var-202006-1832
Vulnerability from variot

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-11


                                       https://security.gentoo.org/

Severity: Normal Title: WebKitGTK+: Multiple vulnerabilities Date: July 26, 2020 Bugs: #732104 ID: 202007-11


Synopsis

Multiple vulnerabilities have been found in WebKitGTK+, the worst of which could result in the arbitrary execution of code.

Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-libs/webkit-gtk < 2.28.3 >= 2.28.3

Description

Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All WebKitGTK+ users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.28.3"

References

[ 1 ] CVE-2020-13753 https://nvd.nist.gov/vuln/detail/CVE-2020-13753 [ 2 ] CVE-2020-9802 https://nvd.nist.gov/vuln/detail/CVE-2020-9802 [ 3 ] CVE-2020-9803 https://nvd.nist.gov/vuln/detail/CVE-2020-9803 [ 4 ] CVE-2020-9805 https://nvd.nist.gov/vuln/detail/CVE-2020-9805 [ 5 ] CVE-2020-9806 https://nvd.nist.gov/vuln/detail/CVE-2020-9806 [ 6 ] CVE-2020-9807 https://nvd.nist.gov/vuln/detail/CVE-2020-9807 [ 7 ] CVE-2020-9843 https://nvd.nist.gov/vuln/detail/CVE-2020-9843 [ 8 ] CVE-2020-9850 https://nvd.nist.gov/vuln/detail/CVE-2020-9850

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202007-11

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

. Summary:

An update is now available for RHEL-8-CNV-2.6. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from oc explain 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, before the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. 1891285 - Common templates and kubevirt-config cm - update machine-type 1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error 1892227 - [SSP] cluster scoped resources are not being reconciled 1893278 - openshift-virtualization-os-images namespace not seen by user 1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza 1894428 - Message for VMI not migratable is not clear enough 1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium 1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import 1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1898072 - Add Fedora33 to Fedora common templates 1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail 1899558 - CNV 2.6 - nmstate fails to set state 1901480 - VM disk io can't worked if namespace have label kubemacpool 1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig) 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1903014 - hco-webhook pod in CreateContainerError 1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode 1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT "default" 1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers 1907151 - kubevirt version is not reported correctly via virtctl 1907352 - VM/VMI link changes to kubevirt.io~v1~VirtualMachineInstance on CNV 2.6 1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused "Internal error occurred" for creating datavolume 1907988 - VM loses dynamic IP address of its default interface after migration 1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity 1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on "qemu-img: /data/disk.img" error 1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO 1911118 - Windows VMI LiveMigration / shutdown fails on 'XML error: non unique alias detected: ua-') 1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface 1911662 - el6 guests don't work properly if virtio bus is specified on various devices 1912908 - Allow using "scsi" bus for disks in template validation 1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails 1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user 1913717 - Users should have read permitions for golden images data volumes 1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes 1914177 - CNV does not preallocate blank file data volumes 1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes 1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer 1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block 1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 1920576 - HCO can report ready=true when it failed to create a CR for a component operator 1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool 1927373 - NoExecute taint violates pdb; VMIs are not live migrated 1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4->CNV-2.6.0 upgrade

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: OpenShift Container Platform 4.7.0 extras and security update Advisory ID: RHSA-2020:5635-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:5635 Issue date: 2021-02-24 CVE Names: CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-13050 CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15903 CVE-2019-16168 CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 CVE-2019-19221 CVE-2019-19906 CVE-2019-19956 CVE-2019-20218 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20807 CVE-2019-20907 CVE-2019-20916 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-8492 CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-11793 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14040 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 CVE-2020-15999 CVE-2020-24659 CVE-2020-24750 CVE-2020-25211 CVE-2020-25658 CVE-2021-3121 ==================================================================== 1. Summary:

Red Hat OpenShift Container Platform release 4.7.0 is now available with updates to packages and images that fix several bugs and add enhancements.

This release also includes a security update for Red Hat OpenShift Container Platform 4.7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

Security Fix(es):

  • jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)

  • gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)

  • golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.0. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHEA-2020:5633

All OpenShift Container Platform users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor.

  1. Solution:

For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1823765 - nfd-workers crash under an ipv6 environment 1838802 - mysql8 connector from operatorhub does not work with metering operator 1838845 - Metering operator can't connect to postgres DB from Operator Hub 1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1868294 - NFD operator does not allow customisation of nfd-worker.conf 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1890672 - NFD is missing a build flag to build correctly 1890741 - path to the CA trust bundle ConfigMap is broken in report operator 1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster 1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel 1900125 - FIPS error while generating RSA private key for CA 1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub 1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub 1913837 - The CI and ART 4.7 metering images are not mirrored 1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le 1916010 - olm skip range is set to the wrong range 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923998 - NFD Operator is failing to update and remains in Replacing state

  1. References:

https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-3884 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-17450 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3898 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-8566 https://access.redhat.com/security/cve/CVE-2020-8619 https://access.redhat.com/security/cve/CVE-2020-8622 https://access.redhat.com/security/cve/CVE-2020-8623 https://access.redhat.com/security/cve/CVE-2020-8624 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15157 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.

Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5

iOS 13.5 and iPadOS 13.5 address the following:

Accounts Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt

AirDrop Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2020-9826: Dor Hadad of Palo Alto Networks

AppleMobileFileIntegrity Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-9842: Linus Henze (pinauten.de)

Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative

Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative

Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An issue existed with the use of a PRNG with low entropy. CVE-2020-6616: Jörn Tillmanns (@matedealer) and Jiska Classen (@naehrdine) of Secure Mobile Networking Lab

Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9838: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab

CoreText Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted text message may lead to application denial of service Description: A validation issue was addressed with improved input sanitization. CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com

FaceTime Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing Description: An issue existed in the pausing of FaceTime video. CVE-2020-9835: Olivier Levesque (@olilevesque)

File System Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to modify the file system Description: A logic issue was addressed with improved restrictions. CVE-2020-9820: Thijs Alkemade of Computest

FontParser Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative

ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3878: Samuel Groß of Google Project Zero

ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9789: Wenchao Li of VARAS@IIE CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab

IPSec Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9837: Thijs Alkemade of Computest

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to determine another application's memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2020-9797: an anonymous researcher

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local user may be able to read kernel memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9811: Tielei Wang of Pangu Lab CVE-2020-9812: Derrek (@derrekr6)

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue existed resulting in memory corruption. CVE-2020-9813: Xinru Chi of Pangu Lab CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed with improved state management. CVE-2020-9809: Benjamin Randazzo (@____benjamin)

Mail Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted mail message may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2020-9819: ZecOps.com

Mail Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9818: ZecOps.com

Messages Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Users removed from an iMessage conversation may still be able to alter state Description: This issue was addressed with improved checks. CVE-2020-9823: Suryansh Mansharamani, student of Community Middle School, Plainsboro, New Jersey

Notifications Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen Description: An authorization issue was addressed with improved state management. CVE-2020-9848: Nima

Python Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2020-9793

Sandbox Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to bypass Privacy preferences Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)

SQLite Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9794

System Preferences Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with improved state handling. CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative

USB Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A USB device may be able to cause a denial of service Description: A validation issue was addressed with improved input sanitization. CVE-2020-9792: Andy Davis of NCC Group

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved restrictions. CVE-2020-9805: an anonymous researcher

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A logic issue was addressed with improved restrictions. CVE-2020-9802: Samuel Groß of Google Project Zero

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: A logic issue was addressed with improved restrictions. CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-9843: Ryan Pickren (ryanpickren.com)

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2020-9803: Wen Xu of SSLab at Georgia Tech

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-9806: Wen Xu of SSLab at Georgia Tech CVE-2020-9807: Wen Xu of SSLab at Georgia Tech

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative

WebRTC Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An access issue was addressed with improved memory management. CVE-2019-20503: Natalie Silvanovich of Google Project Zero

Wi-Fi Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A double free issue was addressed with improved memory management. CVE-2020-9844: Ian Beer of Google Project Zero

zsh Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local attacker may be able to elevate their privileges Description: An authorization issue was addressed with improved state management. CVE-2019-20044: Sam Foxman

Additional recognition

Bluetooth We would like to acknowledge Maximilian von Tschitschnitz of Technical University Munich and Ludwig Peuckert of Technical University Munich for their assistance.

CoreText We would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.

Device Analytics We would like to acknowledge Mohamed Ghannam (@_simo36) for their assistance.

ImageIO We would like to acknowledge Lei Sun for their assistance.

IOHIDFamily We would like to acknowledge Andy Davis of NCC Group for their assistance.

Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.

Safari We would like to acknowledge Jeffball of GRIMM and Luke Walker of Manchester Metropolitan University for their assistance.

WebKit We would like to acknowledge Aidan Dunlap of UT Austin for their assistance.

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

  • Navigate to Settings
  • Select General
  • Select About. The version after applying this update will be "iOS 13.5 and iPadOS 13.5". -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64

iQIcBAEDCAAGBQJezV7MAAoJEAc+Lhnt8tDNdWwP/2NnLRWvziY/ilvylDEczut+ xbSNg719ckFBtvkuXirQdsjfTmW3M/RJXUtjOmRDDEQB0IfmIRkrL49moDLeY0rB tjrsoVQESwYwbnb0xNzC3Oqr0tP3hitxFUpkKd7L0opo5vWhshBwqzWEtLTPxI1X T81DCpYiKDMB57bXgRV26QIFgQpHGXV/bMDCksVc12phempeEldP7t4dueDZy526 kWinK9jlwzViWwSmm5VK0t9IbemAZ56Ca829ZmrkT7XfLRyxw0rb+2f9VcQz/kNe RziJ3RwF2WZTe7yJpz6LV5h3RMo+MoHdVbPCYmcYNPiaHGTMl1POZXkjDHBHCSBY etboXOyZNOsnTMIVNwwXK/aGsKBz6kkfbWODS2omtz5oZjzGdZJLC/nFZC2GG13E Pnb0E5ULmA95poi07gWTy31APilQXfAzGJEOebsvH5s2EZ9HcANqrwtonfHSjeOU ZFH8xfnCTgO37ZgevrjdreD8SYRJR3QfEEf/DDNx2xXgr4wzydgvdyNCI1QpEz5s PS3JQECoBM9SsgXv02mCkNlK1crEqoxYURjcN3UIPGx8GVxtyiWJoEByxAgTtqv8 RPSqKGvPrznR1SxVNrXB2o08X3LUqK0LREABpuD/wbp8Qj8ma2fo3hLpvdoc9+De fSLSaEAmjBkF5c4r1O3P =zOSS -----END PGP SIGNATURE-----

.

Installation note:

Safari 13.1.1 may be obtained from the Mac App Store.

