DATABASE RESOURCES PRICING ABOUT US

{"id": "APPLE:76759F30E38205B816379E57C5E5C4C3", "vendorId": null, "type": "apple", "bulletinFamily": "software", "title": "About the security content of iOS 13.6 and iPadOS 13.6", "description": "# About the security content of iOS 13.6 and iPadOS 13.6\n\nThis document describes the security content of iOS 13.6 and iPadOS 13.6.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iOS 13.6 and iPadOS 13.6\n\nReleased July 15, 2020\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9888: JunDong Xie and Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9890: JunDong Xie and Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9891: JunDong Xie and Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro Zero Day Initiative\n\nCVE-2020-9889: Anonymous working with Trend Micro\u2019s Zero Day Initiative, JunDong Xie and Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**AVEVideoEncoder**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9907: 08Tc3wBB working with ZecOps\n\nEntry added July 24, 2020, updated August 31, 2020\n\n**Bluetooth**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may cause an unexpected application termination\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9931: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab\n\n**CoreFoundation**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local user may be able to view sensitive user information\n\nDescription: An issue existed in the handling of environment variables. This issue was addressed with improved validation.\n\nCVE-2020-9934: Matt Shockley (linkedin.com/in/shocktop)\n\nEntry updated August 5, 2020\n\n**CoreGraphics**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added July 24, 2020, updated December 15, 2020\n\n**Crash Reporter**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud\n\n**Crash Reporter**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9900: Cees Elzinga, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020, updated December 17, 2021 \n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added September 21, 2020, updated October 19, 2020\n\n**GeoServices**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to read sensitive location information\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.\n\n**iAP**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2020-9914: Andy Davis of NCC Group\n\nEntry updated July 24, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27933: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry added July 24, 2020, updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added August 5, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9923: Proteas\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9909: Brandon Azad of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9904: Tielei Wang of Pangu Lab\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9863: Xinru Chi of Pangu Lab\n\nEntry updated August 5, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed with improved state management.\n\nCVE-2020-9892: Andy Nguyen of Google\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9905: Raz Mashat (@RazMashat) of ZecOps\n\nEntry added August 5, 2020\n\n**libxml2**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9926: Found by OSS-Fuzz\n\nEntry added March 16, 2021\n\n**Mail**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2019-19906\n\nEntry added July 24, 2020, updated September 8, 2020\n\n**Mail**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious mail server may overwrite arbitrary mail files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9920: YongYue Wang AKA BigChan of Hillstone Networks AF Team\n\nEntry added July 24, 2020\n\n**Messages**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A user that is removed from an iMessage group could rejoin the group\n\nDescription: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification.\n\nCVE-2020-9885: an anonymous researcher, Suryansh Mansharamani of WWP High School North (medium.com/@suryanshmansha)\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9881: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9882: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9940: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9985: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry updated September 21, 2020\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Safari Login AutoFill**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious attacker may cause Safari to suggest a password for the wrong domain\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9903: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**Safari Reader**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9911: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**Security**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate\n\nDescription: A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation.\n\nCVE-2020-9868: Brian Wolff of Asana\n\nEntry added July 24, 2020\n\n**sysdiagnose**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9901: Tim Michaud (@TimGMichaud) of Leviathan, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020, updated August 31, 2020\n\n**WebDAV**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2020-9898: Sreejith Krishnan R (@skr0x1C0)\n\nEntry added September 8, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\nEntry updated July 24, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n**WebRTC**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged network position may be able to cause heap corruption via a crafted SCTP stream\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-6514: natashenka of Google Project Zero\n\nEntry added September 21, 2020\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9906: Ian Beer of Google Project Zero\n\nEntry added July 24, 2020\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9917: Pradeep Deokate of Harman, Stefan B\u00f6hrer at Daimler AG, proofnet.de\n\nEntry updated July 24, 2020\n\n## Additional recognition\n\n**Bluetooth**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**CoreFoundation**\n\nWe would like to acknowledge Bobby Pelletier for their assistance.\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-Financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\n**USB Audio**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "published": "2020-07-15T00:00:00", "modified": "2020-07-15T00:00:00", "epss": [{"cve": "CVE-2019-14899", "epss": 0.00046, "percentile": 0.13987, "modified": "2023-12-03"}, {"cve": "CVE-2019-19906", "epss": 0.0065, "percentile": 0.76997, "modified": "2023-12-03"}, {"cve": "CVE-2020-11758", "epss": 0.00081, "percentile": 0.33705, "modified": "2023-12-03"}, {"cve": "CVE-2020-11759", "epss": 0.00118, "percentile": 0.45471, "modified": "2023-12-03"}, {"cve": "CVE-2020-11760", "epss": 0.00081, "percentile": 0.33705, "modified": "2023-12-03"}, {"cve": "CVE-2020-11761", "epss": 0.00081, "percentile": 0.33705, "modified": "2023-12-03"}, {"cve": "CVE-2020-11762", "epss": 0.00081, "percentile": 0.33705, "modified": "2023-12-03"}, {"cve": "CVE-2020-11763", "epss": 0.00081, "percentile": 0.33705, "modified": "2023-12-03"}, {"cve": "CVE-2020-11764", "epss": 0.00086, "percentile": 0.35568, "modified": "2023-12-03"}, {"cve": "CVE-2020-11765", "epss": 0.00081, "percentile": 0.33705, "modified": "2023-12-03"}, {"cve": "CVE-2020-27933", "epss": 0.001, "percentile": 0.40659, "modified": "2023-12-03"}, {"cve": "CVE-2020-6514", "epss": 0.00189, "percentile": 0.56184, "modified": "2023-12-03"}, {"cve": "CVE-2020-9862", "epss": 0.0013, "percentile": 0.47506, "modified": "2023-12-03"}, {"cve": "CVE-2020-9863", "epss": 0.00116, "percentile": 0.44988, "modified": "2023-12-03"}, {"cve": "CVE-2020-9865", "epss": 0.00091, "percentile": 0.38268, "modified": "2023-12-03"}, {"cve": "CVE-2020-9868", "epss": 0.00135, "percentile": 0.48325, "modified": "2023-12-03"}, {"cve": "CVE-2020-9871", "epss": 0.00161, "percentile": 0.52473, "modified": "2023-12-03"}, {"cve": "CVE-2020-9872", "epss": 0.00161, "percentile": 0.52473, "modified": "2023-12-03"}, {"cve": "CVE-2020-9873", "epss": 0.00126, "percentile": 0.46837, "modified": "2023-12-03"}, {"cve": "CVE-2020-9874", "epss": 0.00161, "percentile": 0.52473, "modified": "2023-12-03"}, {"cve": "CVE-2020-9875", "epss": 0.00173, "percentile": 0.54272, "modified": "2023-12-03"}, {"cve": "CVE-2020-9876", "epss": 0.00166, "percentile": 0.53112, "modified": "2023-12-03"}, {"cve": "CVE-2020-9877", "epss": 0.00126, "percentile": 0.46837, "modified": "2023-12-03"}, {"cve": "CVE-2020-9878", "epss": 0.00152, "percentile": 0.51216, "modified": "2023-12-03"}, {"cve": "CVE-2020-9879", "epss": 0.00161, "percentile": 0.52473, "modified": "2023-12-03"}, {"cve": "CVE-2020-9880", "epss": 0.00146, "percentile": 0.50258, "modified": "2023-12-03"}, {"cve": "CVE-2020-9881", "epss": 0.00152, "percentile": 0.51216, "modified": "2023-12-03"}, {"cve": "CVE-2020-9882", "epss": 0.00152, "percentile": 0.51216, "modified": "2023-12-03"}, {"cve": "CVE-2020-9883", "epss": 0.00139, "percentile": 0.49185, "modified": "2023-12-03"}, {"cve": "CVE-2020-9884", "epss": 0.00098, "percentile": 0.40144, "modified": "2023-12-03"}, {"cve": "CVE-2020-9885", "epss": 0.00067, "percentile": 0.27861, "modified": "2023-12-03"}, {"cve": "CVE-2020-9888", "epss": 0.00116, "percentile": 0.44988, "modified": "2023-12-03"}, {"cve": "CVE-2020-9889", "epss": 0.00106, "percentile": 0.42749, "modified": "2023-12-03"}, {"cve": "CVE-2020-9890", "epss": 0.00116, "percentile": 0.44988, "modified": "2023-12-03"}, {"cve": "CVE-2020-9891", "epss": 0.00116, "percentile": 0.44988, "modified": "2023-12-03"}, {"cve": "CVE-2020-9892", "epss": 0.00116, "percentile": 0.44988, "modified": "2023-12-03"}, {"cve": "CVE-2020-9893", "epss": 0.01147, "percentile": 0.83102, "modified": "2023-12-03"}, {"cve": "CVE-2020-9894", "epss": 0.00425, "percentile": 0.71395, "modified": "2023-12-03"}, {"cve": "CVE-2020-9895", "epss": 0.02359, "percentile": 0.88597, "modified": "2023-12-03"}, {"cve": "CVE-2020-9898", "epss": 0.00244, "percentile": 0.62152, "modified": "2023-12-03"}, {"cve": "CVE-2020-9900", "epss": 0.00042, "percentile": 0.0573, "modified": "2023-12-03"}, {"cve": "CVE-2020-9901", "epss": 0.00042, "percentile": 0.0573, "modified": "2023-12-03"}, {"cve": "CVE-2020-9902", "epss": 0.0007, "percentile": 0.28975, "modified": "2023-12-03"}, {"cve": "CVE-2020-9903", "epss": 0.00081, "percentile": 0.33723, "modified": "2023-12-03"}, {"cve": "CVE-2020-9904", "epss": 0.00116, "percentile": 0.44988, "modified": "2023-12-03"}, {"cve": "CVE-2020-9905", "epss": 0.00445, "percentile": 0.72012, "modified": "2023-12-03"}, {"cve": "CVE-2020-9906", "epss": 0.00492, "percentile": 0.73381, "modified": "2023-12-03"}, {"cve": "CVE-2020-9907", "epss": 0.00188, "percentile": 0.56045, "modified": "2023-12-03"}, {"cve": "CVE-2020-9909", "epss": 0.00194, "percentile": 0.56974, "modified": "2023-12-03"}, {"cve": "CVE-2020-9910", "epss": 0.00356, "percentile": 0.68882, "modified": "2023-12-03"}, {"cve": "CVE-2020-9911", "epss": 0.00181, "percentile": 0.55056, "modified": "2023-12-03"}, {"cve": "CVE-2020-9914", "epss": 0.00116, "percentile": 0.45178, "modified": "2023-12-03"}, {"cve": "CVE-2020-9915", "epss": 0.00251, "percentile": 0.62768, "modified": "2023-12-03"}, {"cve": "CVE-2020-9916", "epss": 0.00225, "percentile": 0.60518, "modified": "2023-12-03"}, {"cve": "CVE-2020-9917", "epss": 0.00206, "percentile": 0.58289, "modified": "2023-12-03"}, {"cve": "CVE-2020-9918", "epss": 0.00527, "percentile": 0.7426, "modified": "2023-12-03"}, {"cve": "CVE-2020-9919", "epss": 0.00148, "percentile": 0.50499, "modified": "2023-12-03"}, {"cve": "CVE-2020-9920", "epss": 0.00185, "percentile": 0.55501, "modified": "2023-12-03"}, {"cve": "CVE-2020-9923", "epss": 0.00085, "percentile": 0.35341, "modified": "2023-12-03"}, {"cve": "CVE-2020-9925", "epss": 0.00265, "percentile": 0.63886, "modified": "2023-12-03"}, {"cve": "CVE-2020-9926", "epss": 0.001, "percentile": 0.40659, "modified": "2023-12-03"}, {"cve": "CVE-2020-9931", "epss": 0.00215, "percentile": 0.59278, "modified": "2023-12-03"}, {"cve": "CVE-2020-9933", "epss": 0.00062, "percentile": 0.24372, "modified": "2023-12-03"}, {"cve": "CVE-2020-9934", "epss": 0.00116, "percentile": 0.45107, "modified": "2023-12-03"}, {"cve": "CVE-2020-9936", "epss": 0.00204, "percentile": 0.58093, "modified": "2023-12-03"}, {"cve": "CVE-2020-9937", "epss": 0.00161, "percentile": 0.52473, "modified": "2023-12-03"}, {"cve": "CVE-2020-9938", "epss": 0.00126, "percentile": 0.46837, "modified": "2023-12-03"}, {"cve": "CVE-2020-9940", "epss": 0.00152, "percentile": 0.51216, "modified": "2023-12-03"}, {"cve": "CVE-2020-9980", "epss": 0.00116, "percentile": 0.44988, "modified": "2023-12-03"}, {"cve": "CVE-2020-9984", "epss": 0.00126, "percentile": 0.46837, "modified": "2023-12-03"}, {"cve": "CVE-2020-9985", "epss": 0.00152, "percentile": 0.51216, "modified": "2023-12-03"}], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://support.apple.com/kb/HT211288", "reporter": "Apple", "references": ["https://support.apple.com/en-us/HT201222"], "cvelist": ["CVE-2019-14899", "CVE-2019-19906", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-27933", "CVE-2020-6514", "CVE-2020-9862", "CVE-2020-9863", "CVE-2020-9865", "CVE-2020-9868", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9878", "CVE-2020-9879", "CVE-2020-9880", "CVE-2020-9881", "CVE-2020-9882", "CVE-2020-9883", "CVE-2020-9884", "CVE-2020-9885", "CVE-2020-9888", "CVE-2020-9889", "CVE-2020-9890", "CVE-2020-9891", "CVE-2020-9892", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9898", "CVE-2020-9900", "CVE-2020-9901", "CVE-2020-9902", "CVE-2020-9903", "CVE-2020-9904", "CVE-2020-9905", "CVE-2020-9906", "CVE-2020-9907", "CVE-2020-9909", "CVE-2020-9910", "CVE-2020-9911", "CVE-2020-9914", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9917", "CVE-2020-9918", "CVE-2020-9919", "CVE-2020-9920", "CVE-2020-9923", "CVE-2020-9925", "CVE-2020-9926", "CVE-2020-9931", "CVE-2020-9933", "CVE-2020-9934", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9940", "CVE-2020-9980", "CVE-2020-9984", "CVE-2020-9985"], "immutableFields": [], "lastseen": "2023-12-03T22:10:28", "viewCount": 30, "enchantments": {"affected_software": {"major_version": [{"name": "ios", "version": 13}, {"name": "ipados", "version": 13}]}, "affected_software_major_version": [{"name": "ios", "version": 13}, {"name": "ipados", "version": 13}], "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4451", "ALSA-2020:4497"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2019-19906", "ALPINE:CVE-2020-11758", "ALPINE:CVE-2020-11759", "ALPINE:CVE-2020-11760", "ALPINE:CVE-2020-11761", "ALPINE:CVE-2020-11762", "ALPINE:CVE-2020-11763", "ALPINE:CVE-2020-11764", "ALPINE:CVE-2020-11765", "ALPINE:CVE-2020-6514", "ALPINE:CVE-2020-9862", "ALPINE:CVE-2020-9893", "ALPINE:CVE-2020-9894", "ALPINE:CVE-2020-9895", "ALPINE:CVE-2020-9915", "ALPINE:CVE-2020-9925"]}, {"type": "altlinux", "idList": ["0640F47962C567B0E49F7AC8BE76AEB6", "DBC52D73079F30FC8FA1FCF0BE44CEBC"]}, {"type": "amazon", "idList": ["ALAS2-2020-1487", "ALAS2-2020-1499"]}, {"type": "apple", "idList": ["APPLE:0E1C386A7EBAE50F1A16EBD5FB86ED98", "APPLE:2B6F011ECD9EFE0F4D0983E7E6A91A15", "APPLE:362DE2664179C21B7B8FFF788120813E", "APPLE:3D7765FAAA5588336144E1B60D0B775E", "APPLE:47A6F4E1660238E39625B31A34F6CDF1", "APPLE:4CDA87B47F793E07ABCA7B9C9345521B", "APPLE:524576436C5FDCCC5080CD76C6051F20", "APPLE:717EB24E41379638A244FDCE287538E6", "APPLE:7B414D7D6363796AB8F0EB89C5EEC383", "APPLE:914AF8F52D4AB5DC92631271089CEE87", "APPLE:9AAA600C4496E1F352EC9F07A8BDC39B", "APPLE:AA62A80C9E6F6992009BCCB45F9D570E", "APPLE:BF1622028DAB7FB7B0D91852357DB961", "APPLE:HT211288", "APPLE:HT211289", "APPLE:HT211290", "APPLE:HT211291", "APPLE:HT211292", "APPLE:HT211293", "APPLE:HT211294", "APPLE:HT211295", "APPLE:HT211843", "APPLE:HT211844", "APPLE:HT211850", "APPLE:HT211931", "APPLE:HT211935", "APPLE:HT211952"]}, {"type": "attackerkb", "idList": ["AKB:75F81F32-FCA7-4ED1-BBC6-18A871505C58", "AKB:FBD23D1A-377F-4CD4-80F6-D224BC686AC6"]}, {"type": "cbl_mariner", "idList": ["CBLMARINER:1803", "CBLMARINER:6369"]}, {"type": "centos", "idList": ["CESA-2020:3233", "CESA-2020:3253", "CESA-2020:3344", "CESA-2020:3345", "CESA-2020:4039"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0802"]}, {"type": "checkpoint_security", "idList": ["CPS:SK164019"]}, {"type": "chrome", "idList": ["GCSA-7394511674302395818"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2020-9907", "CISA-KEV-CVE-2020-9934"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:4AEB9642322F59DD0FC7546535E6E115", "CFOUNDRY:FA8004154EABA0892471FE01E71BFD29"]}, {"type": "cve", "idList": ["CVE-2019-14899", "CVE-2019-19906", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-27933", "CVE-2020-6514", "CVE-2020-9862", "CVE-2020-9863", "CVE-2020-9865", "CVE-2020-9868", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9878", "CVE-2020-9879", "CVE-2020-9880", "CVE-2020-9881", "CVE-2020-9882", "CVE-2020-9883", "CVE-2020-9884", "CVE-2020-9885", "CVE-2020-9888", "CVE-2020-9889", "CVE-2020-9890", "CVE-2020-9891", "CVE-2020-9892", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9898", "CVE-2020-9900", "CVE-2020-9901", "CVE-2020-9902", "CVE-2020-9903", "CVE-2020-9904", "CVE-2020-9905", "CVE-2020-9906", "CVE-2020-9907", "CVE-2020-9909", "CVE-2020-9910", "CVE-2020-9911", "CVE-2020-9914", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9917", "CVE-2020-9918", "CVE-2020-9919", "CVE-2020-9920", "CVE-2020-9923", "CVE-2020-9925", "CVE-2020-9926", "CVE-2020-9931", "CVE-2020-9933", "CVE-2020-9934", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9940", "CVE-2020-9980", "CVE-2020-9984", "CVE-2020-9985"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2044-1:26388", "DEBIAN:DLA-2044-1:3FF98", "DEBIAN:DLA-2297-1:0FACA", "DEBIAN:DLA-2297-1:4B6B0", "DEBIAN:DLA-2310-1:89E38", "DEBIAN:DLA-2310-1:9AF6D", "DEBIAN:DLA-2358-1:F7DB9", "DEBIAN:DSA-4591-1:41FDD", "DEBIAN:DSA-4591-1:7B449", "DEBIAN:DSA-4736-1:A45B9", "DEBIAN:DSA-4739-1:5AEC6", "DEBIAN:DSA-4739-1:90328", "DEBIAN:DSA-4740-1:75F4C", "DEBIAN:DSA-4755-1:22E9E", "DEBIAN:DSA-4824-1:11EBB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-19906", "DEBIANCVE:CVE-2020-11758", "DEBIANCVE:CVE-2020-11759", "DEBIANCVE:CVE-2020-11760", "DEBIANCVE:CVE-2020-11761", "DEBIANCVE:CVE-2020-11762", "DEBIANCVE:CVE-2020-11763", "DEBIANCVE:CVE-2020-11764", "DEBIANCVE:CVE-2020-11765", "DEBIANCVE:CVE-2020-6514", "DEBIANCVE:CVE-2020-9862", "DEBIANCVE:CVE-2020-9893", "DEBIANCVE:CVE-2020-9894", "DEBIANCVE:CVE-2020-9895", "DEBIANCVE:CVE-2020-9915", "DEBIANCVE:CVE-2020-9925"]}, {"type": "f5", "idList": ["F5:K11155549"]}, {"type": "fedora", "idList": ["FEDORA:03034610C904", "FEDORA:248856062BF1", "FEDORA:2FCE26076F64", "FEDORA:6C5D23486BFA", "FEDORA:73D05317E17D", "FEDORA:9F70F610C901", "FEDORA:A56F0309448D", "FEDORA:CBE8E30B452C"]}, {"type": "freebsd", "idList": ["870D59B0-C6C4-11EA-8015-E09467587C17", "A80C6273-988C-11EC-83AC-080027415D17"]}, {"type": "gentoo", "idList": ["GLSA-202007-08", "GLSA-202007-61", "GLSA-202007-64", "GLSA-202101-30", "GLSA-202107-27"]}, {"type": "githubexploit", "idList": ["959B72B8-E40F-5FB7-BC9F-321AF7B232A3", "F07FDF5B-47F2-5458-994C-F4B75FC33AE1", "F08CFBD8-CE8A-5893-9225-D8C59C15A1A9"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:37BA7BA880E3167EF2FF653967274013", "GOOGLEPROJECTZERO:4005E94ECF3F5789538EB2C17ADC2322", "GOOGLEPROJECTZERO:5A17D6D88F3A5F89FA81F8F3E862BB6C", "GOOGLEPROJECTZERO:82BC34EA810EB3C377CA67B9E6698CC2", "GOOGLEPROJECTZERO:8D97E6A853D0492A3F60FD23D695FB73", "GOOGLEPROJECTZERO:91800FF4B3B97E581EBEE3342DED86A5", "GOOGLEPROJECTZERO:DC5C56AD10221A86E949EAE9E75DC0DB"]}, {"type": "ibm", "idList": ["5199A793C798CC1219F9D1C2D8AF0421740FF6B8AB1DE24E6D06BDDE45EB6EE4", "58ED30D428A984C724173FE0D7B9F5728CB2116FBB12CF0CA485901C18039F85", "6CB4EF3A076E2190B30084083521AA008A1E2F799850D429F0737446D33988B3", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "BDFA432EA62E6EFDD1DA5F84B4EE926C27FCF1125443F9D0EC5005B0FEE74C89"]}, {"type": "kaspersky", "idList": ["KLA11869", "KLA11919", "KLA11920", "KLA11921", "KLA11924", "KLA11926", "KLA12007"]}, {"type": "mageia", "idList": ["MGASA-2020-0011", "MGASA-2020-0189", "MGASA-2020-0318", "MGASA-2020-0320"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:762422C08BCD930748F1EED62A25716D"]}, {"type": "metasploit", "idList": ["MSF:POST-OSX-ESCALATE-TCCBYPASS-"]}, {"type": "mmpc", "idList": ["MMPC:103E36516D8F01093A2395B683168A00", "MMPC:10DBF457241AE10E84CFC3A60351ACCF"]}, {"type": "mozilla", "idList": ["MFSA2020-30", "MFSA2020-31", "MFSA2020-32", "MFSA2020-33", "MFSA2020-35"]}, {"type": "mscve", "idList": ["MS:ADV200002"]}, {"type": "mssecure", "idList": ["MSSECURE:103E36516D8F01093A2395B683168A00", "MSSECURE:10DBF457241AE10E84CFC3A60351ACCF"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