var-202002-1152
Vulnerability from variot

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple tvOS is a smart TV operating system. The product supports storage of music, photos, App and contacts, etc. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Windows-based iCloud versions prior to 10.9.2 and 7.17; Windows-based iTunes versions prior to 12.10.4; Apple tvOS versions prior to 13.3.1; Safari versions prior to 13.0.5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2020-1-29-2 iCloud for Windows 10.9.2

iCloud for Windows 10.9.2 is now available and addresses the following:

ImageIO Available for: Windows 10 and later via the Microsoft Store Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3826: Samuel Groß of Google Project Zero

libxml2 Available for: Windows 10 and later via the Microsoft Store Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow was addressed with improved size validation. CVE-2020-3846: Ranier Vilela

WebKit Available for: Windows 10 and later via the Microsoft Store Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2020-3825: Przemysław Sporysz of Euvic CVE-2020-3868: Marcin Towalski of Cisco Talos

WebKit Available for: Windows 10 and later via the Microsoft Store Impact: A malicious website may be able to cause a denial of service Description: A denial of service issue was addressed with improved memory handling. CVE-2020-3865: Ryan Pickren (ryanpickren.com)

Installation note:

iCloud for Windows 10.9.2 may be obtained from: https://support.apple.com/HT204283

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl4x9jMACgkQBz4uGe3y 0M1Apw/+PrQvBheHkxIo2XjPOyTxO+M8mlaU+6gY7Ue14zivPO20JqRLb34FyNfh iE+RSJ3NB/0cdZIUH1xcrKzK+tmVFVETJaBmLmoTHBy3946DQtUvditLfTHYnYzC peJbdG4UyevVwf/AoED5iI89lf/ADOWm9Xu0LVtvDKyTAFewQp9oOlG731twL9iI 6ojuzYokYzJSWcDlLMTFB4sDpZsNEz2Crf+WZ44r5bHKcSTi7HzS+OPueQ6dSdqi Y9ioDv/SB0dnLJZE2wq6eaFL2t7eXelYUSL7SekXI4aYQkhaOQFabutFuYNoOX4e +ctnbSdVT5WjG7tyg9L7bl4m1q8GgH43OLBmA1Z/gps004PHMQ87cRRjvGGKIQOf YMI0VBqFc6cAnDYh4Oun31gbg9Y1llYYwTQex7gjx9U+v3FKOaxWxQg8N9y4d2+v qsStr7HKVKcRE/LyEx4fA44VoKNHyHZ4LtQSeX998MTapyH5XbbHEWr/K4TcJ8ij 6Zv/GkUKeINDJbRFhiMJtGThTw5dba5sfHfVv88NrbNYcwwVQrvlkfMq8Jrn0YEf rahjCDLigXXbyaqxM57feJ9+y6jHpULeywomGv+QEzyALTdGKIaq7w1pwLdOHizi Lcxvr8FxmUxydrvFJSUDRa9ELigIsLmgPB3l1UiUmd3AQ38ymJw= =tRpr -----END PGP SIGNATURE-----=