CVE-2020-13753

Milan Crha discovered that an attacker may be able to execute
commands outside the bubblewrap sandbox.

For the stable distribution (buster), these problems have been fixed in version 2.28.3-2~deb10u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8PaKUACgkQEMKTtsN8 Tjaf3hAAjZCKrikC4P1I/xiuL6kRepTjURi3zeZl3YywPCFLi/irWXX+5U+ejZoM kek3wtdJc1thN8w9BbXhOVyLferb/xfnt5jUVtZ6JBNDKKWGXoTY0Qfdu2lH0vw5 IV1lf5bvOdawrw/tVS9Uy3dTN1kXEBZ3q3XCpRXrBWEkrXtWG/yznGy0duebnI5h PM7D6R4PIKiCB3HBe9rszCIQrYcGQ/U3x8a/FPnPUO2TCRfVZG918M9yO1fN1v2R +08h0DcOU8ggIJQwJA9hm/V3mJWpTayHh/ouTI8PrIcwG0T2/qbtUm/9cj0wvmXW Id+RgXtQAyKeXQoXD5oP9jzVDgmm7rn03Rn2FX5hzAdTJAqdvT/Mr4IDNcOgdS8O wXmGprdRvMzx0gXO5YpeTuhjQiCZS1fB9ByIOMq/7lIjpiBctrhTZQvlSMMyauIQ P7tTTT8zCZo0DIQc/c2KyCXlD9/ORZm801U5wpXwPXT9Zq8wRAp5PodK/4plOzKc JyJiPI6BR41+31C438nl3wifO/wLh8+6nHAb2rkRQSe6Tu9SKyqOmYT9Ev6JZi/1 R8NMBFSmTYM/XUv5ECsTeL3uLvDnCpKAR0EnWz5z1Cqy2AYzEthEf+1dwXAooYvO 2johOWMaUrSWJMsYdZjTFEahaCSO5oPTDlbZCB2yIgpc6P70irU= =L5lA -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1832",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.2.5"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.10.7"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.5"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.5"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.1.1"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.4.5"
      },
      {
        "model": "icloud",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.19"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.1.1 \u672a\u6e80 (macos catalina)"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.4.5 \u672a\u6e80 (apple tv 4k)"
      },
      {
        "model": "ipados",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.5 \u672a\u6e80 (ipad air 2 \u4ee5\u964d)"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.1.1 \u672a\u6e80 (macos mojave)"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 12.10.7 \u672a\u6e80 (windows 7 \u4ee5\u964d)"
      },
      {
        "model": "ipados",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.5 \u672a\u6e80 (ipad mini 4 \u4ee5\u964d)"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.1.1 \u672a\u6e80 (macos high sierra)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.5 \u672a\u6e80 (ipod touch \u7b2c 7 \u4e16\u4ee3)"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.2.5 \u672a\u6e80 (apple watch series 1 \u4ee5\u964d)"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 7.19 \u672a\u6e80 (windows 7 \u4ee5\u964d)"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 11.2 \u672a\u6e80 (windows 10 \u4ee5\u964d)"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.4.5 \u672a\u6e80 (apple tv hd)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.5 \u672a\u6e80 (iphone 6s \u4ee5\u964d)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006258"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9803"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.19",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.2",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.10.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.4.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9803"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Gentoo",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "158572"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1254"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-9803",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006258",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-187928",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-9803",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006258",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-9803",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-006258",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202005-1254",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-187928",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-9803",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187928"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9803"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1254"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9803"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202007-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: WebKitGTK+: Multiple vulnerabilities\n     Date: July 26, 2020\n     Bugs: #732104\n       ID: 202007-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in WebKitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from\nhybrid HTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-libs/webkit-gtk          \u003c 2.28.3                  \u003e= 2.28.3\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll WebKitGTK+ users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.28.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-13753\n      https://nvd.nist.gov/vuln/detail/CVE-2020-13753\n[ 2 ] CVE-2020-9802\n      https://nvd.nist.gov/vuln/detail/CVE-2020-9802\n[ 3 ] CVE-2020-9803\n      https://nvd.nist.gov/vuln/detail/CVE-2020-9803\n[ 4 ] CVE-2020-9805\n      https://nvd.nist.gov/vuln/detail/CVE-2020-9805\n[ 5 ] CVE-2020-9806\n      https://nvd.nist.gov/vuln/detail/CVE-2020-9806\n[ 6 ] CVE-2020-9807\n      https://nvd.nist.gov/vuln/detail/CVE-2020-9807\n[ 7 ] CVE-2020-9843\n      https://nvd.nist.gov/vuln/detail/CVE-2020-9843\n[ 8 ] CVE-2020-9850\n      https://nvd.nist.gov/vuln/detail/CVE-2020-9850\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202007-11\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. Summary:\n\nAn update is now available for RHEL-8-CNV-2.6. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1732329 - Virtual Machine is missing documentation of its properties in yaml editor\n1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv\n1791753 - [RFE] [SSP] Template validator should check validations in template\u0027s parent template\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1848954 - KMP missing CA extensions  in cabundle of mutatingwebhookconfiguration\n1848956 - KMP  requires downtime for CA stabilization during certificate rotation\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1853911 - VM with dot in network name fails to start with unclear message\n1854098 - NodeNetworkState on workers doesn\u0027t have \"status\" key due to nmstate-handler pod failure to run \"nmstatectl show\"\n1856347 - SR-IOV : Missing network name for sriov during vm setup\n1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS\n1859235 - Common Templates - after upgrade there are 2  common templates per each os-workload-flavor combination\n1860714 - No API information from `oc explain`\n1860992 - CNV upgrade - users are not removed from privileged  SecurityContextConstraints\n1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem\n1866593 - CDI is not handling vm disk clone\n1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs\n1868817 - Container-native Virtualization 2.6.0 Images\n1873771 - Improve the VMCreationFailed error message caused by VM low memory\n1874812 - SR-IOV: Guest Agent  expose link-local ipv6 address  for sometime and then remove it\n1878499 - DV import doesn\u0027t recover from scratch space PVC deletion\n1879108 - Inconsistent naming of \"oc virt\" command in help text\n1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running\n1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message\n1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used\n1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied\n1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. \n1891285 - Common templates and kubevirt-config cm - update machine-type\n1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error\n1892227 - [SSP] cluster scoped resources are not being reconciled\n1893278 - openshift-virtualization-os-images namespace not seen by user\n1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza\n1894428 - Message for VMI not migratable is not clear enough\n1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium\n1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import\n1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1898072 - Add Fedora33 to Fedora common templates\n1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail\n1899558 - CNV 2.6 - nmstate fails to set state\n1901480 - VM disk io can\u0027t worked if namespace have label kubemacpool\n1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig)\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1903014 - hco-webhook pod in CreateContainerError\n1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode\n1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT \"default\"\n1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers\n1907151 - kubevirt version is not reported correctly via virtctl\n1907352 - VM/VMI link changes to `kubevirt.io~v1~VirtualMachineInstance` on CNV 2.6\n1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused \"Internal error occurred\" for creating datavolume\n1907988 - VM loses dynamic IP address of its default interface after migration\n1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity\n1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error\n1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference\n1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import  to Ceph RBD/BLOCK fails on \"qemu-img: /data/disk.img\" error\n1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO\n1911118 - Windows VMI LiveMigration / shutdown fails on \u0027XML error: non unique alias detected: ua-\u0027)\n1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface\n1911662 - el6 guests don\u0027t work properly if virtio bus is specified on various devices\n1912908 - Allow using \"scsi\" bus for disks in template validation\n1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails\n1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user\n1913717 - Users should have read permitions for golden images data volumes\n1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes\n1914177 - CNV does not preallocate blank file data volumes\n1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes\n1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer\n1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block\n1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored\n1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration\n1920576 - HCO can report ready=true when it failed to create a CR for a component operator\n1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool\n1927373 - NoExecute taint violates pdb; VMIs are not live migrated\n1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4-\u003eCNV-2.6.0 upgrade\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: OpenShift Container Platform 4.7.0 extras and security update\nAdvisory ID:       RHSA-2020:5635-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:5635\nIssue date:        2021-02-24\nCVE Names:         CVE-2018-20843 CVE-2019-3884 CVE-2019-5018\n                   CVE-2019-8625 CVE-2019-8710 CVE-2019-8720\n                   CVE-2019-8743 CVE-2019-8764 CVE-2019-8766\n                   CVE-2019-8769 CVE-2019-8771 CVE-2019-8782\n                   CVE-2019-8783 CVE-2019-8808 CVE-2019-8811\n                   CVE-2019-8812 CVE-2019-8813 CVE-2019-8814\n                   CVE-2019-8815 CVE-2019-8816 CVE-2019-8819\n                   CVE-2019-8820 CVE-2019-8823 CVE-2019-8835\n                   CVE-2019-8844 CVE-2019-8846 CVE-2019-13050\n                   CVE-2019-13225 CVE-2019-13627 CVE-2019-14889\n                   CVE-2019-15165 CVE-2019-15903 CVE-2019-16168\n                   CVE-2019-16935 CVE-2019-17450 CVE-2019-17546\n                   CVE-2019-19221 CVE-2019-19906 CVE-2019-19956\n                   CVE-2019-20218 CVE-2019-20387 CVE-2019-20388\n                   CVE-2019-20454 CVE-2019-20807 CVE-2019-20907\n                   CVE-2019-20916 CVE-2020-1730 CVE-2020-1751\n                   CVE-2020-1752 CVE-2020-1971 CVE-2020-3862\n                   CVE-2020-3864 CVE-2020-3865 CVE-2020-3867\n                   CVE-2020-3868 CVE-2020-3885 CVE-2020-3894\n                   CVE-2020-3895 CVE-2020-3897 CVE-2020-3898\n                   CVE-2020-3899 CVE-2020-3900 CVE-2020-3901\n                   CVE-2020-3902 CVE-2020-6405 CVE-2020-7595\n                   CVE-2020-8492 CVE-2020-8566 CVE-2020-8619\n                   CVE-2020-8622 CVE-2020-8623 CVE-2020-8624\n                   CVE-2020-9327 CVE-2020-9802 CVE-2020-9803\n                   CVE-2020-9805 CVE-2020-9806 CVE-2020-9807\n                   CVE-2020-9843 CVE-2020-9850 CVE-2020-9862\n                   CVE-2020-9893 CVE-2020-9894 CVE-2020-9895\n                   CVE-2020-9915 CVE-2020-9925 CVE-2020-10018\n                   CVE-2020-10029 CVE-2020-11793 CVE-2020-13630\n                   CVE-2020-13631 CVE-2020-13632 CVE-2020-14040\n                   CVE-2020-14382 CVE-2020-14391 CVE-2020-14422\n                   CVE-2020-15157 CVE-2020-15503 CVE-2020-15999\n                   CVE-2020-24659 CVE-2020-24750 CVE-2020-25211\n                   CVE-2020-25658 CVE-2021-3121\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.7.0 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nThis release also includes a security update for Red Hat OpenShift\nContainer Platform 4.7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in\ncom.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.7.0. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHEA-2020:5633\n\nAll OpenShift Container Platform users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. \n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1823765 - nfd-workers crash under an ipv6 environment\n1838802 - mysql8 connector from operatorhub does not work with metering operator\n1838845 - Metering operator can\u0027t connect to postgres DB from Operator Hub\n1841883 - namespace-persistentvolumeclaim-usage  query returns unexpected values\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1868294 - NFD operator does not allow customisation of nfd-worker.conf\n1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration\n1890672 - NFD is missing a build flag to build correctly\n1890741 - path to the CA trust bundle ConfigMap is broken in report operator\n1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster\n1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel\n1900125 - FIPS error while generating RSA private key for CA\n1906129 - OCP 4.7:  Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub\n1908492 - OCP 4.7:  Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub\n1913837 - The CI and ART 4.7 metering images are not mirrored\n1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le\n1916010 - olm skip range is set to the wrong range\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923998 - NFD Operator is failing to update and remains in Replacing state\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2019-3884\nhttps://access.redhat.com/security/cve/CVE-2019-5018\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13225\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15165\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-16168\nhttps://access.redhat.com/security/cve/CVE-2019-16935\nhttps://access.redhat.com/security/cve/CVE-2019-17450\nhttps://access.redhat.com/security/cve/CVE-2019-17546\nhttps://access.redhat.com/security/cve/CVE-2019-19221\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-19956\nhttps://access.redhat.com/security/cve/CVE-2019-20218\nhttps://access.redhat.com/security/cve/CVE-2019-20387\nhttps://access.redhat.com/security/cve/CVE-2019-20388\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-20907\nhttps://access.redhat.com/security/cve/CVE-2019-20916\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-1751\nhttps://access.redhat.com/security/cve/CVE-2020-1752\nhttps://access.redhat.com/security/cve/CVE-2020-1971\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3898\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-6405\nhttps://access.redhat.com/security/cve/CVE-2020-7595\nhttps://access.redhat.com/security/cve/CVE-2020-8492\nhttps://access.redhat.com/security/cve/CVE-2020-8566\nhttps://access.redhat.com/security/cve/CVE-2020-8619\nhttps://access.redhat.com/security/cve/CVE-2020-8622\nhttps://access.redhat.com/security/cve/CVE-2020-8623\nhttps://access.redhat.com/security/cve/CVE-2020-8624\nhttps://access.redhat.com/security/cve/CVE-2020-9327\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-10029\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-13630\nhttps://access.redhat.com/security/cve/CVE-2020-13631\nhttps://access.redhat.com/security/cve/CVE-2020-13632\nhttps://access.redhat.com/security/cve/CVE-2020-14040\nhttps://access.redhat.com/security/cve/CVE-2020-14382\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-14422\nhttps://access.redhat.com/security/cve/CVE-2020-15157\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-15999\nhttps://access.redhat.com/security/cve/CVE-2020-24659\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-25211\nhttps://access.redhat.com/security/cve/CVE-2020-25658\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5\n\niOS 13.5 and iPadOS 13.5 address the