1487.NASL", "AL2_ALAS-2020-1499.NASL", "ALMA_LINUX_ALSA-2020-4451.NASL", "ALMA_LINUX_ALSA-2020-4497.NASL", "CENTOS8_RHSA-2020-3241.NASL", "CENTOS8_RHSA-2020-3341.NASL", "CENTOS8_RHSA-2020-4451.NASL", "CENTOS8_RHSA-2020-4497.NASL", "CENTOS_RHSA-2020-3233.NASL", "CENTOS_RHSA-2020-3253.NASL", "CENTOS_RHSA-2020-3344.NASL", "CENTOS_RHSA-2020-3345.NASL", "CENTOS_RHSA-2020-4039.NASL", "DEBIAN_DLA-2044.NASL", "DEBIAN_DLA-2297.NASL", "DEBIAN_DLA-2310.NASL", "DEBIAN_DLA-2358.NASL", "DEBIAN_DSA-4591.NASL", "DEBIAN_DSA-4736.NASL", "DEBIAN_DSA-4739.NASL", "DEBIAN_DSA-4740.NASL", "DEBIAN_DSA-4755.NASL", "DEBIAN_DSA-4824.NASL", "EULEROS_SA-2020-1145.NASL", "EULEROS_SA-2020-1336.NASL", "EULEROS_SA-2020-1377.NASL", "EULEROS_SA-2020-1631.NASL", "EULEROS_SA-2020-2261.NASL", "EULEROS_SA-2020-2281.NASL", "EULEROS_SA-2021-1335.NASL", "EULEROS_SA-2021-1468.NASL", "EULEROS_SA-2021-1822.NASL", "EULEROS_SA-2021-2081.NASL", "EULEROS_SA-2022-2475.NASL", "FEDORA_2020-24B936A870.NASL", "FEDORA_2020-84D87CBD50.NASL", "FEDORA_2020-A496A39B00.NASL", "FEDORA_2020-BF684961D9.NASL", "FEDORA_2020-BF829F9A84.NASL", "FREEBSD_PKG_870D59B0C6C411EA8015E09467587C17.NASL", "FREEBSD_PKG_A80C6273988C11EC83AC080027415D17.NASL", "GENTOO_GLSA-202007-08.NASL", "GENTOO_GLSA-202007-61.NASL", "GENTOO_GLSA-202007-64.NASL", "GENTOO_GLSA-202101-30.NASL", "GENTOO_GLSA-202107-27.NASL", "GOOGLE_CHROME_84_0_4147_89.NASL", "MACOSX_GOOGLE_CHROME_84_0_4147_89.NASL", "MACOS_FIREFOX_68_11_ESR.NASL", "MACOS_FIREFOX_78_1_ESR.NASL", "MACOS_FIREFOX_79_0.NASL", "MACOS_HT211289.NASL", "MACOS_HT211931.NASL", "MACOS_THUNDERBIRD_68_11.NASL", "MACOS_THUNDERBIRD_78_1.NASL", "MICROSOFT_EDGE_CHROMIUM_84_0_522_40.NASL", "MOZILLA_FIREFOX_68_11_ESR.NASL", "MOZILLA_FIREFOX_78_1_ESR.NASL", "MOZILLA_FIREFOX_79_0.NASL", "MOZILLA_THUNDERBIRD_68_11.NASL", "MOZILLA_THUNDERBIRD_78_1.NASL", "NEWSTART_CGSL_NS-SA-2021-0002_THUNDERBIRD.NASL", "NEWSTART_CGSL_NS-SA-2021-0004_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2021-0006_THUNDERBIRD.NASL", "NEWSTART_CGSL_NS-SA-2021-0007_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2021-0031_OPENEXR.NASL", "NEWSTART_CGSL_NS-SA-2021-0052_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2021-0056_THUNDERBIRD.NASL", "NEWSTART_CGSL_NS-SA-2021-0059_WEBKIT2GTK3.NASL", "NEWSTART_CGSL_NS-SA-2021-0071_CYRUS-SASL.NASL", "NEWSTART_CGSL_NS-SA-2021-0137_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2021-0140_THUNDERBIRD.NASL", "NEWSTART_CGSL_NS-SA-2021-0149_OPENEXR.NASL", "OPENSUSE-2020-1020.NASL", "OPENSUSE-2020-1021.NASL", "OPENSUSE-2020-1147.NASL", "OPENSUSE-2020-1148.NASL", "OPENSUSE-2020-1155.NASL", "OPENSUSE-2020-1172.NASL", "OPENSUSE-2020-1179.NASL", "OPENSUSE-2020-1189.NASL", "OPENSUSE-2020-1205.NASL", "OPENSUSE-2020-1256.NASL", "OPENSUSE-2020-1275.NASL", "OPENSUSE-2020-682.NASL", "ORACLELINUX_ELSA-2020-3233.NASL", "ORACLELINUX_ELSA-2020-3241.NASL", "ORACLELINUX_ELSA-2020-3253.NASL", "ORACLELINUX_ELSA-2020-3341.NASL", "ORACLELINUX_ELSA-2020-3344.NASL", "ORACLELINUX_ELSA-2020-3345.NASL", "ORACLELINUX_ELSA-2020-4039.NASL", "ORACLELINUX_ELSA-2020-4451.NASL", "ORACLELINUX_ELSA-2020-4497.NASL", "PHOTONOS_PHSA-2020-1_0-0283_CYRUS.NASL", "PHOTONOS_PHSA-2020-3_0-0077_CYRUS.NASL", "REDHAT-RHSA-2020-3229.NASL", "REDHAT-RHSA-2020-3233.NASL", "REDHAT-RHSA-2020-3241.NASL", "REDHAT-RHSA-2020-3253.NASL", "REDHAT-RHSA-2020-3254.NASL", "REDHAT-RHSA-2020-3341.NASL", "REDHAT-RHSA-2020-3342.NASL", "REDHAT-RHSA-2020-3343.NASL", "REDHAT-RHSA-2020-3344.NASL", "REDHAT-RHSA-2020-3345.NASL", "REDHAT-RHSA-2020-3377.NASL", "REDHAT-RHSA-2020-4039.NASL", "REDHAT-RHSA-2020-4451.NASL", "REDHAT-RHSA-2020-4497.NASL", "ROCKY_LINUX_RLSA-2020-4451.NASL", "ROCKY_LINUX_RLSA-2020-4497.NASL", "SLACKWARE_SSA_2020-213-01.NASL", "SLACKWARE_SSA_2022-055-01.NASL", "SL_20200730_FIREFOX_ON_SL6_X.NASL", "SL_20200730_FIREFOX_ON_SL7_X.NASL", "SL_20200806_THUNDERBIRD_ON_SL6_X.NASL", "SL_20200806_THUNDERBIRD_ON_SL7_X.NASL", "SL_20201001_OPENEXR_ON_SL7_X.NASL", "SUSE_SU-2020-1292-1.NASL", "SUSE_SU-2020-1293-1.NASL", "SUSE_SU-2020-14456-1.NASL", "SUSE_SU-2020-14579-1.NASL", "SUSE_SU-2020-2100-1.NASL", "SUSE_SU-2020-2118-1.NASL", "SUSE_SU-2020-2147-1.NASL", "SUSE_SU-2020-2198-1.NASL", "SUSE_SU-2020-2199-1.NASL", "SUSE_SU-2020-2232-1.NASL", "SUSE_SU-2020-3939-1.NASL", "SUSE_SU-2022-3549-1.NASL", "UBUNTU_USN-4256-1.NASL", "UBUNTU_USN-4339-1.NASL", "UBUNTU_USN-4443-1.NASL", "UBUNTU_USN-4444-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704591", "OPENVAS:1361412562310844313", "OPENVAS:1361412562310844403", "OPENVAS:1361412562310853164", "OPENVAS:1361412562310877653", "OPENVAS:1361412562310877666", "OPENVAS:1361412562310877847", "OPENVAS:1361412562310877857", "OPENVAS:1361412562310892044", "OPENVAS:1361412562311220201145", "OPENVAS:1361412562311220201336", "OPENVAS:1361412562311220201377", "OPENVAS:1361412562311220201631"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3233", "ELSA-2020-3241", "ELSA-2020-3253", "ELSA-2020-3341", "ELSA-2020-3344", "ELSA-2020-3345", "ELSA-2020-4039", "ELSA-2020-4451", "ELSA-2020-4497"]}, {"type": "osv", "idList": ["OSV:DLA-2044-1", "OSV:DLA-2310-1", "OSV:DLA-2358-1", "OSV:DSA-4591-1", "OSV:DSA-4736-1", "OSV:DSA-4739-1", "OSV:DSA-4740-1", "OSV:DSA-4755-1", "OSV:DSA-4824-1"]}, {"type": "photon", "idList": ["PHSA-2020-0077", "PHSA-2020-0216", "PHSA-2020-0283", "PHSA-2020-1.0-0283", "PHSA-2020-2.0-0216", "PHSA-2020-3.0-0077"]}, {"type": "prion", "idList": ["PRION:CVE-2019-14899", "PRION:CVE-2019-19906", "PRION:CVE-2020-11758", "PRION:CVE-2020-11759", "PRION:CVE-2020-11760", "PRION:CVE-2020-11761", "PRION:CVE-2020-11762", "PRION:CVE-2020-11763", "PRION:CVE-2020-11764", "PRION:CVE-2020-11765", "PRION:CVE-2020-27933", "PRION:CVE-2020-6514", "PRION:CVE-2020-9862", "PRION:CVE-2020-9863", "PRION:CVE-2020-9865", "PRION:CVE-2020-9868", "PRION:CVE-2020-9871", "PRION:CVE-2020-9872", "PRION:CVE-2020-9873", "PRION:CVE-2020-9874", "PRION:CVE-2020-9875", "PRION:CVE-2020-9876", "PRION:CVE-2020-9877", "PRION:CVE-2020-9878", "PRION:CVE-2020-9879", "PRION:CVE-2020-9880", "PRION:CVE-2020-9881", "PRION:CVE-2020-9882", "PRION:CVE-2020-9883", "PRION:CVE-2020-9884", "PRION:CVE-2020-9885", "PRION:CVE-2020-9888", "PRION:CVE-2020-9889", "PRION:CVE-2020-9890", "PRION:CVE-2020-9891", "PRION:CVE-2020-9892", "PRION:CVE-2020-9893", "PRION:CVE-2020-9894", "PRION:CVE-2020-9895", "PRION:CVE-2020-9898", "PRION:CVE-2020-9900", "PRION:CVE-2020-9901", "PRION:CVE-2020-9902", "PRION:CVE-2020-9903", "PRION:CVE-2020-9904", "PRION:CVE-2020-9905", "PRION:CVE-2020-9906", "PRION:CVE-2020-9907", "PRION:CVE-2020-9909", "PRION:CVE-2020-9910", "PRION:CVE-2020-9911", "PRION:CVE-2020-9914", "PRION:CVE-2020-9915", "PRION:CVE-2020-9916", "PRION:CVE-2020-9917", "PRION:CVE-2020-9918", "PRION:CVE-2020-9919", "PRION:CVE-2020-9920", "PRION:CVE-2020-9923", "PRION:CVE-2020-9925", "PRION:CVE-2020-9926", "PRION:CVE-2020-9931", "PRION:CVE-2020-9933", "PRION:CVE-2020-9934", "PRION:CVE-2020-9936", "PRION:CVE-2020-9937", "PRION:CVE-2020-9938", "PRION:CVE-2020-9940", "PRION:CVE-2020-9980", "PRION:CVE-2020-9984", "PRION:CVE-2020-9985"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:5586742AC0F1C66F56B3583482B0960A"]}, {"type": "redhat", "idList": ["RHSA-2020:3229", "RHSA-2020:3233", "RHSA-2020:3241", "RHSA-2020:3253", "RHSA-2020:3254", "RHSA-2020:3341", "RHSA-2020:3342", "RHSA-2020:3343", "RHSA-2020:3344", "RHSA-2020:3345", "RHSA-2020:3377", "RHSA-2020:4039", "RHSA-2020:4451", "RHSA-2020:4497", "RHSA-2020:5149", "RHSA-2020:5364", "RHSA-2020:5605", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:0050", "RHSA-2021:0146", "RHSA-2021:0190", "RHSA-2021:0436", "RHSA-2021:0799", "RHSA-2021:2021", "RHSA-2021:3016", "RHSA-2022:0056", "RHSA-2022:5924"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-14899", "RH:CVE-2019-19906", "RH:CVE-2020-11758", "RH:CVE-2020-11759", "RH:CVE-2020-11760", "RH:CVE-2020-11761", "RH:CVE-2020-11762", "RH:CVE-2020-11763", "RH:CVE-2020-11764", "RH:CVE-2020-11765", "RH:CVE-2020-6514", "RH:CVE-2020-9862", "RH:CVE-2020-9893", "RH:CVE-2020-9894", "RH:CVE-2020-9895", "RH:CVE-2020-9915", "RH:CVE-2020-9925"]}, {"type": "rocky", "idList": ["RLSA-2020:4451", "RLSA-2020:4497"]}, {"type": "slackware", "idList": ["SSA-2020-213-01", "SSA-2022-055-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0682-1", "OPENSUSE-SU-2020:1020-1", "OPENSUSE-SU-2020:1021-1", "OPENSUSE-SU-2020:1048-1", "OPENSUSE-SU-2020:1061-1", "OPENSUSE-SU-2020:1147-1", "OPENSUSE-SU-2020:1148-1", "OPENSUSE-SU-2020:1155-1", "OPENSUSE-SU-2020:1172-1", "OPENSUSE-SU-2020:1179-1", "OPENSUSE-SU-2020:1189-1", "OPENSUSE-SU-2020:1205-1", "OPENSUSE-SU-2020:1256-1", "OPENSUSE-SU-2020:1275-1"]}, {"type": "symantec", "idList": ["SMNTC-111104"]}, {"type": "thn", "idList": ["THN:4376782A3F009FEED68FDD2022A11EF5", "THN:6C6DB9D0EB45968D3949F2CAE1BCFEFF", "THN:6D9C30F48BF06002190A9401A9E9AFC8", "THN:C19BDA30D2242223E7A434F1E4051E68", "THN:FD10C34E4C222666AC0DBB5533C900AF"]}, {"type": "threatpost", "idList": ["THREATPOST:2B3917ECB87C4A3C315132D8E32C1073", "THREATPOST:65CDAAFAA856DA03BD3115E8BC92F1A0", "THREATPOST:C90531BC1E0B38F400111112E4CBEF3A"]}, {"type": "ubuntu", "idList": ["USN-4256-1", "USN-4339-1", "USN-4443-1", "USN-4444-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-14899", "UB:CVE-2019-19906", "UB:CVE-2020-11758", "UB:CVE-2020-11759", "UB:CVE-2020-11760", "UB:CVE-2020-11761", "UB:CVE-2020-11762", "UB:CVE-2020-11763", "UB:CVE-2020-11764", "UB:CVE-2020-11765", "UB:CVE-2020-6514", "UB:CVE-2020-9862", "UB:CVE-2020-9893", "UB:CVE-2020-9894", "UB:CVE-2020-9895", "UB:CVE-2020-9915", "UB:CVE-2020-9925", "UB:CVE-2020-9926"]}, {"type": "veracode", "idList": ["VERACODE:26003", "VERACODE:26086", "VERACODE:26087", "VERACODE:26090", "VERACODE:26097", "VERACODE:26235", "VERACODE:26239", "VERACODE:27290", "VERACODE:27291", "VERACODE:27292", "VERACODE:27809", "VERACODE:28450", "VERACODE:28451", "VERACODE:28452", "VERACODE:28453", "VERACODE:28454"]}, {"type": "zdi", "idList": ["ZDI-20-1183", "ZDI-20-1185", "ZDI-20-1238", "ZDI-20-1389", "ZDI-20-1391", "ZDI-20-907", "ZDI-20-908", "ZDI-20-909", "ZDI-20-910", "ZDI-20-938"]}, {"type": "zdt", "idList": ["1337DAY-ID-34769", "1337DAY-ID-34832"]}]}, "score": {"value": 9.9, "uncertanity": 0.1, "vector": "NONE"}, "epss": [{"cve": "CVE-2019-14899", "epss": 0.00046, "percentile": 0.14044, "modified": "2023-05-02"}, {"cve": "CVE-2019-19906", "epss": 0.00196, "percentile": 0.55932, "modified": "2023-05-01"}, {"cve": "CVE-2020-11758", "epss": 0.00081, "percentile": 0.33121, "modified": "2023-05-01"}, {"cve": "CVE-2020-11759", "epss": 0.00086, "percentile": 0.3492, "modified": "2023-05-01"}, {"cve": "CVE-2020-11760", "epss": 0.00081, "percentile": 0.33121, "modified": "2023-05-01"}, {"cve": "CVE-2020-11761", "epss": 0.00081, "percentile": 0.33121, "modified": "2023-05-01"}, {"cve": "CVE-2020-11762", "epss": 0.00081, "percentile": 0.33121, "modified": "2023-05-01"}, {"cve": "CVE-2020-11763", "epss": 0.00081, "percentile": 0.33121, "modified": "2023-05-01"}, {"cve": "CVE-2020-11764", "epss": 0.00086, "percentile": 0.3492, "modified": "2023-05-01"}, {"cve": "CVE-2020-11765", "epss": 0.00081, "percentile": 0.33121, "modified": "2023-05-01"}, {"cve": "CVE-2020-27933", "epss": 0.00086, "percentile": 0.35035, "modified": "2023-05-01"}, {"cve": "CVE-2020-6514", "epss": 0.002, "percentile": 0.56332, "modified": "2023-05-01"}, {"cve": "CVE-2020-9862", "epss": 0.00116, "percentile": 0.44023, "modified": "2023-05-01"}, {"cve": "CVE-2020-9863", "epss": 0.00082, "percentile": 0.33663, "modified": "2023-05-01"}, {"cve": "CVE-2020-9865", "epss": 0.00079, "percentile": 0.32381, "modified": "2023-05-01"}, {"cve": "CVE-2020-9868", "epss": 0.00116, "percentile": 0.44087, "modified": "2023-05-01"}, {"cve": "CVE-2020-9871", "epss": 0.00105, "percentile": 0.41348, "modified": "2023-05-01"}, {"cve": "CVE-2020-9872", "epss": 0.00105, "percentile": 0.41348, "modified": "2023-05-01"}, {"cve": "CVE-2020-9873", "epss": 0.00082, "percentile": 0.3342, "modified": "2023-05-01"}, {"cve": "CVE-2020-9874", "epss": 0.00105, "percentile": 0.41348, "modified": "2023-05-01"}, {"cve": "CVE-2020-9875", "epss": 0.00113, "percentile": 0.43358, "modified": "2023-05-01"}, {"cve": "CVE-2020-9876", "epss": 0.00108, "percentile": 0.42303, "modified": "2023-05-01"}, {"cve": "CVE-2020-9877", "epss": 0.00082, "percentile": 0.3342, "modified": "2023-05-01"}, {"cve": "CVE-2020-9878", "epss": 0.00124, "percentile": 0.45403, "modified": "2023-05-01"}, {"cve": "CVE-2020-9879", "epss": 0.00105, "percentile": 0.41348, "modified": "2023-05-01"}, {"cve": "CVE-2020-9880", "epss": 0.001, "percentile": 0.40036, "modified": "2023-05-01"}, {"cve": "CVE-2020-9881", "epss": 0.00105, "percentile": 0.41372, "modified": "2023-05-01"}, {"cve": "CVE-2020-9882", "epss": 0.00105, "percentile": 0.41372, "modified": "2023-05-01"}, {"cve": "CVE-2020-9883", "epss": 0.00095, "percentile": 0.38765, "modified": "2023-05-01"}, {"cve": "CVE-2020-9884", "epss": 0.00065, "percentile": 0.26801, "modified": "2023-05-01"}, {"cve": "CVE-2020-9885", "epss": 0.00058, "percentile": 0.22566, "modified": "2023-05-01"}, {"cve": "CVE-2020-9888", "epss": 0.00098, "percentile": 0.39392, "modified": "2023-05-01"}, {"cve": "CVE-2020-9889", "epss": 0.0009, "percentile": 0.37183, "modified": "2023-05-01"}, {"cve": "CVE-2020-9890", "epss": 0.00098, "percentile": 0.39392, "modified": "2023-05-01"}, {"cve": "CVE-2020-9891", "epss": 0.00098, "percentile": 0.39392, "modified": "2023-05-01"}, {"cve": "CVE-2020-9892", "epss": 0.00082, "percentile": 0.33663, "modified": "2023-05-01"}, {"cve": "CVE-2020-9893", "epss": 0.00989, "percentile": 0.81301, "modified": "2023-05-01"}, {"cve": "CVE-2020-9894", "epss": 0.00351, "percentile": 0.67655, "modified": "2023-05-01"}, {"cve": "CVE-2020-9895", "epss": 0.01934, "percentile": 0.86898, "modified": "2023-05-01"}, {"cve": "CVE-2020-9898", "epss": 0.00221, "percentile": 0.58818, "modified": "2023-05-01"}, {"cve": "CVE-2020-9900", "epss": 0.00042, "percentile": 0.05657, "modified": "2023-05-01"}, {"cve": "CVE-2020-9901", "epss": 0.00042, "percentile": 0.05657, "modified": "2023-05-01"}, {"cve": "CVE-2020-9902", "epss": 0.00062, "percentile": 0.24348, "modified": "2023-05-01"}, {"cve": "CVE-2020-9903", "epss": 0.00071, "percentile": 0.2894, "modified": "2023-05-01"}, {"cve": "CVE-2020-9904", "epss": 0.00082, "percentile": 0.33663, "modified": "2023-05-01"}, {"cve": "CVE-2020-9905", "epss": 0.00378, "percentile": 0.68785, "modified": "2023-05-01"}, {"cve": "CVE-2020-9906", "epss": 0.00294, "percentile": 0.64581, "modified": "2023-05-01"}, {"cve": "CVE-2020-9907", "epss": 0.0016, "percentile": 0.51131, "modified": "2023-05-01"}, {"cve": "CVE-2020-9909", "epss": 0.00167, "percentile": 0.51915, "modified": "2023-05-01"}, {"cve": "CVE-2020-9910", "epss": 0.00356, "percentile": 0.67843, "modified": "2023-05-01"}, {"cve": "CVE-2020-9911", "epss": 0.00159, "percentile": 0.50972, "modified": "2023-05-01"}, {"cve": "CVE-2020-9914", "epss": 0.00101, "percentile": 0.40088, "modified": "2023-05-01"}, {"cve": "CVE-2020-9915", "epss": 0.00196, "percentile": 0.56006, "modified": "2023-05-01"}, {"cve": "CVE-2020-9916", "epss": 0.00164, "percentile": 0.51582, "modified": "2023-05-01"}, {"cve": "CVE-2020-9917", "epss": 0.00178, "percentile": 0.53502, "modified": "2023-05-01"}, {"cve": "CVE-2020-9918", "epss": 0.00427, "percentile": 0.70558, "modified": "2023-05-01"}, {"cve": "CVE-2020-9919", "epss": 0.0011, "percentile": 0.42625, "modified": "2023-05-01"}, {"cve": "CVE-2020-9920", "epss": 0.00155, "percentile": 0.50356, "modified": "2023-05-01"}, {"cve": "CVE-2020-9923", "epss": 0.00076, "percentile": 0.30834, "modified": "2023-05-01"}, {"cve": "CVE-2020-9925", "epss": 0.00234, "percentile": 0.59928, "modified": "2023-05-01"}, {"cve": "CVE-2020-9926", "epss": 0.00086, "percentile": 0.35035, "modified": "2023-05-01"}, {"cve": "CVE-2020-9931", "epss": 0.00186, "percentile": 0.54395, "modified": "2023-05-01"}, {"cve": "CVE-2020-9933", "epss": 0.0006, "percentile": 0.23225, "modified": "2023-05-01"}, {"cve": "CVE-2020-9934", "epss": 0.00116, "percentile": 0.44093, "modified": "2023-05-01"}, {"cve": "CVE-2020-9936", "epss": 0.00157, "percentile": 0.50709, "modified": "2023-05-01"}, {"cve": "CVE-2020-9937", "epss": 0.00105, "percentile": 0.41348, "modified": "2023-05-01"}, {"cve": "CVE-2020-9938", "epss": 0.00082, "percentile": 0.3342, "modified": "2023-05-01"}, {"cve": "CVE-2020-9940", "epss": 0.00105, "percentile": 0.41372, "modified": "2023-05-01"}, {"cve": "CVE-2020-9980", "epss": 0.00082, "percentile": 0.33663, "modified": "2023-05-01"}, {"cve": "CVE-2020-9984", "epss": 0.00082, "percentile": 0.3342, "modified": "2023-05-01"}, {"cve": "CVE-2020-9985", "epss": 0.00105, "percentile": 0.41372, "modified": "2023-05-01"}], "vulnersScore": 9.9}, "_state": {"affected_software_major_version": 0, "dependencies": 1701641430, "score": 1701641633, "epss": 0}, "_internal": {"score_hash": "3a81eac6642cdd5262617763446ae577"}, "affectedSoftware": [{"version": "13.6", "operator": "lt", "name": "ios"}, {"version": "13.6", "operator": "lt", "name": "ipados"}]}

{"apple": [{"lastseen": "2020-12-24T20:42:02", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## tvOS 13.4.8\n\nReleased July 15, 2020\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro Zero Day Initiative\n\nCVE-2020-9889: Anonymous working with Trend Micro\u2019s Zero Day Initiative, JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9888: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9890: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9891: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**AVEVideoEncoder**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9907: 08Tc3wBB working with ZecOps\n\nEntry added July 28, 2020, updated August 31, 2020\n\n**CoreGraphics**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added July 28, 2020, updated December 15, 2020\n\n**Crash Reporter**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud\n\n**Crash Reporter**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9900: Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 10, 2020\n\n**FontParser**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added September 21, 2020, updated October 19, 2020\n\n**GeoServices**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to read sensitive location information\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.\n\n**iAP**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2020-9914: Andy Davis of NCC Group\n\nEntry updated July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\nEntry added July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry added July 28, 2020, updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added August 10, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9909: Brandon Azad of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9904: Tielei Wang of Pangu Lab\n\nEntry added July 28, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9863: Xinru Chi of Pangu Lab\n\nEntry updated August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed with improved state management.\n\nCVE-2020-9892: Andy Nguyen of Google\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9905: Raz Mashat (@RazMashat) of ZecOps\n\nEntry added August 31, 2020\n\n**Model I/O**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Model I/O**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9940: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate\n\nDescription: A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation.\n\nCVE-2020-9868: Brian Wolff of Asana\n\nEntry added July 28, 2020\n\n**sysdiagnose**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9901: Tim Michaud (@TimGMichaud) of Leviathan, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 10, 2020, updated August 31, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\nEntry updated July 28, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n**WebRTC**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker in a privileged network position may be able to cause heap corruption via a crafted SCTP stream\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-6514: Natalie Silvanovich of Google Project Zero\n\nEntry added September 21, 2020\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)\n\n\n\n## Additional recognition\n\n**CoreFoundation**\n\nWe would like to acknowledge Bobby Pelletier for their assistance.