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202002-1152",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.10.4"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.3.1"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.3.1"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.3.1"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.5"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.3.1 \u672a\u6e80 (ipod touch \u7b2c 7 \u4e16\u4ee3)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.3.1 \u672a\u6e80 (iphone 6s \u4ee5\u964d)"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.0.5 \u672a\u6e80 (macos mojave)"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.0.5 \u672a\u6e80 (macos high sierra)"
      },
      {
        "model": "ipados",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.3.1 \u672a\u6e80 (ipad air 2 \u4ee5\u964d)"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 7.17 \u672a\u6e80 (windows 7 \u4ee5\u964d)"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.3.1 \u672a\u6e80 (apple tv hd)"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.3.1 \u672a\u6e80 (apple tv 4k)"
      },
      {
        "model": "ipados",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.3.1 \u672a\u6e80 (ipad mini 4 \u4ee5\u964d)"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 12.10.4 \u672a\u6e80 (windows 7 \u4ee5\u964d)"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.0.5 \u672a\u6e80 (macos catalina)"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 10.9.2 \u672a\u6e80 (windows 10 \u4ee5\u964d)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002304"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3825"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.10.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.0.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-3825"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple,Przemys\u0142aw Sporysz of Euvic",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1410"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2020-3825",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-002304",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-181950",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-002304",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-3825",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-002304",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202001-1410",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-181950",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-181950"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002304"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1410"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple tvOS is a smart TV operating system. The product supports storage of music, photos, App and contacts, etc. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Windows-based iCloud versions prior to 10.9.2 and 7.17; Windows-based iTunes versions prior to 12.10.4; Apple tvOS versions prior to 13.3.1; Safari versions prior to 13.0.5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-1-29-2 iCloud for Windows 10.9.2\n\niCloud for Windows 10.9.2 is now available and addresses the\nfollowing:\n\nImageIO\nAvailable for: Windows 10 and later via the Microsoft Store\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-3826: Samuel Gro\u00df of Google Project Zero\n\nlibxml2\nAvailable for: Windows 10 and later via the Microsoft Store\nImpact: Processing maliciously crafted XML may lead to an unexpected\napplication termination or arbitrary code execution\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2020-3846: Ranier Vilela\n\nWebKit\nAvailable for: Windows 10 and later via the Microsoft Store\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-3825: Przemys\u0142aw Sporysz of Euvic\nCVE-2020-3868: Marcin Towalski of Cisco Talos\n\nWebKit\nAvailable for: Windows 10 and later via the Microsoft Store\nImpact: A malicious website may be able to cause a denial of service\nDescription: A denial of service issue was addressed with improved\nmemory handling. \nCVE-2020-3865: Ryan Pickren (ryanpickren.com)\n\nInstallation note:\n\niCloud for Windows 10.9.2 may be obtained from:\nhttps://support.apple.com/HT204283\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl4x9jMACgkQBz4uGe3y\n0M1Apw/+PrQvBheHkxIo2XjPOyTxO+M8mlaU+6gY7Ue14zivPO20JqRLb34FyNfh\niE+RSJ3NB/0cdZIUH1xcrKzK+tmVFVETJaBmLmoTHBy3946DQtUvditLfTHYnYzC\npeJbdG4UyevVwf/AoED5iI89lf/ADOWm9Xu0LVtvDKyTAFewQp9oOlG731twL9iI\n6ojuzYokYzJSWcDlLMTFB4sDpZsNEz2Crf+WZ44r5bHKcSTi7HzS+OPueQ6dSdqi\nY9ioDv/SB0dnLJZE2wq6eaFL2t7eXelYUSL7SekXI4aYQkhaOQFabutFuYNoOX4e\n+ctnbSdVT5WjG7tyg9L7bl4m1q8GgH43OLBmA1Z/gps004PHMQ87cRRjvGGKIQOf\nYMI0VBqFc6cAnDYh4Oun31gbg9Y1llYYwTQex7gjx9U+v3FKOaxWxQg8N9y4d2+v\nqsStr7HKVKcRE/LyEx4fA44VoKNHyHZ4LtQSeX998MTapyH5XbbHEWr/K4TcJ8ij\n6Zv/GkUKeINDJbRFhiMJtGThTw5dba5sfHfVv88NrbNYcwwVQrvlkfMq8Jrn0YEf\nrahjCDLigXXbyaqxM57feJ9+y6jHpULeywomGv+QEzyALTdGKIaq7w1pwLdOHizi\nLcxvr8FxmUxydrvFJSUDRa9ELigIsLmgPB3l1UiUmd3AQ38ymJw=\n=tRpr\n-----END PGP SIGNATURE-----=\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-3825"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002304"
      },
      {
        "db": "VULHUB",
        "id": "VHN-181950"
      },
      {
        "db": "PACKETSTORM",
        "id": "156153"
      },
      {
        "db": "PACKETSTORM",
        "id": "156152"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-3825",
        "trust": 2.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156153",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95678717",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002304",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1410",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0346",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "156152",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-181950",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-181950"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002304"
      },
      {
        "db": "PACKETSTORM",
        "id": "156153"
      },
      {
        "db": "PACKETSTORM",
        "id": "156152"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1410"
      }
    ]
  },
  "id": "VAR-202002-1152",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-181950"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:57:13.458000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT210923",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210923"
      },
      {
        "title": "HT210947",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210947"
      },
      {
        "title": "HT210948",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210948"
      },
      {
        "title": "HT210918",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210918"
      },
      {
        "title": "HT210920",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210920"
      },
      {
        "title": "HT210922",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210922"
      },
      {
        "title": "HT210947",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht210947"
      },
      {
        "title": "HT210948",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht210948"
      },
      {
        "title": "HT210918",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht210918"
      },
      {
        "title": "HT210920",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht210920"
      },
      {
        "title": "HT210922",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht210922"
      },
      {
        "title": "HT210923",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht210923"
      },
      {
        "title": "Multiple Apple product WebKit Fix for component buffer error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110870"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002304"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1410"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-181950"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002304"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3825"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht210947"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht210948"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3825"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3825"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95678717/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-au/ht210795"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-au/ht210794"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht210947"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156153/apple-security-advisory-2020-1-29-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0346/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3826"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/ht204283"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3865"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3867"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3868"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3862"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3846"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-181950"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002304"
      },
      {
        "db": "PACKETSTORM",
        "id": "156153"
      },
      {
        "db": "PACKETSTORM",
        "id": "156152"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1410"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-181950"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002304"
      },
      {
        "db": "PACKETSTORM",
        "id": "156153"
      },
      {
        "db": "PACKETSTORM",
        "id": "156152"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1410"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-181950"
      },
      {
        "date": "2020-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-002304"
      },
      {
        "date": "2020-01-30T14:46:35",
        "db": "PACKETSTORM",
        "id": "156153"
      },
      {
        "date": "2020-01-30T14:46:23",
        "db": "PACKETSTORM",
        "id": "156152"
      },
      {
        "date": "2020-02-27T21:15:15.850000",
        "db": "NVD",
        "id": "CVE-2020-3825"
      },
      {
        "date": "2020-01-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-1410"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-181950"
      },
      {
        "date": "2020-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-002304"
      },
      {
        "date": "2021-07-21T11:39:23.747000",
        "db": "NVD",
        "id": "CVE-2020-3825"
      },
      {
        "date": "2021-10-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-1410"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1410"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Product Corruption Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002304"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1410"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.