following:\n\nAccounts\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt\n\nAirDrop\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2020-9826: Dor Hadad of Palo Alto Networks\n\nAppleMobileFileIntegrity\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to use arbitrary entitlements\nDescription: This issue was addressed with improved checks. \nCVE-2020-9842: Linus Henze (pinauten.de)\n\nAudio\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero\nDay Initiative\n\nAudio\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero\nDay Initiative\n\nBluetooth\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An attacker in a privileged network position may be able to\nintercept Bluetooth traffic\nDescription: An issue existed with the use of a PRNG with low\nentropy. \nCVE-2020-6616: J\u00f6rn Tillmanns (@matedealer) and Jiska Classen\n(@naehrdine) of Secure Mobile Networking Lab\n\nBluetooth\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9838: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure\nMobile Networking Lab\n\nCoreText\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted text message may lead to\napplication denial of service\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an\nanonymous researcher, Carlos S Tech, Sam Menzies of Sam\u2019s Lounge,\nSufiyan Gouri of Lovely Professional University, India, Suleman Hasan\nRathor of Arabic-Classroom.com\n\nFaceTime\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A user\u2019s video may not be paused in a FaceTime call if they\nexit the FaceTime app while the call is ringing\nDescription: An issue existed in the pausing of FaceTime video. \nCVE-2020-9835: Olivier Levesque (@olilevesque)\n\nFile System\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to modify the file system\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9820: Thijs Alkemade of Computest\n\nFontParser\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9816:  Peter Nguyen Vu Hoang of STAR Labs working with Trend\nMicro Zero Day Initiative\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9789: Wenchao Li of VARAS@IIE\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nIPSec\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to leak memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9837: Thijs Alkemade of Computest\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to determine another\napplication\u0027s memory layout\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2020-9797: an anonymous researcher\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A local user may be able to read kernel memory\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2020-9811: Tielei Wang of Pangu Lab\nCVE-2020-9812: Derrek (@derrekr6)\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A logic issue existed resulting in memory corruption. \nCVE-2020-9813: Xinru Chi of Pangu Lab\nCVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2020-9809: Benjamin Randazzo (@____benjamin)\n\nMail\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted mail message may lead to\nheap corruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2020-9819: ZecOps.com\n\nMail\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted mail message may lead to\nunexpected memory modification or application termination\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9818: ZecOps.com\n\nMessages\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Users removed from an iMessage conversation may still be able\nto alter state\nDescription: This issue was addressed with improved checks. \nCVE-2020-9823: Suryansh Mansharamani, student of Community Middle\nSchool, Plainsboro, New\nJersey\n\nNotifications\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A person with physical access to an iOS device may be able to\nview notification contents from the lockscreen\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2020-9848: Nima\n\nPython\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2020-9793\n\nSandbox\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)\n\nSQLite\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may cause a denial of service or\npotentially disclose memory contents\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9794\n\nSystem Preferences\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to gain elevated privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of\n@SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\nUSB Audio\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A USB device may be able to cause a denial of service\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2020-9792: Andy Davis of NCC Group\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9805: an anonymous researcher\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9802: Samuel Gro\u00df of Google Project Zero\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of\n@SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro\nZero Day Initiative\n\nWebRTC\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: An access issue was addressed with improved memory\nmanagement. \nCVE-2019-20503: Natalie Silvanovich of Google Project Zero\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: A double free issue was addressed with improved memory\nmanagement. \nCVE-2020-9844: Ian Beer of Google Project Zero\n\nzsh\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A local attacker may be able to elevate their privileges\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2019-20044: Sam Foxman\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Maximilian von Tschitschnitz of\nTechnical University Munich and Ludwig Peuckert of Technical\nUniversity Munich for their assistance. \n\nCoreText\nWe would like to acknowledge Jiska Classen (@naehrdine) and Dennis\nHeinze (@ttdennis) of Secure Mobile Networking Lab for their\nassistance. \n\nDevice Analytics\nWe would like to acknowledge Mohamed Ghannam (@_simo36) for their\nassistance. \n\nImageIO\nWe would like to acknowledge Lei Sun for their assistance. \n\nIOHIDFamily\nWe would like to acknowledge Andy Davis of NCC Group for their\nassistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nSafari\nWe would like to acknowledge Jeffball of GRIMM and Luke Walker of\nManchester Metropolitan University for their assistance. \n\nWebKit\nWe would like to acknowledge Aidan Dunlap of UT Austin for their\nassistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 13.5 and iPadOS 13.5\". \n-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.64\n\niQIcBAEDCAAGBQJezV7MAAoJEAc+Lhnt8tDNdWwP/2NnLRWvziY/ilvylDEczut+\nxbSNg719ckFBtvkuXirQdsjfTmW3M/RJXUtjOmRDDEQB0IfmIRkrL49moDLeY0rB\ntjrsoVQESwYwbnb0xNzC3Oqr0tP3hitxFUpkKd7L0opo5vWhshBwqzWEtLTPxI1X\nT81DCpYiKDMB57bXgRV26QIFgQpHGXV/bMDCksVc12phempeEldP7t4dueDZy526\nkWinK9jlwzViWwSmm5VK0t9IbemAZ56Ca829ZmrkT7XfLRyxw0rb+2f9VcQz/kNe\nRziJ3RwF2WZTe7yJpz6LV5h3RMo+MoHdVbPCYmcYNPiaHGTMl1POZXkjDHBHCSBY\netboXOyZNOsnTMIVNwwXK/aGsKBz6kkfbWODS2omtz5oZjzGdZJLC/nFZC2GG13E\nPnb0E5ULmA95poi07gWTy31APilQXfAzGJEOebsvH5s2EZ9HcANqrwtonfHSjeOU\nZFH8xfnCTgO37ZgevrjdreD8SYRJR3QfEEf/DDNx2xXgr4wzydgvdyNCI1QpEz5s\nPS3JQECoBM9SsgXv02mCkNlK1crEqoxYURjcN3UIPGx8GVxtyiWJoEByxAgTtqv8\nRPSqKGvPrznR1SxVNrXB2o08X3LUqK0LREABpuD/wbp8Qj8ma2fo3hLpvdoc9+De\nfSLSaEAmjBkF5c4r1O3P\n=zOSS\n-----END PGP SIGNATURE-----\n\n\n\n. \n\nInstallation note:\n\nSafari 13.1.1 may be obtained from the Mac App Store. \n\nCVE-2020-13753\n\n    Milan Crha discovered that an attacker may be able to execute\n    commands outside the bubblewrap sandbox. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.28.3-2~deb10u1. \n\nWe recommend that you upgrade your webkit2gtk packages. \n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/webkit2gtk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8PaKUACgkQEMKTtsN8\nTjaf3hAAjZCKrikC4P1I/xiuL6kRepTjURi3zeZl3YywPCFLi/irWXX+5U+ejZoM\nkek3wtdJc1thN8w9BbXhOVyLferb/xfnt5jUVtZ6JBNDKKWGXoTY0Qfdu2lH0vw5\nIV1lf5bvOdawrw/tVS9Uy3dTN1kXEBZ3q3XCpRXrBWEkrXtWG/yznGy0duebnI5h\nPM7D6R4PIKiCB3HBe9rszCIQrYcGQ/U3x8a/FPnPUO2TCRfVZG918M9yO1fN1v2R\n+08h0DcOU8ggIJQwJA9hm/V3mJWpTayHh/ouTI8PrIcwG0T2/qbtUm/9cj0wvmXW\nId+RgXtQAyKeXQoXD5oP9jzVDgmm7rn03Rn2FX5hzAdTJAqdvT/Mr4IDNcOgdS8O\nwXmGprdRvMzx0gXO5YpeTuhjQiCZS1fB9ByIOMq/7lIjpiBctrhTZQvlSMMyauIQ\nP7tTTT8zCZo0DIQc/c2KyCXlD9/ORZm801U5wpXwPXT9Zq8wRAp5PodK/4plOzKc\nJyJiPI6BR41+31C438nl3wifO/wLh8+6nHAb2rkRQSe6Tu9SKyqOmYT9Ev6JZi/1\nR8NMBFSmTYM/XUv5ECsTeL3uLvDnCpKAR0EnWz5z1Cqy2AYzEthEf+1dwXAooYvO\n2johOWMaUrSWJMsYdZjTFEahaCSO5oPTDlbZCB2yIgpc6P70irU=\n=L5lA\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9803"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006258"