\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n", "edition": 12, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T05:58:45", "title": "About the security content of tvOS 13.4.8 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9871", "CVE-2020-9884", "CVE-2020-9889", "CVE-2020-9905", "CVE-2020-9868", "CVE-2020-9874", "CVE-2020-9907", "CVE-2020-11761", "CVE-2020-9933", "CVE-2020-9862", "CVE-2020-9883", "CVE-2020-9984", "CVE-2020-9904", "CVE-2020-9894", "CVE-2020-11763", "CVE-2020-9914", "CVE-2020-11765", "CVE-2020-9901", "CVE-2020-9891", "CVE-2020-9876", "CVE-2020-9875", "CVE-2020-9910", "CVE-2020-9925", "CVE-2020-9895", "CVE-2020-9938", "CVE-2020-9940", "CVE-2020-9888", "CVE-2020-9916", "CVE-2019-14899", "CVE-2020-9880", "CVE-2020-9877", "CVE-2020-9919", "CVE-2020-9865", "CVE-2020-11758", "CVE-2020-9863", "CVE-2020-6514", "CVE-2020-11760", "CVE-2020-9900", "CVE-2020-9879", "CVE-2020-9878", "CVE-2020-9893", "CVE-2020-9980", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-9915", "CVE-2020-11762", "CVE-2020-9936", "CVE-2020-9918", "CVE-2020-9902", "CVE-2020-9892", "CVE-2020-9909", "CVE-2020-9890", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9937"], "modified": "2020-12-15T05:58:45", "id": "APPLE:HT211290", "href": "https://support.apple.com/kb/HT211290", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:53", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 13.6 and iPadOS 13.6\n\nReleased July 15, 2020\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9888: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9890: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9891: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro Zero Day Initiative\n\nCVE-2020-9889: Anonymous working with Trend Micro\u2019s Zero Day Initiative, JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**AVEVideoEncoder**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9907: 08Tc3wBB working with ZecOps\n\nEntry added July 24, 2020, updated August 31, 2020\n\n**Bluetooth**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may cause an unexpected application termination\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9931: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab\n\n**CoreFoundation**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local user may be able to view sensitive user information\n\nDescription: An issue existed in the handling of environment variables. This issue was addressed with improved validation.\n\nCVE-2020-9934: Matt Shockley (linkedin.com/in/shocktop)\n\nEntry updated August 5, 2020\n\n**CoreGraphics**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added July 24, 2020, updated December 15, 2020\n\n**Crash Reporter**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud\n\n**Crash Reporter**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9900: Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020\n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added September 21, 2020, updated October 19, 2020\n\n**GeoServices**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to read sensitive location information\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.\n\n**iAP**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2020-9914: Andy Davis of NCC Group\n\nEntry updated July 24, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry added July 24, 2020, updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added August 5, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9923: Proteas\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9909: Brandon Azad of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9904: Tielei Wang of Pangu Lab\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9863: Xinru Chi of Pangu Lab\n\nEntry updated August 5, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed with improved state management.\n\nCVE-2020-9892: Andy Nguyen of Google\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9905: Raz Mashat (@RazMashat) of ZecOps\n\nEntry added August 5, 2020\n\n**Mail**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2019-19906\n\nEntry added July 24, 2020, updated September 8, 2020\n\n**Mail**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious mail server may overwrite arbitrary mail files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9920: YongYue Wang AKA BigChan of Hillstone Networks AF Team\n\nEntry added July 24, 2020\n\n**Messages**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A user that is removed from an iMessage group could rejoin the group\n\nDescription: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification.\n\nCVE-2020-9885: an anonymous researcher, Suryansh Mansharamani of WWP High School North (medium.com/@suryanshmansha)\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9881: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9882: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9940: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9985: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry updated September 21, 2020\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Safari Login AutoFill**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious attacker may cause Safari to suggest a password for the wrong domain\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9903: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**Safari Reader**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9911: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**Security**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate\n\nDescription: A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation.\n\nCVE-2020-9868: Brian Wolff of Asana\n\nEntry added July 24, 2020\n\n**sysdiagnose**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9901: Tim Michaud (@TimGMichaud) of Leviathan, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020, updated August 31, 2020\n\n**WebDAV**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2020-9898: Sreejith Krishnan R (@skr0x1C0)\n\nEntry added September 8, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\nEntry updated July 24, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n**WebRTC**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged network position may be able to cause heap corruption via a crafted SCTP stream\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-6514: Natalie Silvanovich of Google Project Zero\n\nEntry added September 21, 2020\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9906: Ian Beer of Google Project Zero\n\nEntry added July 24, 2020\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9917: Pradeep Deokate of Harman, Stefan B\u00f6hrer at Daimler AG, proofnet.de\n\nEntry updated July 24, 2020\n\n\n\n## Additional recognition\n\n**Bluetooth**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**CoreFoundation**\n\nWe would like to acknowledge Bobby Pelletier for their assistance.\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\n**USB Audio**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n", "edition": 12, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T05:18:44", "title": "About the security content of iOS 13.6 and iPadOS 13.6 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9871", "CVE-2019-19906", "CVE-2020-9884", "CVE-2020-9889", "CVE-2020-9905", "CVE-2020-9868", "CVE-2020-9874", "CVE-2020-9907", "CVE-2020-11761", "CVE-2020-9933", "CVE-2020-9862", "CVE-2020-9883", "CVE-2020-9885", "CVE-2020-9906", "CVE-2020-9984", "CVE-2020-9904", "CVE-2020-9894", "CVE-2020-11763", "CVE-2020-9914", "CVE-2020-11765", "CVE-2020-9901", "CVE-2020-9891", "CVE-2020-9876", "CVE-2020-9903", "CVE-2020-9875", "CVE-2020-9910", "CVE-2020-9925", "CVE-2020-9898", "CVE-2020-9895", "CVE-2020-9911", "CVE-2020-9938", "CVE-2020-9940", "CVE-2020-9888", "CVE-2020-9934", "CVE-2020-9916", "CVE-2020-9923", "CVE-2019-14899", "CVE-2020-9880", "CVE-2020-9877", "CVE-2020-9917", "CVE-2020-9919", "CVE-2020-9865", "CVE-2020-11758", "CVE-2020-9863", "CVE-2020-6514", "CVE-2020-11760", "CVE-2020-9931", "CVE-2020-9900", "CVE-2020-9879", "CVE-2020-9878", "CVE-2020-9893", "CVE-2020-9920", "CVE-2020-9985", "CVE-2020-9980", "CVE-2020-11759", "CVE-2020-9882", "CVE-2020-11764", "CVE-2020-9915", "CVE-2020-11762", "CVE-2020-9936", "CVE-2020-9918", "CVE-2020-9902", "CVE-2020-9881", "CVE-2020-9892", "CVE-2020-9909", "CVE-2020-9890", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9937"], "modified": "2020-12-15T05:18:44", "id": "APPLE:HT211288", "href": "https://support.apple.com/kb/HT211288", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T22:10:33", "description": "# About the security content of watchOS 6.2.8\n\nThis document describes the security content of watchOS 6.2.8.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## watchOS 6.2.8\n\nReleased July 15, 2020\n\n**Audio**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro Zero Day Initiative\n\nCVE-2020-9889: Anonymous working with Trend Micro\u2019s Zero Day Initiative, JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**Audio**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9888: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9890: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9891: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**CoreGraphics**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added July 28, 2020, updated December 15, 2020\n\n**Crash Reporter**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud\n\n**Crash Reporter**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9900: Cees Elzinga, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 10, 2020, updated December 17, 2021 \n\n**FontParser**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added September 21, 2020, updated October 19, 2020\n\n**GeoServices**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to read sensitive location information\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27933: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\nEntry added July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry added July 28, 2020, updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added August 10, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9923: Proteas\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9909: Brandon Azad of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9904: Tielei Wang of Pangu Lab\n\nEntry added July 28, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9863: Xinru Chi of Pangu Lab\n\nEntry updated August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed with improved state management.\n\nCVE-2020-9892: Andy Nguyen of Google\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9997: Catalin Valeriu Lita of SecurityScorecard\n\nEntry added September 21, 2020\n\n**libxml2**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9926: Found by OSS-Fuzz\n\nEntry added March 16, 2021\n\n**Mail**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious mail server may overwrite arbitrary mail files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9920: YongYue Wang AKA BigChan of Hillstone Networks AF Team\n\nEntry added July 28, 2020\n\n**Messages**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A user that is removed from an iMessage group could rejoin the group\n\nDescription: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification.\n\nCVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha)\n\n**Model I/O**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Model I/O**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9881: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9882: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9985: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Security**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate\n\nDescription: A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation.\n\nCVE-2020-9868: Brian Wolff of Asana\n\nEntry added July 28, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\nEntry updated July 28, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n**WebRTC**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker in a privileged network position may be able to cause heap corruption via a crafted SCTP stream\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-6514: natashenka of Google Project Zero\n\nEntry added September 21, 2020\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9906: Ian Beer of Google Project Zero\n\nEntry added July 28, 2020\n\n## Additional recognition\n\n**CoreFoundation**\n\nWe would like to acknowledge Bobby Pelletier for their assistance.\n\nEntry added September 8, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-15T00:00:00", "type": "apple", "title": "About the security content of watchOS 6.2.8", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-27933", "CVE-2020-6514", "CVE-2020-9862", "CVE-2020-9863", "CVE-2020-9865", "CVE-2020-9868", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9878", "CVE-2020-9879", "CVE-2020-9880", "CVE-2020-9881", "CVE-2020-9882", "CVE-2020-9883", "CVE-2020-9884", "CVE-2020-9885", "CVE-2020-9888", "CVE-2020-9889", "CVE-2020-9890", "CVE-2020-9891", "CVE-2020-9892", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9900", "CVE-2020-9902", "CVE-2020-9904", "CVE-2020-9906", "CVE-2020-9909", "CVE-2020-9910", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9918", "CVE-2020-9919", "CVE-2020-9920", "CVE-2020-9923", "CVE-2020-9925", "CVE-2020-9926", "CVE-2020-9933", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9980", "CVE-2020-9984", "CVE-2020-9985", "CVE-2020-9997"], "modified": "2020-07-15T00:00:00", "id": "APPLE:362DE2664179C21B7B8FFF788120813E", "href": "https://support.apple.com/kb/HT211291", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:44", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 6.2.8\n\nReleased July 15, 2020\n\n**Audio**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro Zero Day Initiative\n\nCVE-2020-9889: Anonymous working with Trend Micro\u2019s Zero Day Initiative, JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**Audio**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9888: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9890: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9891: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**CoreGraphics**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added July 28, 2020, updated December 15, 2020\n\n**Crash Reporter**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud\n\n**Crash Reporter**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9900: Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 10, 2020\n\n**FontParser**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added September 21, 2020, updated October 19, 2020\n\n**GeoServices**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to read sensitive location information\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\nEntry added July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry added July 28, 2020, updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added August 10, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9923: Proteas\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9909: Brandon Azad of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9904: Tielei Wang of Pangu Lab\n\nEntry added July 28, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9863: Xinru Chi of Pangu Lab\n\nEntry updated August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed with improved state management.\n\nCVE-2020-9892: Andy Nguyen of Google\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9997: Catalin Valeriu Lita of SecurityScorecard\n\nEntry added September 21, 2020\n\n**Mail**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious mail server may overwrite arbitrary mail files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9920: YongYue Wang AKA BigChan of Hillstone Networks AF Team\n\nEntry added July 28, 2020\n\n**Messages**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A user that is removed from an iMessage group could rejoin the group\n\nDescription: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification.\n\nCVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha)\n\n**Model I/O**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Model I/O**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9881: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9882: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9985: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Security**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate\n\nDescription: A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation.\n\nCVE-2020-9868: Brian Wolff of Asana\n\nEntry added July 28, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\nEntry updated July 28, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n**WebRTC**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker in a privileged network position may be able to cause heap corruption via a crafted SCTP stream\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-6514: Natalie Silvanovich of Google Project Zero\n\nEntry added September 21, 2020\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9906: Ian Beer of Google Project Zero\n\nEntry added July 28, 2020\n\n\n\n## Additional recognition\n\n**CoreFoundation**\n\nWe would like to acknowledge Bobby Pelletier for their assistance.\n\nEntry added September 8, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T05:53:50", "title": "About the security content of watchOS 6.2.8 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9871", "CVE-2020-9884", "CVE-2020-9889", "CVE-2020-9868", "CVE-2020-9874", "CVE-2020-11761", "CVE-2020-9933", "CVE-2020-9862", "CVE-2020-9883", "CVE-2020-9885", "CVE-2020-9906", "CVE-2020-9984", "CVE-2020-9904", "CVE-2020-9894", "CVE-2020-11763", "CVE-2020-11765", "CVE-2020-9891", "CVE-2020-9876", "CVE-2020-9875", "CVE-2020-9910", "CVE-2020-9925", "CVE-2020-9895", "CVE-2020-9938", "CVE-2020-9888", "CVE-2020-9916", "CVE-2020-9923", "CVE-2020-9880", "CVE-2020-9877", "CVE-2020-9919", "CVE-2020-9865", "CVE-2020-11758", "CVE-2020-9863", "CVE-2020-6514", "CVE-2020-11760", "CVE-2020-9900", "CVE-2020-9879", "CVE-2020-9878", "CVE-2020-9893", "CVE-2020-9920", "CVE-2020-9985", "CVE-2020-9980", "CVE-2020-11759", "CVE-2020-9882", "CVE-2020-11764", "CVE-2020-9915", "CVE-2020-11762", "CVE-2020-9936", "CVE-2020-9918", "CVE-2020-9902", "CVE-2020-9881", "CVE-2020-9892", "CVE-2020-9997", "CVE-2020-9909", "CVE-2020-9890", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9937"], "modified": "2020-12-15T05:53:50", "id": "APPLE:HT211291", "href": "https://support.apple.com/kb/HT211291", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T22:10:32", "description": "# About the security content of tvOS 13.4.8\n\nThis document describes the security content of tvOS 13.4.8.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## tvOS 13.4.8\n\nReleased July 15, 2020\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro Zero Day Initiative\n\nCVE-2020-9889: Anonymous working with Trend Micro\u2019s Zero Day Initiative, JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9888: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9890: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9891: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**AVEVideoEncoder**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9907: 08Tc3wBB working with ZecOps\n\nEntry added July 28, 2020, updated August 31, 2020\n\n**CoreGraphics**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added July 28, 2020, updated December 15, 2020\n\n**Crash Reporter**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud\n\n**Crash Reporter**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9900: Cees Elzinga, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 10, 2020, updated December 17, 2021 \n\n**FontParser**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added September 21, 2020, updated October 19, 2020\n\n**GeoServices**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to read sensitive location information\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.\n\n**iAP**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2020-9914: Andy Davis of NCC Group\n\nEntry updated July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27933: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\nEntry added July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry added July 28, 2020, updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added August 10, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9909: Brandon Azad of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9904: Tielei Wang of Pangu Lab\n\nEntry added July 28, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9863: Xinru Chi of Pangu Lab\n\nEntry updated August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed with improved state management.\n\nCVE-2020-9892: Andy Nguyen of Google\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9905: Raz Mashat (@RazMashat) of ZecOps\n\nEntry added August 31, 2020\n\n**libxml2**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9926: Found by OSS-Fuzz\n\nEntry added March 16, 2021\n\n**Model I/O**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Model I/O**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9940: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate\n\nDescription: A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation.\n\nCVE-2020-9868: Brian Wolff of Asana\n\nEntry added July 28, 2020\n\n**sysdiagnose**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9901: Tim Michaud (@TimGMichaud) of Leviathan, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 10, 2020, updated August 31, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\nEntry updated July 28, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n**WebRTC**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker in a privileged network position may be able to cause heap corruption via a crafted SCTP stream\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-6514: natashenka of Google Project Zero\n\nEntry added September 21, 2020\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)\n\n## Additional recognition\n\n**CoreFoundation**\n\nWe would like to acknowledge Bobby Pelletier for their assistance.\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-Financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-15T00:00:00", "type": "apple", "title": "About the security content of tvOS 13.4.8", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14899", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-27933", "CVE-2020-6514", "CVE-2020-9862", "CVE-2020-9863", "CVE-2020-9865", "CVE-2020-9868", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9878", "CVE-2020-9879", "CVE-2020-9880", "CVE-2020-9883", "CVE-2020-9884", "CVE-2020-9888", "CVE-2020-9889", "CVE-2020-9890", "CVE-2020-9891", "CVE-2020-9892", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9900", "CVE-2020-9901", "CVE-2020-9902", "CVE-2020-9904", "CVE-2020-9905", "CVE-2020-9907", "CVE-2020-9909", "CVE-2020-9910", "CVE-2020-9914", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9918", "CVE-2020-9919", "CVE-2020-9925", "CVE-2020-9926", "CVE-2020-9933", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9940", "CVE-2020-9980", "CVE-2020-9984"], "modified": "2020-07-15T00:00:00", "id": "APPLE:2B6F011ECD9EFE0F4D0983E7E6A91A15", "href": "https://support.apple.com/kb/HT211290", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:33", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iCloud for Windows 7.20\n\nReleased August 10, 2020\n\n**CoreGraphics**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added September 21, 2020, updated December 15, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Windows 7 and later\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T05:23:14", "title": "About the security content of iCloud for Windows 7.20 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9871", "CVE-2020-9874", "CVE-2020-11761", "CVE-2020-9862", "CVE-2020-9883", "CVE-2020-9984", "CVE-2020-9894", "CVE-2020-11763", "CVE-2020-11765", "CVE-2020-9876", "CVE-2020-9875", "CVE-2020-9910", "CVE-2020-9925", "CVE-2020-9895", "CVE-2020-9938", "CVE-2020-9916", "CVE-2020-9877", "CVE-2020-9919", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-9879", "CVE-2020-9893", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-9915", "CVE-2020-11762", "CVE-2020-9936", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9937"], "modified": "2020-12-15T05:23:14", "id": "APPLE:HT211295", "href": "https://support.apple.com/kb/HT211295", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T22:10:27", "description": "# About the security content of iTunes 12.10.8 for Windows\n\nThis document describes the security content of iTunes 12.10.8 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iTunes 12.10.8 for Windows\n\nReleased July 30, 2020\n\n**CoreGraphics**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added September 21, 2020, updated December 15, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27933: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9926: Found by OSS-Fuzz\n\nEntry added March 16, 2021\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Windows 7 and later\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-Financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 02, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-30T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.10.8 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-27933", "CVE-2020-9862", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9879", "CVE-2020-9883", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9910", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9919", "CVE-2020-9925", "CVE-2020-9926", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9984"], "modified": "2020-07-30T00:00:00", "id": "APPLE:717EB24E41379638A244FDCE287538E6", "href": "https://support.apple.com/kb/HT211293", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:41:46", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iTunes 12.10.8 for Windows\n\nReleased July 30, 2020\n\n**CoreGraphics**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added September 21, 2020, updated December 15, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Windows 7 and later\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T05:45:32", "title": "About the security content of iTunes 12.10.8 for Windows - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9871", "CVE-2020-9874", "CVE-2020-11761", "CVE-2020-9862", "CVE-2020-9883", "CVE-2020-9984", "CVE-2020-9894", "CVE-2020-11763", "CVE-2020-11765", "CVE-2020-9876", "CVE-2020-9875", "CVE-2020-9910", "CVE-2020-9925", "CVE-2020-9895", "CVE-2020-9938", "CVE-2020-9916", "CVE-2020-9877", "CVE-2020-9919", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-9879", "CVE-2020-9893", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-9915", "CVE-2020-11762", "CVE-2020-9936", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9937"], "modified": "2020-12-15T05:45:32", "id": "APPLE:HT211293", "href": "https://support.apple.com/kb/HT211293 ", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:43:46", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iCloud for Windows 11.3\n\nReleased August 10, 2020\n\n**CoreGraphics**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added September 21, 2020, updated December 15, 2020\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T06:02:19", "title": "About the security content of iCloud for Windows 11.3 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9871", "CVE-2020-9874", "CVE-2020-11761", "CVE-2020-9862", "CVE-2020-9883", "CVE-2020-9984", "CVE-2020-9894", "CVE-2020-11763", "CVE-2020-11765", "CVE-2020-9876", "CVE-2020-9875", "CVE-2020-9910", "CVE-2020-9925", "CVE-2020-9895", "CVE-2020-9938", "CVE-2020-9916", "CVE-2020-9877", "CVE-2020-9919", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-9879", "CVE-2020-9893", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-9915", "CVE-2020-11762", "CVE-2020-9936", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9937"], "modified": "2020-12-15T06:02:19", "id": "APPLE:HT211294", "href": "https://support.apple.com/kb/HT211294 ", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T22:10:28", "description": "# About the security content of iCloud for Windows 11.3\n\nThis document describes the security content of iCloud for Windows 11.3.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iCloud for Windows 11.3\n\nReleased August 10, 2020\n\n**CoreGraphics**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added September 21, 2020, updated December 15, 2020\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27933: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\n**libxml2**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9926: Found by OSS-Fuzz\n\nEntry added March 16, 2021\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-Financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 02, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-10T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 11.3", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-27933", "CVE-2020-9862", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9879", "CVE-2020-9883", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9910", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9919", "CVE-2020-9925", "CVE-2020-9926", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9984"], "modified": "2020-08-10T00:00:00", "id": "APPLE:524576436C5FDCCC5080CD76C6051F20", "href": "https://support.apple.com/kb/HT211294", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T22:10:30", "description": "# About the security content of iCloud for Windows 7.20\n\nThis document describes the security content of iCloud for Windows 7.20.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iCloud for Windows 7.20\n\nReleased August 10, 2020\n\n**CoreGraphics**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added September 21, 2020, updated December 15, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27933: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9926: Found by OSS-Fuzz\n\nEntry added March 16, 2021\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Windows 7 and later\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-Financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 02, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-10T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 7.20", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-27933", "CVE-2020-9862", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9879", "CVE-2020-9883", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9910", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9919", "CVE-2020-9925", "CVE-2020-9926", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9984"], "modified": "2020-08-10T00:00:00", "id": "APPLE:AA62A80C9E6F6992009BCCB45F9D570E", "href": "https://support.apple.com/kb/HT211295", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:42:23", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra\n\nReleased July 15, 2020\n\n**AMD**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9927: Lilang Wu working with TrendMicro\u2019s Zero Day Initiative\n\nEntry updated August 5, 2020\n\n**Audio**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro Zero Day Initiative\n\nCVE-2020-9889: Anonymous working with Trend Micro\u2019s Zero Day Initiative, JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**Audio**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9888: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9890: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9891: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**Bluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2020-9928: Yu Wang of Didi Research America\n\nEntry added August 5, 2020\n\n**Bluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9929: Yu Wang of Didi Research America\n\nEntry added August 5, 2020\n\n**Clang**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Clang may generate machine code that does not correctly enforce pointer authentication codes\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9870: Samuel Gro\u00df of Google Project Zero\n\n**CoreAudio**\n\nAvailable for: macOS High Sierra 10.13.6\n\nImpact: A buffer overflow may result in arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9866: Yu Zhou of \u5c0f\u9e21\u5e2e and Jundong Xie of Ant-financial Light-Year Security Lab\n\n**Core Bluetooth**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may cause an unexpected application termination\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9869: Patrick Wardle of Jamf\n\nEntry added August 5, 2020\n\n**CoreCapture**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9949: Proteas\n\nEntry added November 12, 2020\n\n**CoreFoundation**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local user may be able to view sensitive user information\n\nDescription: An issue existed in the handling of environment variables. This issue was addressed with improved validation.\n\nCVE-2020-9934: Matt Shockley (linkedin.com/in/shocktop)\n\nEntry updated August 5, 2020\n\n**CoreGraphics**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added July 24, 2020, updated November 12, 2020\n\n**Crash Reporter**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud\n\n**Crash Reporter**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9900: Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020\n\n**FontParser**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added September 21, 2020, updated October 19, 2020\n\n**Graphics Drivers**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9799: ABC Research s.r.o.\n\nEntry updated July 24, 2020\n\n**Heimdal**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: This issue was addressed with improved data protection.\n\nCVE-2020-9913: Cody Thomas of SpecterOps\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added August 5, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\nEntry added August 5, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry added September 21, 2020\n\n**Image Processing**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9887: Mickey Jin of Trend Micro\n\nEntry added September 8, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9908: Junzhi Lu(@pwn0rz) working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added July 24, 2020, updated August 31, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2020-9990: ABC Research s.r.l. working with Trend Micro Zero Day Initiative, ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nEntry added September 21, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9921: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9904: Tielei Wang of Pangu Lab\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9924: Matt DeVore of Google\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed with improved state management.\n\nCVE-2020-9892: Andy Nguyen of Google\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9863: Xinru Chi of Pangu Lab\n\nEntry updated August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9905: Raz Mashat (@RazMashat) of ZecOps\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9997: Catalin Valeriu Lita of SecurityScorecard\n\nEntry added September 21, 2020\n\n**libxpc**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9994: Apple\n\nEntry added September 21, 2020\n\n**Login Window**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A user may be unexpectedly logged in to another user\u2019s account\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9935: an anonymous researcher\n\nEntry added September 21, 2020\n\n**Mail**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2019-19906\n\nEntry added July 24, 2020, updated September 8, 2020\n\n**Mail**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious mail server may overwrite arbitrary mail files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9920: YongYue Wang AKA BigChan of Hillstone Networks AF Team\n\nEntry added July 24, 2020\n\n**Mail**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted email may lead to writing arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9922: Mikko Kentt\u00e4l\u00e4 (@Turmio_) of SensorFu\n\nEntry added November 12, 2020\n\n**Messages**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A user that is removed from an iMessage group could rejoin the group\n\nDescription: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification.\n\nCVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha)\n\n**Model I/O**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added July 24, 2020, updated September 21, 2020\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9881: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9882: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9940: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9985: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added July 24, 2020, updated September 21, 2020\n\n**OpenLDAP**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-12243\n\nEntry added September 21, 2020\n\n**rsync**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2014-9512: gaojianfeng\n\nEntry added July 24, 2020\n\n**Sandbox**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9930: Zhiyi Zhang from Codesafe Team of Legendsec at Qi'anxin Group\n\nEntry added December 15, 2020\n\n**Sandbox**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local user may be able to load unsigned kernel extensions\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9939: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added August 5, 2020\n\n**Security**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9864: Alexander Holodny\n\n**Security**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate\n\nDescription: A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation.\n\nCVE-2020-9868: Brian Wolff of Asana\n\nEntry added July 24, 2020\n\n**Security**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9854: Ilias Morad (A2nkF)\n\nEntry added July 24, 2020\n\n**sysdiagnose**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9901: Tim Michaud (@TimGMichaud) of Leviathan, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020, updated August 31, 2020\n\n**Vim**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-20807: Guilherme de Almeida Suckevicz\n\n**WebDAV**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2020-9898: Sreejith Krishnan R (@skr0x1C0)\n\nEntry added September 8, 2020\n\n**Wi-Fi**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)\n\n**Wi-Fi**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9899: Yu Wang of Didi Research America\n\nEntry added July 24, 2020\n\n**Wi-Fi**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9906: Ian Beer of Google Project Zero\n\nEntry added July 24, 2020\n\n\n\n## Additional recognition\n\n**CoreFoundation**\n\nWe would like to acknowledge Bobby Pelletier for their assistance.\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\n**Siri**\n\nWe would like to acknowledge Yuval Ron, Amichai Shulman, and Eli Biham of the Technion - Israel Institute of Technology for their assistance.\n\nEntry added August 5, 2020\n\n**USB Audio**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n", "edition": 14, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T06:08:19", "title": "About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9871", "CVE-2014-9512", "CVE-2019-19906", "CVE-2020-9884", "CVE-2020-9870", "CVE-2020-9889", "CVE-2020-9905", "CVE-2020-9927", "CVE-2020-9868", "CVE-2020-9874", "CVE-2020-9990", "CVE-2020-11761", "CVE-2020-9883", "CVE-2020-9854", "CVE-2020-9885", "CVE-2020-9928", "CVE-2020-9906", "CVE-2020-9939", "CVE-2020-9984", "CVE-2020-9904", "CVE-2020-11763", "CVE-2020-9929", "CVE-2020-11765", "CVE-2020-9901", "CVE-2020-9891", "CVE-2020-9876", "CVE-2020-9875", "CVE-2020-9887", "CVE-2020-9898", "CVE-2020-9866", "CVE-2020-9908", "CVE-2020-9864", "CVE-2020-9938", "CVE-2020-9949", "CVE-2020-9940", "CVE-2020-9888", "CVE-2020-9934", "CVE-2020-9930", "CVE-2019-14899", "CVE-2020-9880", "CVE-2020-9877", "CVE-2020-9919", "CVE-2020-9865", "CVE-2020-11758", "CVE-2020-9863", "CVE-2020-9922", "CVE-2020-11760", "CVE-2020-9924", "CVE-2019-20807", "CVE-2020-9900", "CVE-2020-9879", "CVE-2020-9878", "CVE-2020-9921", "CVE-2020-9920", "CVE-2020-9985", "CVE-2020-9980", "CVE-2020-11759", "CVE-2020-9882", "CVE-2020-11764", "CVE-2020-9935", "CVE-2020-9913", "CVE-2020-11762", "CVE-2020-9899", "CVE-2020-9799", "CVE-2020-9936", "CVE-2020-9918", "CVE-2020-9902", "CVE-2020-9881", "CVE-2020-9869", "CVE-2020-9892", "CVE-2020-12243", "CVE-2020-9997", "CVE-2020-9994", "CVE-2020-9890", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9937"], "modified": "2020-12-15T06:08:19", "id": "APPLE:HT211289", "href": "https://support.apple.com/kb/HT211289", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T22:10:33", "description": "# About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra\n\nThis document describes the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra\n\nReleased July 15, 2020\n\n**AMD**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9927: Lilang Wu working with TrendMicro\u2019s Zero Day Initiative\n\nEntry updated August 5, 2020\n\n**Audio**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro Zero Day Initiative\n\nCVE-2020-9889: Anonymous working with Trend Micro\u2019s Zero Day Initiative, JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**Audio**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9888: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9890: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9891: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**Bluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2020-9928: Yu Wang of Didi Research America\n\nEntry added August 5, 2020\n\n**Bluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9929: Yu Wang of Didi Research America\n\nEntry added August 5, 2020\n\n**Clang**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Clang may generate machine code that does not correctly enforce pointer authentication codes\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9870: Samuel Gro\u00df of Google Project Zero\n\n**CoreAudio**\n\nAvailable for: macOS High Sierra 10.13.6\n\nImpact: A buffer overflow may result in arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9866: Yu Zhou of \u5c0f\u9e21\u5e2e and Jundong Xie of Ant-Financial Light-Year Security Lab\n\n**Core Bluetooth**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may cause an unexpected application termination\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9869: Patrick Wardle of Jamf\n\nEntry added August 5, 2020\n\n**CoreCapture**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9949: Proteas\n\nEntry added November 12, 2020\n\n**CoreFoundation**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local user may be able to view sensitive user information\n\nDescription: An issue existed in the handling of environment variables. This issue was addressed with improved validation.