",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210726"
},
{
"title": "Mac \u306b\u642d\u8f09\u3055\u308c\u3066\u3044\u308b macOS \u3092\u8abf\u3079\u308b",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht201260"
},
{
"title": "Multiple Apple product WebKit Fix for component buffer error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105604"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011304"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1758"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160257"
},
{
"db": "NVD",
"id": "CVE-2019-8822"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8822"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202003-22"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht210721"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht210723"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht210725"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht210726"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht210727"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht210728"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8812"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8813"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8823"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8814"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8815"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8816"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8819"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8782"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8820"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8783"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8811"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8821"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8785"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8797"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8764"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8786"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8798"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8765"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8787"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8766"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8803"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8794"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8795"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8788"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8804"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8789"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8793"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8784"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8735"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8788"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8803"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8815"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8766"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8735"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8789"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8804"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8816"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8775"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8793"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8805"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8710"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8819"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8782"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8794"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8807"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8743"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8820"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8783"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8795"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8811"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8747"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8821"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8784"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8797"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8812"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8750"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8822"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8785"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8798"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8813"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8764"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8823"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8786"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8802"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8814"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8765"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8787"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96749516/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8750"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8802"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8775"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8805"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8807"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8747"
},
{
"trust": 0.7,
"url": "https://wpewebkit.org/security/wsa-2019-0006.html"
},
{
"trust": 0.7,
"url": "https://webkitgtk.org/security/wsa-2019-0006.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-au/ht201222"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193044-1.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210725"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4012/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155179/webkit-noderaredata-m/connectedframecount-integer-overflow-uxss-type-confusion.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4233/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210728"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-30746"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155069/apple-security-advisory-2019-10-29-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3399/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155216/webkitgtk-wpe-webkit-code-execution-xss.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4456/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8808"
},
{
"trust": 0.3,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8768"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8544"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8611"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8583"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8597"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8607"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8707"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8658"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8551"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8594"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8609"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8601"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8765"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8601"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8821"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8671"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8763"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8544"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8679"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8674"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8678"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8681"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8669"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4035"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8687"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8672"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8684"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8689"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8551"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8610"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8610"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8644"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8607"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8506"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8563"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8680"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8609"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8683"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8506"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8649"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8583"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8597"
},
{
"trust": 0.1,
"url": "https://wpewebkit.org/security/."
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security.html"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3867"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8835"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3868"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8707"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8763"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8846"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8768"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8726"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160257"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011304"
},
{
"db": "PACKETSTORM",
"id": "155069"
},
{
"db": "PACKETSTORM",
"id": "155059"
},
{
"db": "PACKETSTORM",
"id": "159375"
},
{
"db": "PACKETSTORM",
"id": "155216"
},
{
"db": "PACKETSTORM",
"id": "156742"
},
{
"db": "PACKETSTORM",
"id": "155058"
},
{
"db": "NVD",
"id": "CVE-2019-8822"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1758"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160257"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011304"
},
{
"db": "PACKETSTORM",
"id": "155069"
},
{
"db": "PACKETSTORM",
"id": "155059"
},
{
"db": "PACKETSTORM",
"id": "159375"
},
{
"db": "PACKETSTORM",
"id": "155216"
},
{
"db": "PACKETSTORM",
"id": "156742"
},
{
"db": "PACKETSTORM",
"id": "155058"
},
{
"db": "NVD",
"id": "CVE-2019-8822"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1758"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-160257"
},
{
"date": "2019-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011304"
},
{
"date": "2019-11-01T17:11:43",
"db": "PACKETSTORM",
"id": "155069"
},
{
"date": "2019-11-01T17:06:21",
"db": "PACKETSTORM",
"id": "155059"
},
{
"date": "2020-09-30T15:47:21",
"db": "PACKETSTORM",
"id": "159375"
},
{
"date": "2019-11-08T15:45:31",
"db": "PACKETSTORM",
"id": "155216"
},
{
"date": "2020-03-15T14:00:23",
"db": "PACKETSTORM",
"id": "156742"
},
{
"date": "2019-11-01T17:05:53",
"db": "PACKETSTORM",
"id": "155058"
},
{
"date": "2019-12-18T18:15:44.740000",
"db": "NVD",
"id": "CVE-2019-8822"
},
{
"date": "2019-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1758"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "VULHUB",
"id": "VHN-160257"
},
{
"date": "2020-01-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011304"
},
{
"date": "2021-12-01T17:44:22.140000",
"db": "NVD",
"id": "CVE-2019-8822"
},
{
"date": "2021-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1758"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1758"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Updates to product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011304"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1758"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.