      },
      {
        "db": "VULHUB",
        "id": "VHN-187928"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9803"
      },
      {
        "db": "PACKETSTORM",
        "id": "158572"
      },
      {
        "db": "PACKETSTORM",
        "id": "161742"
      },
      {
        "db": "PACKETSTORM",
        "id": "161536"
      },
      {
        "db": "PACKETSTORM",
        "id": "157879"
      },
      {
        "db": "PACKETSTORM",
        "id": "157874"
      },
      {
        "db": "PACKETSTORM",
        "id": "157878"
      },
      {
        "db": "PACKETSTORM",
        "id": "157876"
      },
      {
        "db": "PACKETSTORM",
        "id": "168878"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-9803",
        "trust": 3.4
      },
      {
        "db": "PACKETSTORM",
        "id": "158572",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU98042162",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006258",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1254",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "157883",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2610",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2509",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1025",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3893",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0691",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2403",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0099",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4513",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2419",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0864",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0584",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0382",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1870",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0234",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "49284",
        "trust": 0.6
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2020/07/10/1",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-40612",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-187928",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161742",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161536",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "157879",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "157874",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "157878",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "157876",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168878",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187928"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9803"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006258"
      },
      {
        "db": "PACKETSTORM",
        "id": "158572"
      },
      {
        "db": "PACKETSTORM",
        "id": "161742"
      },
      {
        "db": "PACKETSTORM",
        "id": "161536"
      },
      {
        "db": "PACKETSTORM",
        "id": "157879"
      },
      {
        "db": "PACKETSTORM",
        "id": "157874"
      },
      {
        "db": "PACKETSTORM",
        "id": "157878"
      },
      {
        "db": "PACKETSTORM",
        "id": "157876"
      },
      {
        "db": "PACKETSTORM",
        "id": "168878"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1254"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9803"
      }
    ]
  },
  "id": "VAR-202006-1832",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187928"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:03:26.090000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT211179",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211179"
      },
      {
        "title": "HT211181",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211181"
      },
      {
        "title": "HT211168",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211168"
      },
      {
        "title": "HT211171",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211171"
      },
      {
        "title": "HT211175",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211175"
      },
      {
        "title": "HT211177",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211177"
      },
      {
        "title": "HT211178",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211178"
      },
      {
        "title": "HT211181",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211181"
      },
      {
        "title": "HT211168",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211168"
      },
      {
        "title": "HT211171",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211171"
      },
      {
        "title": "HT211175",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211175"
      },
      {
        "title": "HT211177",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211177"
      },
      {
        "title": "HT211178",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211178"
      },
      {
        "title": "HT211179",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211179"
      },
      {
        "title": "Multiple Apple product WebKit Fix for component buffer error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=121243"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2020/05/28/apple_may_updates/"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2020-9803 log"
      },
      {
        "title": "Debian Security Advisories: DSA-4724-1 webkit2gtk -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=dea2e0f2e732c4316e7997209f1f239a"
      },
      {
        "title": "Red Hat: Moderate: GNOME security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204451 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Quay v3.3.3 bug fix and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210050 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210436 - security advisory"
      },
      {
        "title": "Red Hat: Important: Service Telemetry Framework 1.4 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225924 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210190 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220056 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205605 - security advisory"
      },
      {
        "title": "freedom",
        "trust": 0.1,
        "url": "https://github.com/sslab-gatech/freedom "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-9803"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1254"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187928"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006258"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9803"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9803"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht211168"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht211171"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht211175"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht211177"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht211178"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht211179"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht211181"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9803"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98042162/index.html"
      },
      {
        "trust": 0.7,
        "url": "https://www.debian.org/security/2020/dsa-4724"
      },
      {
        "trust": 0.7,
        "url": "https://security.gentoo.org/glsa/202007-11"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9807"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9806"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9805"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9802"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ger2atkzxdhm7ffyjh67zpnzzx5vouvm/"
      },
      {
        "trust": 0.6,
        "url": "https://usn.ubuntu.com/4422-1/"
      },
      {
        "trust": 0.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jdbxq2xa6x4dp4ytpxbomkslwued2kar/"
      },
      {
        "trust": 0.6,