\n\nCVE-2020-9934: Matt Shockley (linkedin.com/in/shocktop)\n\nEntry updated August 5, 2020\n\n**CoreGraphics**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added July 24, 2020, updated November 12, 2020\n\n**Crash Reporter**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud\n\n**Crash Reporter**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9900: Cees Elzinga, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020, updated December 17, 2021 \n\n**FontParser**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added September 21, 2020, updated October 19, 2020\n\n**Graphics Drivers**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9799: ABC Research s.r.o.\n\nEntry updated July 24, 2020\n\n**Heimdal**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: This issue was addressed with improved data protection.\n\nCVE-2020-9913: Cody Thomas of SpecterOps\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27933: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added August 5, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\nEntry added August 5, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry added September 21, 2020\n\n**Image Processing**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9887: Mickey Jin of Trend Micro\n\nEntry added September 8, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9908: Junzhi Lu(@pwn0rz) working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added July 24, 2020, updated August 31, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2020-9990: ABC Research s.r.l. working with Trend Micro Zero Day Initiative, ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nEntry added September 21, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9921: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9904: Tielei Wang of Pangu Lab\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9924: Matt DeVore of Google\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed with improved state management.\n\nCVE-2020-9892: Andy Nguyen of Google\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9863: Xinru Chi of Pangu Lab\n\nEntry updated August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9905: Raz Mashat (@RazMashat) of ZecOps\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9997: Catalin Valeriu Lita of SecurityScorecard\n\nEntry added September 21, 2020\n\n**libxml2**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9926: Found by OSS-Fuzz\n\nEntry added March 16, 2021\n\n**libxpc**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9994: Apple\n\nEntry added September 21, 2020\n\n**Login Window**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A user may be unexpectedly logged in to another user\u2019s account\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9935: an anonymous researcher\n\nEntry added September 21, 2020\n\n**Mail**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2019-19906\n\nEntry added July 24, 2020, updated September 8, 2020\n\n**Mail**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious mail server may overwrite arbitrary mail files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9920: YongYue Wang AKA BigChan of Hillstone Networks AF Team\n\nEntry added July 24, 2020\n\n**Mail**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted email may lead to writing arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9922: Mikko Kentt\u00e4l\u00e4 (@Turmio_) of SensorFu\n\nEntry added November 12, 2020\n\n**Messages**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A user that is removed from an iMessage group could rejoin the group\n\nDescription: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification.\n\nCVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha)\n\n**Model I/O**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added July 24, 2020, updated September 21, 2020\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9881: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9882: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9940: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9985: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added July 24, 2020, updated September 21, 2020\n\n**OpenLDAP**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-12243\n\nEntry added September 21, 2020\n\n**Perl**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: An integer overflow in the Perl regular expression compiler may allow a remote attacker to insert instructions into the compiled form of a regular expression\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-10878: Hugo van der Sanden and Slaven Rezic\n\nEntry added March 16, 2021\n\n**Perl**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-12723: Sergey Aleynikov\n\nEntry added March 16, 2021\n\n**rsync**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2014-9512: gaojianfeng\n\nEntry added July 24, 2020\n\n**Sandbox**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9930: Zhiyi Zhang from Codesafe Team of Legendsec at Qi'anxin Group\n\nEntry added December 15, 2020\n\n**Sandbox**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local user may be able to load unsigned kernel extensions\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9939: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added August 5, 2020\n\n**Security**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9864: Alexander Holodny\n\n**Security**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate\n\nDescription: A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation.\n\nCVE-2020-9868: Brian Wolff of Asana\n\nEntry added July 24, 2020\n\n**Security**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9854: Ilias Morad (A2nkF)\n\nEntry added July 24, 2020\n\n**sysdiagnose**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9901: Tim Michaud (@TimGMichaud) of Leviathan, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020, updated August 31, 2020\n\n**Vim**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-20807: Guilherme de Almeida Suckevicz\n\n**WebDAV**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2020-9898: Sreejith Krishnan R (@skr0x1C0)\n\nEntry added September 8, 2020\n\n**Wi-Fi**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)\n\n**Wi-Fi**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9899: Yu Wang of Didi Research America\n\nEntry added July 24, 2020\n\n**Wi-Fi**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9906: Ian Beer of Google Project Zero\n\nEntry added July 24, 2020\n\n## Additional recognition\n\n**CoreFoundation**\n\nWe would like to acknowledge Bobby Pelletier for their assistance.\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-Financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\n**Siri**\n\nWe would like to acknowledge Yuval Ron, Amichai Shulman, and Eli Biham of the Technion - Israel Institute of Technology for their assistance.\n\nEntry added August 5, 2020\n\n**USB Audio**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-15T00:00:00", "type": "apple", "title": "About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9512", "CVE-2019-14899", "CVE-2019-19906", "CVE-2019-20807", "CVE-2020-10878", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-12243", "CVE-2020-12723", "CVE-2020-27933", "CVE-2020-9799", "CVE-2020-9854", "CVE-2020-9863", "CVE-2020-9864", "CVE-2020-9865", "CVE-2020-9866", "CVE-2020-9868", "CVE-2020-9869", "CVE-2020-9870", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9878", "CVE-2020-9879", "CVE-2020-9880", "CVE-2020-9881", "CVE-2020-9882", "CVE-2020-9883", "CVE-2020-9884", "CVE-2020-9885", "CVE-2020-9887", "CVE-2020-9888", "CVE-2020-9889", "CVE-2020-9890", "CVE-2020-9891", "CVE-2020-9892", "CVE-2020-9898", "CVE-2020-9899", "CVE-2020-9900", "CVE-2020-9901", "CVE-2020-9902", "CVE-2020-9904", "CVE-2020-9905", "CVE-2020-9906", "CVE-2020-9908", "CVE-2020-9913", "CVE-2020-9918", "CVE-2020-9919", "CVE-2020-9920", "CVE-2020-9921", "CVE-2020-9922", "CVE-2020-9924", "CVE-2020-9926", "CVE-2020-9927", "CVE-2020-9928", "CVE-2020-9929", "CVE-2020-9930", "CVE-2020-9934", "CVE-2020-9935", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9939", "CVE-2020-9940", "CVE-2020-9949", "CVE-2020-9980", "CVE-2020-9984", "CVE-2020-9985", "CVE-2020-9990", "CVE-2020-9994", "CVE-2020-9997"], "modified": "2020-07-15T00:00:00", "id": "APPLE:3D7765FAAA5588336144E1B60D0B775E", "href": "https://support.apple.com/kb/HT211289", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:34", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Safari 13.1.2\n\nReleased July 15, 2020\n\n**Safari**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2020-9942: an anonymous researcher, Rahul d Kankrale (servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho (@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab\n\nEntry added November 12, 2020\n\n**Safari Downloads**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9912: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**Safari Login AutoFill**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious attacker may cause Safari to suggest a password for the wrong domain\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9903: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**Safari Reader**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9911: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\nEntry updated July 28, 2020\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n**WebRTC**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: An attacker in a privileged network position may be able to cause heap corruption via a crafted SCTP stream\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-6514: Natalie Silvanovich of Google Project Zero\n\nEntry added September 21, 2020\n", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-12T10:19:34", "title": "About the security content of Safari 13.1.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9894", "CVE-2020-9903", "CVE-2020-9910", "CVE-2020-9942", "CVE-2020-9925", "CVE-2020-9895", "CVE-2020-9911", "CVE-2020-9916", "CVE-2020-9912", "CVE-2020-6514", "CVE-2020-9893", "CVE-2020-9915"], "modified": "2020-11-12T10:19:34", "id": "APPLE:HT211292", "href": "https://support.apple.com/kb/HT211292", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T22:10:30", "description": "# About the security content of Safari 13.1.2\n\nThis document describes the security content of Safari 13.1.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## Safari 13.1.2\n\nReleased July 15, 2020\n\n**Safari**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2020-9942: an anonymous researcher, Rahul d Kankrale (servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho (@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab\n\nEntry added November 12, 2020\n\n**Safari Downloads**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9912: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**Safari Login AutoFill**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious attacker may cause Safari to suggest a password for the wrong domain\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9903: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**Safari Reader**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9911: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\nEntry updated July 28, 2020\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n**WebRTC**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: An attacker in a privileged network position may be able to cause heap corruption via a crafted SCTP stream\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-6514: natashenka of Google Project Zero\n\nEntry added September 21, 2020\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-15T00:00:00", "type": "apple", "title": "About the security content of Safari 13.1.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6514", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9903", "CVE-2020-9910", "CVE-2020-9911", "CVE-2020-9912", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9925", "CVE-2020-9942"], "modified": "2020-07-15T00:00:00", "id": "APPLE:0E1C386A7EBAE50F1A16EBD5FB86ED98", "href": "https://support.apple.com/kb/HT211292", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2023-12-03T19:19:33", "description": "### *Detect date*:\n08/10/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code, cause denial of service, perform cross-site scripting attack, spoof user interface.\n\n### *Affected products*:\nApple iCloud earlier than 7.20\n\n### *Solution*:\nUpdate to the latest version \n[Download iCloud](<https://support.apple.com/kb/HT204283>)\n\n### *Original advisories*:\n[About the security content of iCloud for Windows 7.20](<https://support.apple.com/kb/HT211295>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iCloud](<https://threats.kaspersky.com/en/product/Apple-iCloud/>)\n\n### *CVE-IDS*:\n[CVE-2020-9910](<https://vulners.com/cve/CVE-2020-9910>)6.5High \n[CVE-2020-9894](<https://vulners.com/cve/CVE-2020-9894>)4.3Warning \n[CVE-2020-9938](<https://vulners.com/cve/CVE-2020-9938>)6.8High \n[CVE-2020-9877](<https://vulners.com/cve/CVE-2020-9877>)6.8High \n[CVE-2020-9879](<https://vulners.com/cve/CVE-2020-9879>)6.8High \n[CVE-2020-9871](<https://vulners.com/cve/CVE-2020-9871>)6.8High \n[CVE-2020-9919](<https://vulners.com/cve/CVE-2020-9919>)6.8High \n[CVE-2020-9876](<https://vulners.com/cve/CVE-2020-9876>)6.8High \n[CVE-2020-9875](<https://vulners.com/cve/CVE-2020-9875>)6.8High \n[CVE-2020-9895](<https://vulners.com/cve/CVE-2020-9895>)7.5Critical \n[CVE-2020-9874](<https://vulners.com/cve/CVE-2020-9874>)6.8High \n[CVE-2020-9936](<https://vulners.com/cve/CVE-2020-9936>)6.8High \n[CVE-2020-9862](<https://vulners.com/cve/CVE-2020-9862>)6.8High \n[CVE-2020-9872](<https://vulners.com/cve/CVE-2020-9872>)6.8High \n[CVE-2020-9873](<https://vulners.com/cve/CVE-2020-9873>)6.8High \n[CVE-2020-9925](<https://vulners.com/cve/CVE-2020-9925>)4.3Warning \n[CVE-2020-9937](<https://vulners.com/cve/CVE-2020-9937>)6.8High \n[CVE-2020-9916](<https://vulners.com/cve/CVE-2020-9916>)5.0Critical \n[CVE-2020-9915](<https://vulners.com/cve/CVE-2020-9915>)4.3Warning \n[CVE-2020-9893](<https://vulners.com/cve/CVE-2020-9893>)6.8High \n[CVE-2020-11760](<https://vulners.com/cve/CVE-2020-11760>)4.3Warning \n[CVE-2020-11758](<https://vulners.com/cve/CVE-2020-11758>)4.3Warning \n[CVE-2020-11764](<https://vulners.com/cve/CVE-2020-11764>)4.3Warning \n[CVE-2020-11765](<https://vulners.com/cve/CVE-2020-11765>)4.3Warning \n[CVE-2020-11761](<https://vulners.com/cve/CVE-2020-11761>)4.3Warning \n[CVE-2020-11762](<https://vulners.com/cve/CVE-2020-11762>)4.3Warning \n[CVE-2020-11759](<https://vulners.com/cve/CVE-2020-11759>)4.3Warning \n[CVE-2020-11763](<https://vulners.com/cve/CVE-2020-11763>)4.3Warning \n[CVE-2020-9984](<https://vulners.com/cve/CVE-2020-9984>)6.8High \n[CVE-2020-9883](<https://vulners.com/cve/CVE-2020-9883>)6.8High \n[CVE-2020-9926](<https://vulners.com/cve/CVE-2020-9926>)6.8High \n[CVE-2020-27933](<https://vulners.com/cve/CVE-2020-27933>)6.8High", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-10T00:00:00", "type": "kaspersky", "title": "KLA11926 Multiple vulnerabilities in Apple iCloud", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-27933", "CVE-2020-9862", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9879", "CVE-2020-9883", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9910", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9919", "CVE-2020-9925", "CVE-2020-9926", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9984"], "modified": "2021-03-24T00:00:00", "id": "KLA11926", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11926/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-11-25T15:52:56", "description": "The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2020-004, 10.14.x prior to 10.14.6 Security Update 2020-004, or 10.15.x prior to 10.15.6. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. (CVE-2019-14899)\n\n - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. (CVE-2019-19906)\n\n - In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). (CVE-2019-20807)\n\n - rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. (CVE-2014-9512)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2020-10-01T00:00:00", "type": "nessus", "title": "macOS 10.15.x < 10.15.6 / 10.14.x < 10.14.6 Security Update 2020-004 / 10.13.x < 10.13.6 Security Update 2020-004", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9512", "CVE-2019-14899", "CVE-2019-19906", "CVE-2019-20807", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-12243", "CVE-2020-9799", "CVE-2020-9854", "CVE-2020-9863", "CVE-2020-9864", "CVE-2020-9865", "CVE-2020-9866", "CVE-2020-9868", "CVE-2020-9869", "CVE-2020-9870", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9878", "CVE-2020-9879", "CVE-2020-9880", "CVE-2020-9881", "CVE-2020-9882", "CVE-2020-9883", "CVE-2020-9884", "CVE-2020-9885", "CVE-2020-9887", "CVE-2020-9888", "CVE-2020-9889", "CVE-2020-9890", "CVE-2020-9891", "CVE-2020-9892", "CVE-2020-9898", "CVE-2020-9899", "CVE-2020-9900", "CVE-2020-9901", "CVE-2020-9902", "CVE-2020-9904", "CVE-2020-9905", "CVE-2020-9906", "CVE-2020-9908", "CVE-2020-9913", "CVE-2020-9918", "CVE-2020-9919", "CVE-2020-9920", "CVE-2020-9921", "CVE-2020-9924", "CVE-2020-9927", "CVE-2020-9928", "CVE-2020-9929", "CVE-2020-9934", "CVE-2020-9935", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9939", "CVE-2020-9940", "CVE-2020-9980", "CVE-2020-9984", "CVE-2020-9985", "CVE-2020-9990", "CVE-2020-9994", "CVE-2020-9997"], "modified": "2022-11-21T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT211289.NASL", "href": "https://www.tenable.com/plugins/nessus/141100", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141100);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/21\");\n\n script_cve_id(\n \"CVE-2014-9512\",\n \"CVE-2019-14899\",\n \"CVE-2019-19906\",\n \"CVE-2019-20807\",\n \"CVE-2020-9799\",\n \"CVE-2020-9854\",\n \"CVE-2020-9863\",\n \"CVE-2020-9864\",\n \"CVE-2020-9865\",\n \"CVE-2020-9866\",\n \"CVE-2020-9868\",\n \"CVE-2020-9869\",\n \"CVE-2020-9870\",\n \"CVE-2020-9871\",\n \"CVE-2020-9872\",\n \"CVE-2020-9873\",\n \"CVE-2020-9874\",\n \"CVE-2020-9875\",\n \"CVE-2020-9876\",\n \"CVE-2020-9877\",\n \"CVE-2020-9878\",\n \"CVE-2020-9879\",\n \"CVE-2020-9880\",\n \"CVE-2020-9881\",\n \"CVE-2020-9882\",\n \"CVE-2020-9883\",\n \"CVE-2020-9884\",\n \"CVE-2020-9885\",\n \"CVE-2020-9887\",\n \"CVE-2020-9888\",\n \"CVE-2020-9889\",\n \"CVE-2020-9890\",\n \"CVE-2020-9891\",\n \"CVE-2020-9892\",\n \"CVE-2020-9898\",\n \"CVE-2020-9899\",\n \"CVE-2020-9900\",\n \"CVE-2020-9901\",\n \"CVE-2020-9902\",\n \"CVE-2020-9904\",\n \"CVE-2020-9905\",\n \"CVE-2020-9906\",\n \"CVE-2020-9908\",\n \"CVE-2020-9913\",\n \"CVE-2020-9918\",\n \"CVE-2020-9919\",\n \"CVE-2020-9920\",\n \"CVE-2020-9921\",\n \"CVE-2020-9924\",\n \"CVE-2020-9927\",\n \"CVE-2020-9928\",\n \"CVE-2020-9929\",\n \"CVE-2020-9934\",\n \"CVE-2020-9935\",\n \"CVE-2020-9936\",\n \"CVE-2020-9937\",\n \"CVE-2020-9938\",\n \"CVE-2020-9939\",\n \"CVE-2020-9940\",\n \"CVE-2020-9980\",\n \"CVE-2020-9984\",\n \"CVE-2020-9985\",\n \"CVE-2020-9990\",\n \"CVE-2020-9994\",\n \"CVE-2020-9997\",\n \"CVE-2020-11758\",\n \"CVE-2020-11759\",\n \"CVE-2020-11760\",\n \"CVE-2020-11761\",\n \"CVE-2020-11762\",\n \"CVE-2020-11763\",\n \"CVE-2020-11764\",\n \"CVE-2020-11765\",\n \"CVE-2020-12243\"\n );\n script_xref(name:\"IAVB\", value:\"2020-B-0053-S\");\n script_xref(name:\"APPLE-SA\", value:\"HT211289\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2020-07-15\");\n script_xref(name:\"IAVA\", value:\"2020-A-0539-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n\n script_name(english:\"macOS 10.15.x < 10.15.6 / 10.14.x < 10.14.6 Security Update 2020-004 / 10.13.x < 10.13.6 Security Update 2020-004\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS security update\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2020-004,\n10.14.x prior to 10.14.6 Security Update 2020-004, or 10.15.x prior to 10.15.6. It is, therefore, affected by multiple\nvulnerabilities, including the following:\n\n - A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious\n access point, or an adjacent user, to determine if a connected user is using a VPN, make positive\n inferences about the websites they are visiting, and determine the correct sequence and acknowledgement\n numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that\n is needed for an attacker to hijack active connections inside the VPN tunnel. (CVE-2019-14899)\n\n - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote\n denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an\n off-by-one error in _sasl_add_string in common.c in cyrus-sasl. (CVE-2019-19906)\n\n - In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands\n via scripting interfaces (e.g., Python, Ruby, or Lua). (CVE-2019-20807)\n\n - rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the\n synchronization path. (CVE-2014-9512)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT211289\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macos 10.13.6 Security Update 2020-004 / 10.14.6 Security Update 2020-004 / 10.15.6 or later\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_apple.inc');\n\napp_info = vcf::apple::macos::get_app_info();\n\nconstraints = [\n { 'max_version' : '10.15.5', 'min_version' : '10.15', 'fixed_build': '19G73', 'fixed_display' : 'macOS Catalina 10.15.6' },\n { 'max_version' : '10.13.6', 'min_version' : '10.13', 'fixed_build': '17G14019', 'fixed_display' : '10.13.6 Security Update 2020-004' },\n { 'max_version' : '10.14.6', 'min_version' : '10.14', 'fixed_build': '18G6020', 'fixed_display' : '10.14.6 Security Update 2020-004' }\n];\n\nvcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:46", "description": "This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-08-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1256)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1256.NASL", "href": "https://www.tenable.com/plugins/nessus/139896", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1256.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139896);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1256)\");\n script_summary(english:\"Check for the openSUSE-2020-1256 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893,\n CVE-2020-9894, CVE-2020-9895, CVE-2020-9915,\n CVE-2020-9925.\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174662\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk3-lang-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit-jsc-4-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit-jsc-4-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-debugsource-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-devel-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:54", "description": "This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-12T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:2198-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2198-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139535", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2198-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139535);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:2198-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893,\n CVE-2020-9894, CVE-2020-9895, CVE-2020-9915,\n CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9862/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9893/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9894/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9925/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202198-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?349b993e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2198=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-2198=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2198=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2198=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2198=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2198=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-debugsource-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-devel-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwebkit2gtk-4_0-37-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk3-debugsource-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk3-devel-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-debugsource-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-devel-2.28.4-3.60.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:32:42", "description": "A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-04T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK vulnerabilities (USN-4444-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2023-10-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0"], "id": "UBUNTU_USN-4444-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139311", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4444-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139311);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/21\");\n\n script_cve_id(\n \"CVE-2020-9862\",\n \"CVE-2020-9893\",\n \"CVE-2020-9894\",\n \"CVE-2020-9895\",\n \"CVE-2020-9915\",\n \"CVE-2020-9925\"\n );\n script_xref(name:\"USN\", value:\"4444-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK vulnerabilities (USN-4444-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"A large number of security issues were discovered in the WebKitGTK Web\nand JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4444-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.28.4-0ubuntu0.20.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:19", "description": "This update for openexr provides the following fix :\n\nSecurity issues fixed :\n\n - CVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier (bsc#1169575).\n\n - CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574).\n\n - CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576).\n\n - CVE-2020-11762: Fixed an out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case (bsc#1169549).\n\n - CVE-2020-11761: Fixed an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578).\n\n - CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580).\n\n - CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573).\n\nNon-security issue fixed :\n\n - Enable tests when building the package on x86_64.\n (bsc#1146648)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-05-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openexr (openSUSE-2020-682)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"], "modified": "2020-05-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libilmimf-2_2-23", "p-cpe:/a:novell:opensuse:libilmimf-2_2-23-32bit", "p-cpe:/a:novell:opensuse:libilmimf-2_2-23-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libilmimf-2_2-23-debuginfo", "p-cpe:/a:novell:opensuse:libilmimfutil-2_2-23", "p-cpe:/a:novell:opensuse:libilmimfutil-2_2-23-32bit", "p-cpe:/a:novell:opensuse:libilmimfutil-2_2-23-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libilmimfutil-2_2-23-debuginfo", "p-cpe:/a:novell:opensuse:openexr", "p-cpe:/a:novell:opensuse:openexr-debuginfo", "p-cpe:/a:novell:opensuse:openexr-debugsource", "p-cpe:/a:novell:opensuse:openexr-devel", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-682.NASL", "href": "https://www.tenable.com/plugins/nessus/136880", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-682.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136880);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/28\");\n\n script_cve_id(\"CVE-2020-11758\", \"CVE-2020-11760\", \"CVE-2020-11761\", \"CVE-2020-11762\", \"CVE-2020-11763\", \"CVE-2020-11764\", \"CVE-2020-11765\");\n\n script_name(english:\"openSUSE Security Update : openexr (openSUSE-2020-682)\");\n script_summary(english:\"Check for the openSUSE-2020-682 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openexr provides the following fix :\n\nSecurity issues fixed :\n\n - CVE-2020-11765: Fixed an off-by-one error in use of the\n ImfXdr.h read function by\n DwaCompressor:Classifier:Classifier (bsc#1169575).\n\n - CVE-2020-11764: Fixed an out-of-bounds write in\n copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574).\n\n - CVE-2020-11763: Fixed an out-of-bounds read and write,\n as demonstrated by ImfTileOffsets.cpp (bsc#1169576).\n\n - CVE-2020-11762: Fixed an out-of-bounds read and write in\n DwaCompressor:uncompress in ImfDwaCompressor.cpp when\n handling the UNKNOWN compression case (bsc#1169549).\n\n - CVE-2020-11761: Fixed an out-of-bounds read during\n Huffman uncompression, as demonstrated by\n FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578).\n\n - CVE-2020-11760: Fixed an out-of-bounds read during RLE\n uncompression in rleUncompress in ImfRle.cpp\n (bsc#1169580).\n\n - CVE-2020-11758: Fixed an out-of-bounds read in\n ImfOptimizedPixelReading.h (bsc#1169573).\n\nNon-security issue fixed :\n\n - Enable tests when building the package on x86_64.\n (bsc#1146648)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169580\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected openexr packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libIlmImf-2_2-23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libIlmImf-2_2-23-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libIlmImf-2_2-23-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libIlmImf-2_2-23-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libIlmImfUtil-2_2-23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libIlmImfUtil-2_2-23-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libIlmImfUtil-2_2-23-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libIlmImfUtil-2_2-23-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openexr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openexr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openexr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libIlmImf-2_2-23-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libIlmImf-2_2-23-debuginfo-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libIlmImfUtil-2_2-23-debuginfo-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"openexr-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"openexr-debuginfo-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"openexr-debugsource-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"openexr-devel-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libIlmImf-2_2-23-32bit-debuginfo-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libIlmImfUtil-2_2-23-32bit-debuginfo-2.2.1-lp151.4.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libIlmImf-2_2-23 / libIlmImf-2_2-23-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:44", "description": "This update for openexr provides the following fix :\n\nSecurity issues fixed :\n\nCVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier (bsc#1169575).\n\nCVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574).\n\nCVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576).\n\nCVE-2020-11762: Fixed an out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case (bsc#1169549).\n\nCVE-2020-11761: Fixed an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578).\n\nCVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580).\n\nCVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573).\n\nNon-security issue fixed :\n\nEnable tests when building the package on x86_64. (bsc#1146648)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-05-22T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : openexr (SUSE-SU-2020:1293-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libilmimf-2_2", "p-cpe:/a:novell:suse_linux:libilmimf-2_2-23", "p-cpe:/a:novell:suse_linux:libilmimf-2_2-23-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libilmimf-2_2-23-debuginfo", "p-cpe:/a:novell:suse_linux:libilmimfutil-2_2", "p-cpe:/a:novell:suse_linux:libilmimfutil-2_2-23", "p-cpe:/a:novell:suse_linux:libilmimfutil-2_2-23-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libilmimfutil-2_2-23-debuginfo", "p-cpe:/a:novell:suse_linux:openexr", "p-cpe:/a:novell:suse_linux:openexr-debuginfo", "p-cpe:/a:novell:suse_linux:openexr-debugsource", "p-cpe:/a:novell:suse_linux:openexr-devel", "p-cpe:/a:novell:suse_linux:openexr-doc", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1293-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136787", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1293-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136787);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-11758\", \"CVE-2020-11760\", \"CVE-2020-11761\", \"CVE-2020-11762\", \"CVE-2020-11763\", \"CVE-2020-11764\", \"CVE-2020-11765\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : openexr (SUSE-SU-2020:1293-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openexr provides the following fix :\n\nSecurity issues fixed :\n\nCVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read\nfunction by DwaCompressor:Classifier:Classifier (bsc#1169575).\n\nCVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in\nImfMisc.cpp (bsc#1169574).\n\nCVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated\nby ImfTileOffsets.cpp (bsc#1169576).\n\nCVE-2020-11762: Fixed an out-of-bounds read and write in\nDwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the\nUNKNOWN compression case (bsc#1169549).\n\nCVE-2020-11761: Fixed an out-of-bounds read during Huffman\nuncompression, as demonstrated by FastHufDecoder:refill in\nImfFastHuf.cpp (bsc#1169578).\n\nCVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression\nin rleUncompress in ImfRle.cpp (bsc#1169580).\n\nCVE-2020-11758: Fixed an out-of-bounds read in\nImfOptimizedPixelReading.h (bsc#1169573).\n\nNon-security issue fixed :\n\nEnable tests when building the package on x86_64. (bsc#1146648)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11758/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11760/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11761/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11762/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11763/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11764/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11765/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201293-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cee210de\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1293=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1293=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11765\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImf-2_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImf-2_2-23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImf-2_2-23-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImf-2_2-23-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImfUtil-2_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImfUtil-2_2-23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImfUtil-2_2-23-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImfUtil-2_2-23-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openexr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openexr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openexr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openexr-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libIlmImf-2_2-23-32bit-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libIlmImf-2_2-23-32bit-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libIlmImfUtil-2_2-23-32bit-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libIlmImfUtil-2_2-23-32bit-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libIlmImf-2_2-23-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libIlmImf-2_2-23-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libIlmImfUtil-2_2-23-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openexr-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openexr-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openexr-debugsource-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openexr-devel-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openexr-doc-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libIlmImf-2_2-23-32bit-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libIlmImf-2_2-23-32bit-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libIlmImfUtil-2_2-23-32bit-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libIlmImfUtil-2_2-23-32bit-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libIlmImf-2_2-23-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libIlmImf-2_2-23-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libIlmImfUtil-2_2-23-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"openexr-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"openexr-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"openexr-debugsource-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"openexr-devel-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"openexr-doc-2.2.1-3.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openexr\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:49", "description": "The following vulnerabilities have been discovered in the webkit2gtk web engine :\n\n - CVE-2020-9862 Ophir Lojkine discovered that copying a URL from the Web Inspector may lead to command injection.\n\n - CVE-2020-9893 0011 discovered that a remote attacker may be able to cause unexpected application termination or arbitrary code execution.\n\n - CVE-2020-9894 0011 discovered that a remote attacker may be able to cause unexpected application termination or arbitrary code execution.\n\n - CVE-2020-9895 Wen Xu discovered that a remote attacker may be able to cause unexpected application termination or arbitrary code execution.\n\n - CVE-2020-9915 Ayoub Ait Elmokhtar discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced.\n\n - CVE-2020-9925 An anonymous researcher discovered that processing maliciously crafted web content may lead to universal cross site scripting.", "cvss3": {}, "published": "2020-08-04T00:00:00", "type": "nessus", "title": "Debian DSA-4739-1 : webkit2gtk - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:webkit2gtk", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4739.NASL", "href": "https://www.tenable.com/plugins/nessus/139298", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4739. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139298);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n script_xref(name:\"DSA\", value:\"4739\");\n\n script_name(english:\"Debian DSA-4739-1 : webkit2gtk - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The following vulnerabilities have been discovered in the webkit2gtk\nweb engine :\n\n - CVE-2020-9862\n Ophir Lojkine discovered that copying a URL from the Web\n Inspector may lead to command injection.\n\n - CVE-2020-9893\n 0011 discovered that a remote attacker may be able to\n cause unexpected application termination or arbitrary\n code execution.\n\n - CVE-2020-9894\n 0011 discovered that a remote attacker may be able to\n cause unexpected application termination or arbitrary\n code execution.\n\n - CVE-2020-9895\n Wen Xu discovered that a remote attacker may be able to\n cause unexpected application termination or arbitrary\n code execution.\n\n - CVE-2020-9915\n Ayoub Ait Elmokhtar discovered that processing\n maliciously crafted web content may prevent Content\n Security Policy from being enforced.\n\n - CVE-2020-9925\n An anonymous researcher discovered that processing\n maliciously crafted web content may lead to universal\n cross site scripting.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4739\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the webkit2gtk packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.28.4-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-javascriptcoregtk-4.0\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-webkit2-4.0\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-18\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-bin\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-dev\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37-gtk2\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-dev\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-doc\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"webkit2gtk-driver\", reference:\"2.28.4-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:09:07", "description": "This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2020-08-28T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1275)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1275.NASL", "href": "https://www.tenable.com/plugins/nessus/140023", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1275.