        "url": "http://www.openwall.com/lists/oss-security/2020/07/10/1"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1025"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1870/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0382"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0864"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht211179"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht211178"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-32802"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2403/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0691"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2610/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/kb/ht211178"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/kb/ht211177"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2419/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4513/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0099/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0234/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0584"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158572/gentoo-linux-security-advisory-202007-11.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157883/apple-security-advisory-2020-05-26-4.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/49284"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2509/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3893/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9843"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9850"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9800"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20503"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9790"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9789"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3878"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9794"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13753"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20907"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8624"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-13050"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9925"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9802"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20218"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9895"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8625"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20388"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-15165"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14382"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8812"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-3899"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8819"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-3867"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1971"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8720"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9893"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-19221"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8808"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-3902"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8623"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1751"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-3900"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9805"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8820"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9807"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8769"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8710"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8813"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9850"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7595"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8811"
      },
      {
        "trust": 0.2,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-16168"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9803"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9862"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-24659"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9327"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-3885"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-17450"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-15503"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-16935"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20916"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-5018"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-19956"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-10018"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14422"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8835"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8764"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8844"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-3865"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1730"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-3864"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-19906"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20387"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14391"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-15999"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-3862"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-3901"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8823"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1752"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8622"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-15903"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-3895"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8492"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-11793"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20454"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-20843"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9894"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8816"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9843"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-13627"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-6405"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8771"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-3897"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9806"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8814"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-14889"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8743"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3121"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9915"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8815"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-13632"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-10029"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8783"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20807"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-13630"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14040"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8619"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-13631"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8766"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8846"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-3868"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-3894"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8782"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9809"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9819"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9813"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9795"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9814"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9811"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9818"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9797"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9791"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9808"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9816"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20044"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9815"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9793"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9812"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/787.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://security.archlinux.org/cve-2020-9803"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/sslab-gatech/freedom"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16300"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14466"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-10105"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25684"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15166"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26160"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16230"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-6829"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12403"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3156"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-16845"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14467"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10103"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14469"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16229"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14465"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14882"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16227"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25683"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18197"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14461"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20206"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14881"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14464"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14463"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16228"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14351"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14469"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10105"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14880"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12321"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14461"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14468"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14466"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14882"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15586"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16227"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14464"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16452"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16230"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14468"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14467"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14559"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14462"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29661"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14880"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25682"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14881"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16300"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14462"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16229"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12400"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25685"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16451"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-10103"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16228"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0799"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14463"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25686"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25687"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16451"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14879"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14470"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25681"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14470"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9283"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27813"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14465"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11068"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16452"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhea-2020:5633"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17450"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13225"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8566"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25211"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5635"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15157"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25658"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17546"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3884"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3884"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13225"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15165"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3898"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9827"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9821"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6616"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9792"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/download/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9801"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/webkit2gtk"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187928"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9803"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006258"
      },
      {
        "db": "PACKETSTORM",
        "id": "158572"
      },
      {
        "db": "PACKETSTORM",
        "id": "161742"
      },
      {
        "db": "PACKETSTORM",
        "id": "161536"
      },
      {
        "db": "PACKETSTORM",
        "id": "157879"
      },
      {
        "db": "PACKETSTORM",
        "id": "157874"
      },
      {
        "db": "PACKETSTORM",
        "id": "157878"
      },
      {
        "db": "PACKETSTORM",
        "id": "157876"
      },
      {
        "db": "PACKETSTORM",
        "id": "168878"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1254"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9803"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-187928"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9803"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006258"
      },
      {
        "db": "PACKETSTORM",
        "id": "158572"
      },
      {
        "db": "PACKETSTORM",
        "id": "161742"
      },
      {
        "db": "PACKETSTORM",
        "id": "161536"
      },
      {
        "db": "PACKETSTORM",
        "id": "157879"
      },
      {
        "db": "PACKETSTORM",
        "id": "157874"
      },
      {
        "db": "PACKETSTORM",
        "id": "157878"
      },
      {
        "db": "PACKETSTORM",
        "id": "157876"
      },
      {
        "db": "PACKETSTORM",
        "id": "168878"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1254"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9803"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-187928"
      },
      {
        "date": "2020-06-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-9803"
      },
      {
        "date": "2020-07-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006258"
      },
      {
        "date": "2020-07-27T18:15:45",
        "db": "PACKETSTORM",
        "id": "158572"
      },
      {
        "date": "2021-03-10T16:02:43",
        "db": "PACKETSTORM",
        "id": "161742"
      },
      {
        "date": "2021-02-25T15:26:54",
        "db": "PACKETSTORM",
        "id": "161536"
      },
      {
        "date": "2020-05-29T19:05:25",
        "db": "PACKETSTORM",
        "id": "157879"
      },
      {
        "date": "2020-05-29T19:02:19",
        "db": "PACKETSTORM",
        "id": "157874"
      },
      {
        "date": "2020-05-29T19:04:53",
        "db": "PACKETSTORM",
        "id": "157878"
      },
      {
        "date": "2020-05-29T19:03:50",
        "db": "PACKETSTORM",
        "id": "157876"
      },
      {
        "date": "2020-07-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "168878"
      },
      {
        "date": "2020-05-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-1254"
      },
      {
        "date": "2020-06-09T17:15:12.237000",
        "db": "NVD",
        "id": "CVE-2020-9803"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-187928"
      },
      {
        "date": "2021-12-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-9803"
      },
      {
        "date": "2020-07-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006258"
      },
      {
        "date": "2022-03-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-1254"
      },
      {
        "date": "2021-12-01T02:37:50.810000",
        "db": "NVD",
        "id": "CVE-2020-9803"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1254"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Product Corruption Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006258"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1254"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.