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140023);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1275)\");\n script_summary(english:\"Check for the openSUSE-2020-1275 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893,\n CVE-2020-9894, CVE-2020-9895, CVE-2020-9915,\n CVE-2020-9925.\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174662\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwebkit2gtk3-lang-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit-jsc-4-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit-jsc-4-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-debugsource-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-devel-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:28", "description": "Update to 2.28.4. Also, drop xdg-desktop-portal-gtk and geoclue2 from Requires to Recommends.\n\nFixes CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-04T00:00:00", "type": "nessus", "title": "Fedora 32 : webkit2gtk3 (2020-24b936a870)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkit2gtk3", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-24B936A870.NASL", "href": "https://www.tenable.com/plugins/nessus/139299", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-24b936a870.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139299);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n script_xref(name:\"FEDORA\", value:\"2020-24b936a870\");\n\n script_name(english:\"Fedora 32 : webkit2gtk3 (2020-24b936a870)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 2.28.4. Also, drop xdg-desktop-portal-gtk and geoclue2 from\nRequires to Recommends.\n\nFixes CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895,\nCVE-2020-9915, CVE-2020-9925\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-24b936a870\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"webkit2gtk3-2.28.4-3.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:39", "description": "This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-12T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:2199-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2199-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139536", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2199-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139536);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:2199-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893,\n CVE-2020-9894, CVE-2020-9895, CVE-2020-9915,\n CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9862/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9893/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9894/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9925/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202199-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ac74cd8\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2199=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2199=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk3-devel-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk3-devel-2.28.4-3.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:45", "description": "This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:2232-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2232-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139593", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2232-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139593);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n\n script_name(english:\"SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:2232-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893,\n CVE-2020-9894, CVE-2020-9895, CVE-2020-9915,\n CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9862/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9893/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9894/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9925/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202232-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?af6babc9\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2232=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2232=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-2232=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-2232=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-2232=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2232=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2232=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2232=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2232=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-2232=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-2232=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk3-debugsource-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-devel-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebkit2gtk-4_0-37-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk3-debugsource-2.28.4-2.59.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:25", "description": "Update to 2.28.4. Also, drop xdg-desktop-portal-gtk and geoclue2 from Requires to Recommends.\n\nFixes CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-07T00:00:00", "type": "nessus", "title": "Fedora 31 : webkit2gtk3 (2020-a496a39b00)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkit2gtk3", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-A496A39B00.NASL", "href": "https://www.tenable.com/plugins/nessus/139391", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-a496a39b00.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139391);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n script_xref(name:\"FEDORA\", value:\"2020-a496a39b00\");\n\n script_name(english:\"Fedora 31 : webkit2gtk3 (2020-a496a39b00)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 2.28.4. Also, drop xdg-desktop-portal-gtk and geoclue2 from\nRequires to Recommends.\n\nFixes CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895,\nCVE-2020-9915, CVE-2020-9925\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-a496a39b00\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"webkit2gtk3-2.28.4-3.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:22", "description": "The remote host is affected by the vulnerability described in GLSA-202007-61 (WebKitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2020-08-03T00:00:00", "type": "nessus", "title": "GLSA-202007-61 : WebKitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202007-61.NASL", "href": "https://www.tenable.com/plugins/nessus/139269", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202007-61.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139269);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n script_xref(name:\"GLSA\", value:\"202007-61\");\n\n script_name(english:\"GLSA-202007-61 : WebKitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202007-61\n(WebKitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202007-61\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All WebKitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.28.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.28.4\"), vulnerable:make_list(\"lt 2.28.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebKitGTK+\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:06", "description": "This update for openexr provides the following fix :\n\nSecurity issues fixed :\n\nCVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574).\n\nCVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576).\n\nCVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573).\n\nCVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580).\n\nNon-security issue fixed :\n\nEnable tests when building the package on x86_64. (bsc#1146648)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-05-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : openexr (SUSE-SU-2020:1292-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2020-05-26T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libilmimf-imf_2_1", "p-cpe:/a:novell:suse_linux:libilmimf-imf_2_1-21-debuginfo", "p-cpe:/a:novell:suse_linux:openexr", "p-cpe:/a:novell:suse_linux:openexr-debuginfo", "p-cpe:/a:novell:suse_linux:openexr-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1292-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136786", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1292-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136786);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/26\");\n\n script_cve_id(\"CVE-2020-11758\", \"CVE-2020-11760\", \"CVE-2020-11763\", \"CVE-2020-11764\");\n\n script_name(english:\"SUSE SLES12 Security Update : openexr (SUSE-SU-2020:1292-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openexr provides the following fix :\n\nSecurity issues fixed :\n\nCVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in\nImfMisc.cpp (bsc#1169574).\n\nCVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated\nby ImfTileOffsets.cpp (bsc#1169576).\n\nCVE-2020-11758: Fixed an out-of-bounds read in\nImfOptimizedPixelReading.h (bsc#1169573).\n\nCVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression\nin rleUncompress in ImfRle.cpp (bsc#1169580).\n\nNon-security issue fixed :\n\nEnable tests when building the package on x86_64. (bsc#1146648)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11758/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11760/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11763/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11764/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201292-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74db7ae0\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2020-1292=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP4 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP4-2020-1292=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1292=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP4-2020-1292=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1292=1\n\nSUSE Linux Enterprise Server 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1292=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImf-Imf_2_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImf-Imf_2_1-21-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openexr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openexr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libIlmImf-Imf_2_1-21-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"openexr-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"openexr-debuginfo-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"openexr-debugsource-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libIlmImf-Imf_2_1-21-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"openexr-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"openexr-debuginfo-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"openexr-debugsource-2.1.0-6.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openexr\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:25:05", "description": "Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)\n\nTan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2018-18444)\n\nSamuel Gross discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)\n\nIt was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service.\n(CVE-2020-11765).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-04-28T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : OpenEXR vulnerabilities (USN-4339-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9111", "CVE-2017-9113", "CVE-2017-9115", "CVE-2018-18444", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libopenexr22", "p-cpe:/a:canonical:ubuntu_linux:libopenexr24", "p-cpe:/a:canonical:ubuntu_linux:openexr", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libopenexr-dev"], "id": "UBUNTU_USN-4339-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136028", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4339-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136028);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2017-9111\",\n \"CVE-2017-9113\",\n \"CVE-2017-9115\",\n \"CVE-2018-18444\",\n \"CVE-2020-11758\",\n \"CVE-2020-11759\",\n \"CVE-2020-11760\",\n \"CVE-2020-11761\",\n \"CVE-2020-11762\",\n \"CVE-2020-11763\",\n \"CVE-2020-11764\",\n \"CVE-2020-11765\"\n );\n script_xref(name:\"USN\", value:\"4339-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : OpenEXR vulnerabilities (USN-4339-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Brandon Perry discovered that OpenEXR incorrectly handled certain\nmalformed EXR image files. If a user were tricked into opening a\ncrafted EXR image file, a remote attacker could cause a denial of\nservice, or possibly execute arbitrary code. This issue only applied\nto Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)\n\nTan Jie discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR\nimage file, a remote attacker could cause a denial of service, or\npossibly execute arbitrary code. This issue only applied to Ubuntu\n20.04 LTS. (CVE-2018-18444)\n\nSamuel Gross discovered that OpenEXR incorrectly handled certain\nmalformed EXR image files. If a user were tricked into opening a\ncrafted EXR image file, a remote attacker could cause a denial of\nservice, or possibly execute arbitrary code. (CVE-2020-11758,\nCVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762,\nCVE-2020-11763, CVE-2020-11764)\n\nIt was discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR\nimage file, a remote attacker could cause a denial of service.\n(CVE-2020-11765).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4339-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-18444\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenexr22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenexr24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenexr-dev\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'libopenexr-dev', 'pkgver': '2.2.0-10ubuntu2.2'},\n {'osver': '16.04', 'pkgname': 'libopenexr22', 'pkgver': '2.2.0-10ubuntu2.2'},\n {'osver': '16.04', 'pkgname': 'openexr', 'pkgver': '2.2.0-10ubuntu2.2'},\n {'osver': '18.04', 'pkgname': 'libopenexr-dev', 'pkgver': '2.2.0-11.1ubuntu1.2'},\n {'osver': '18.04', 'pkgname': 'libopenexr22', 'pkgver': '2.2.0-11.1ubuntu1.2'},\n {'osver': '18.04', 'pkgname': 'openexr', 'pkgver': '2.2.0-11.1ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'libopenexr-dev', 'pkgver': '2.3.0-6ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libopenexr24', 'pkgver': '2.3.0-6ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'openexr', 'pkgver': '2.3.0-6ubuntu0.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libopenexr-dev / libopenexr22 / libopenexr24 / openexr');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:27", "description": "Security Fix(es) :\n\n - OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)\n\n - OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763)\n\n - OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp (CVE-2020-11764)", "cvss3": {}, "published": "2020-10-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : OpenEXR on SL7.x x86_64 (20201001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openexr", "p-cpe:/a:fermilab:scientific_linux:openexr-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openexr-devel", "p-cpe:/a:fermilab:scientific_linux:openexr-libs", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20201001_OPENEXR_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/141748", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141748);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-11761\", \"CVE-2020-11763\", \"CVE-2020-11764\");\n\n script_name(english:\"Scientific Linux Security Update : OpenEXR on SL7.x x86_64 (20201001)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - OpenEXR: out-of-bounds read during Huffman uncompression\n (CVE-2020-11761)\n\n - OpenEXR: std::vector out-of-bounds read and write in\n ImfTileOffsets.cpp (CVE-2020-11763)\n\n - OpenEXR: out-of-bounds write in copyIntoFrameBuffer\n function in ImfMisc.cpp (CVE-2020-11764)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2010&L=SCIENTIFIC-LINUX-ERRATA&P=18310\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b8350a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:OpenEXR-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"OpenEXR-1.7.1-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"OpenEXR-debuginfo-1.7.1-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"OpenEXR-devel-1.7.1-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"OpenEXR-libs-1.7.1-8.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR / OpenEXR-debuginfo / OpenEXR-devel / OpenEXR-libs\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:24", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4039 advisory.\n\n - OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)\n\n - OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763)\n\n - OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp (CVE-2020-11764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "CentOS 7 : OpenEXR (CESA-2020:4039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2020-11-30T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openexr", "p-cpe:/a:centos:centos:openexr-devel", "p-cpe:/a:centos:centos:openexr-libs", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-4039.NASL", "href": "https://www.tenable.com/plugins/nessus/141592", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4039 and\n# CentOS Errata and Security Advisory 2020:4039 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141592);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2020-11761\", \"CVE-2020-11763\", \"CVE-2020-11764\");\n script_xref(name:\"RHSA\", value:\"2020:4039\");\n\n script_name(english:\"CentOS 7 : OpenEXR (CESA-2020:4039)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:4039 advisory.\n\n - OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)\n\n - OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763)\n\n - OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp (CVE-2020-11764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-October/012790.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?731d1534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/22.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected OpenEXR, OpenEXR-devel and / or OpenEXR-libs packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11764\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(22, 125, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'OpenEXR-1.7.1-8.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'OpenEXR-devel-1.7.1-8.el7', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'OpenEXR-devel-1.7.1-8.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'OpenEXR-libs-1.7.1-8.el7', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'OpenEXR-libs-1.7.1-8.el7', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'OpenEXR / OpenEXR-devel / OpenEXR-libs');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T19:36:41", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has OpenEXR packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. (CVE-2020-11764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : OpenEXR Multiple Vulnerabilities (NS-SA-2021-0149)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2023-11-27T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:openexr", "p-cpe:/a:zte:cgsl_core:openexr-devel", "p-cpe:/a:zte:cgsl_core:openexr-libs", "p-cpe:/a:zte:cgsl_main:openexr", "p-cpe:/a:zte:cgsl_main:openexr-devel", "p-cpe:/a:zte:cgsl_main:openexr-libs", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0149_OPENEXR.NASL", "href": "https://www.tenable.com/plugins/nessus/154562", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0149. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154562);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\"CVE-2020-11761\", \"CVE-2020-11763\", \"CVE-2020-11764\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : OpenEXR Multiple Vulnerabilities (NS-SA-2021-0149)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has OpenEXR packages installed that are affected\nby multiple vulnerabilities:\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman\n uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as\n demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp. (CVE-2020-11764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0149\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-11761\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-11763\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-11764\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL OpenEXR packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11764\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'OpenEXR-1.7.1-8.el7',\n 'OpenEXR-devel-1.7.1-8.el7',\n 'OpenEXR-libs-1.7.1-8.el7'\n ],\n 'CGSL MAIN 5.05': [\n 'OpenEXR-1.7.1-8.el7',\n 'OpenEXR-devel-1.7.1-8.el7',\n 'OpenEXR-libs-1.7.1-8.el7'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'OpenEXR');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:17", "description": "Multiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files.", "cvss3": {}, "published": "2020-08-31T00:00:00", "type": "nessus", "title": "Debian DSA-4755-1 : openexr - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9111", "CVE-2017-9113", "CVE-2017-9114", "CVE-2017-9115", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-15305", "CVE-2020-15306"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openexr", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4755.NASL", "href": "https://www.tenable.com/plugins/nessus/140061", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4755. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140061);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/02\");\n\n script_cve_id(\"CVE-2017-9111\", \"CVE-2017-9113\", \"CVE-2017-9114\", \"CVE-2017-9115\", \"CVE-2020-11758\", \"CVE-2020-11759\", \"CVE-2020-11760\", \"CVE-2020-11761\", \"CVE-2020-11762\", \"CVE-2020-11763\", \"CVE-2020-11764\", \"CVE-2020-11765\", \"CVE-2020-15305\", \"CVE-2020-15306\");\n script_xref(name:\"DSA\", value:\"4755\");\n\n script_name(english:\"Debian DSA-4755-1 : openexr - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were found in the OpenEXR image library,\nwhich could result in denial of service and potentially the execution\nof arbitrary code when processing malformed EXR image files.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openexr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/openexr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4755\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the openexr packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.2.1-4.1+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"libopenexr-dev\", reference:\"2.2.1-4.1+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libopenexr23\", reference:\"2.2.1-4.1+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openexr\", reference:\"2.2.1-4.1+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openexr-doc\", reference:\"2.2.1-4.1+deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:07", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1499 advisory.\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. (CVE-2020-11764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : OpenEXR (ALAS-2020-1499)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2020-10-29T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openexr", "p-cpe:/a:amazon:linux:openexr-debuginfo", "p-cpe:/a:amazon:linux:openexr-devel", "p-cpe:/a:amazon:linux:openexr-libs", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1499.NASL", "href": "https://www.tenable.com/plugins/nessus/141952", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1499.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141952);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/29\");\n\n script_cve_id(\"CVE-2020-11761\", \"CVE-2020-11763\", \"CVE-2020-11764\");\n script_xref(name:\"ALAS\", value:\"2020-1499\");\n\n script_name(english:\"Amazon Linux 2 : OpenEXR (ALAS-2020-1499)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1499 advisory.\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman\n uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as\n demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp. (CVE-2020-11764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1499.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11764\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update OpenEXR' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11764\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:OpenEXR-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'OpenEXR-1.7.1-8.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'OpenEXR-1.7.1-8.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'OpenEXR-1.7.1-8.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'OpenEXR-debuginfo-1.7.1-8.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'OpenEXR-debuginfo-1.7.1-8.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'OpenEXR-debuginfo-1.7.1-8.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'OpenEXR-devel-1.7.1-8.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'OpenEXR-devel-1.7.1-8.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'OpenEXR-devel-1.7.1-8.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'OpenEXR-libs-1.7.1-8.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'OpenEXR-libs-1.7.1-8.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'OpenEXR-libs-1.7.1-8.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR / OpenEXR-debuginfo / OpenEXR-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T14:24:17", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4039 advisory.\n\n - OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)\n\n - OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763)\n\n - OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp (CVE-2020-11764)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-29T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenEXR (RHSA-2020:4039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:openexr", "p-cpe:/a:redhat:enterprise_linux:openexr-devel", "p-cpe:/a:redhat:enterprise_linux:openexr-libs"], "id": "REDHAT-RHSA-2020-4039.NASL", "href": "https://www.tenable.com/plugins/nessus/141030", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4039. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141030);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2020-11761\", \"CVE-2020-11763\", \"CVE-2020-11764\");\n script_xref(name:\"RHSA\", value:\"2020:4039\");\n\n script_name(english:\"RHEL 7 : OpenEXR (RHSA-2020:4039)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4039 advisory.\n\n - OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)\n\n - OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763)\n\n - OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp (CVE-2020-11764)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1828990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1828995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1829002\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected OpenEXR, OpenEXR-devel and / or OpenEXR-libs packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11764\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 125, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:OpenEXR-libs\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'OpenEXR-1.7.1-8.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-1.7.1-8.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-1.7.1-8.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-1.7.1-8.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-devel-1.7.1-8.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-libs-1.7.1-8.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'OpenEXR / OpenEXR-devel / OpenEXR-libs');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:05", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4039 advisory.\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. (CVE-2020-11764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : OpenEXR (ELSA-2020-4039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2020-10-09T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:openexr", "p-cpe:/a:oracle:linux:openexr-devel", "p-cpe:/a:oracle:linux:openexr-libs"], "id": "ORACLELINUX_ELSA-2020-4039.NASL", "href": "https://www.tenable.com/plugins/nessus/141224", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4039.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141224);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\"CVE-2020-11761\", \"CVE-2020-11763\", \"CVE-2020-11764\");\n\n script_name(english:\"Oracle Linux 7 : OpenEXR (ELSA-2020-4039)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-4039 advisory.\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman\n uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as\n demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp. (CVE-2020-11764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://linux.oracle.com/errata/ELSA-2020-4039.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected OpenEXR, OpenEXR-devel and / or OpenEXR-libs packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11764\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:OpenEXR-libs\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'OpenEXR-1.7.1-8.el7', 'cpu':'aarch64', 'release':'7'},\n {'reference':'OpenEXR-1.7.1-8.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'OpenEXR-devel-1.7.1-8.el7', 'cpu':'aarch64', 'release':'7'},\n {'reference':'OpenEXR-devel-1.7.1-8.el7', 'cpu':'i686', 'release':'7'},\n {'reference':'OpenEXR-devel-1.7.1-8.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'OpenEXR-libs-1.7.1-8.el7', 'cpu':'aarch64', 'release':'7'},\n {'reference':'OpenEXR-libs-1.7.1-8.el7', 'cpu':'i686', 'release':'7'},\n {'reference':'OpenEXR-libs-1.7.1-8.el7', 'cpu':'x86_64', 'release':'7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'OpenEXR / OpenEXR-devel / OpenEXR-libs');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:29", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has OpenEXR packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. (CVE-2020-11764)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : OpenEXR Multiple Vulnerabilities (NS-SA-2021-0031)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2021-03-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0031_OPENEXR.NASL", "href": "https://www.tenable.com/plugins/nessus/147238", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0031. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147238);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2020-11761\", \"CVE-2020-11763\", \"CVE-2020-11764\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : OpenEXR Multiple Vulnerabilities (NS-SA-2021-0031)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has OpenEXR packages installed that are affected\nby multiple vulnerabilities:\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as\n demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp. (CVE-2020-11764)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman\n uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0031\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL OpenEXR packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11764\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'OpenEXR-1.7.1-8.el7',\n 'OpenEXR-devel-1.7.1-8.el7',\n 'OpenEXR-libs-1.7.1-8.el7'\n ],\n 'CGSL MAIN 5.04': [\n 'OpenEXR-1.7.1-8.el7',\n 'OpenEXR-devel-1.7.1-8.el7',\n 'OpenEXR-libs-1.7.1-8.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'OpenEXR');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:07:03", "description": "Multiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files.\n\nFor Debian 9 stretch, these problems have been fixed in version 2.2.0-11+deb9u1.\n\nWe recommend that you upgrade your openexr packages.\n\nFor the detailed security status of openexr please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-31T00:00:00", "type": "nessus", "title": "Debian DLA-2358-1 : openexr security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12596", "CVE-2017-9110", "CVE-2017-9111", "CVE-2017-9112", "CVE-2017-9113", "CVE-2017-9114", "CVE-2017-9115", "CVE-2017-9116", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-15305", "CVE-2020-15306"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libopenexr-dev", "p-cpe:/a:debian:debian_linux:libopenexr22", "p-cpe:/a:debian:debian_linux:openexr", "p-cpe:/a:debian:debian_linux:openexr-doc", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2358.NASL", "href": "https://www.tenable.com/plugins/nessus/140057", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2358-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140057);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/02\");\n\n script_cve_id(\"CVE-2017-12596\", \"CVE-2017-9110\", \"CVE-2017-9111\", \"CVE-2017-9112\", \"CVE-2017-9113\", \"CVE-2017-9114\", \"CVE-2017-9115\", \"CVE-2017-9116\", \"CVE-2020-11758\", \"CVE-2020-11759\", \"CVE-2020-11760\", \"CVE-2020-11761\", \"CVE-2020-11762\", \"CVE-2020-11763\", \"CVE-2020-11764\", \"CVE-2020-11765\", \"CVE-2020-15305\", \"CVE-2020-15306\");\n\n script_name(english:\"Debian DLA-2358-1 : openexr security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were found in the OpenEXR image library,\nwhich could result in denial of service and potentially the execution\nof arbitrary code when processing malformed EXR image files.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.2.0-11+deb9u1.\n\nWe recommend that you upgrade your openexr packages.\n\nFor the detailed security status of openexr please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/openexr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openexr\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenexr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenexr22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openexr-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libopenexr-dev\", reference:\"2.2.0-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenexr22\", reference:\"2.2.0-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openexr\", reference:\"2.2.0-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openexr-doc\", reference:\"2.2.0-11+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-22T15:09:07", "description": "The remote host is affected by the vulnerability described in GLSA-202107-27 (OpenEXR: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2022-01-24T00:00:00", "type": "nessus", "title": "GLSA-202107-27 : OpenEXR: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-15304", "CVE-2020-15305", "CVE-2020-15306", "CVE-2021-20296", "CVE-2021-3474", "CVE-2021-3475", "CVE-2021-3476", "CVE-2021-3477", "CVE-2021-3478", "CVE-2021-3479"], "modified": "2023-11-20T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openexr", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202107-27.NASL", "href": "https://www.tenable.com/plugins/nessus/157033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202107-27.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157033);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/20\");\n\n script_cve_id(\n \"CVE-2020-11758\",\n \"CVE-2020-11759\",\n \"CVE-2020-11760\",\n \"CVE-2020-11761\",\n \"CVE-2020-11762\",\n \"CVE-2020-11763\",\n \"CVE-2020-11764\",\n \"CVE-2020-11765\",\n \"CVE-2020-15304\",\n \"CVE-2020-15305\",\n \"CVE-2020-15306\",\n \"CVE-2021-20296\",\n \"CVE-2021-3474\",\n \"CVE-2021-3475\",\n \"CVE-2021-3476\",\n \"CVE-2021-3477\",\n \"CVE-2021-3478\",\n \"CVE-2021-3479\"\n );\n script_xref(name:\"GLSA\", value:\"202107-27\");\n\n script_name(english:\"GLSA-202107-27 : OpenEXR: Multiple vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202107-27\n(OpenEXR: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenEXR. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202107-27\");\n script_set_attribute(attribute:\"solution\", value:\n\"All OpenEXR users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/openexr-2.5.6'\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3476\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3479\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/openexr\", unaffected:make_list(\"ge 2.5.6\"), vulnerable:make_list(\"lt 2.5.6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:09", "description": "According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.(CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.(CVE-2020-11764)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : OpenEXR (EulerOS-SA-2020-2261)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11763", "CVE-2020-11764"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openexr-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2261.NASL", "href": "https://www.tenable.com/plugins/nessus/142127", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142127);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-11763\",\n \"CVE-2020-11764\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : OpenEXR (EulerOS-SA-2020-2261)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the OpenEXR package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in OpenEXR before 2.4.1. There\n is an std::vector out-of-bounds read and write, as\n demonstrated by ImfTileOffsets.cpp.(CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There\n is an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp.(CVE-2020-11764)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2261\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?34fbf91a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected OpenEXR packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"OpenEXR-libs-1.7.1-7.h2.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:07:30", "description": "According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.(CVE-2020-11764)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.(CVE-2020-11763)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : OpenEXR (EulerOS-SA-2021-1822)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11763", "CVE-2020-11764"], "modified": "2021-05-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openexr-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1822.NASL", "href": "https://www.tenable.com/plugins/nessus/149143", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149143);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/04\");\n\n script_cve_id(\n \"CVE-2020-11763\",\n \"CVE-2020-11764\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : OpenEXR (EulerOS-SA-2021-1822)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the OpenEXR package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in OpenEXR before 2.4.1. There\n is an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp.(CVE-2020-11764)\n\n - An issue was discovered in OpenEXR before 2.4.1. There\n is an std::vector out-of-bounds read and write, as\n demonstrated by ImfTileOffsets.cpp.(CVE-2020-11763)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1822\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a2acfe3c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected OpenEXR packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"OpenEXR-libs-1.7.1-7.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T15:09:04", "description": "According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. (CVE-2020-11758)\n\n - An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. (CVE-2020-11759)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. (CVE-2020-11760)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.\n (CVE-2020-11762)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. (CVE-2020-11764)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. (CVE-2020-11765)\n\n - An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. (CVE-2020-15305)\n\n - An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. (CVE-2020-15306)\n\n - A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20296)\n\n - An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.\n (CVE-2021-23215)\n\n - An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215. (CVE-2021-26260)\n\n - There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability. (CVE-2021-3474)\n\n - There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability. (CVE-2021-3475)\n\n - A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. (CVE-2021-3476)\n\n - There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability. (CVE-2021-3477)\n\n - There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability. (CVE-2021-3478)\n\n - There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. (CVE-2021-3479)\n\n - There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. (CVE-2021-3598)\n\n - There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. (CVE-2021-3605)\n\n - An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits.\n This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. (CVE-2021-3933)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-10-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : OpenEXR (EulerOS-SA-2022-2475)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-15305", "CVE-2020-15306", "CVE-2021-20296", "CVE-2021-23215", "CVE-2021-26260", "CVE-2021-3474", "CVE-2021-3475", "CVE-2021-3476", "CVE-2021-3477", "CVE-2021-3478", "CVE-2021-3479", "CVE-2021-3598", "CVE-2021-3605", "CVE-2021-3933"], "modified": "2023-10-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openexr-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2475.NASL", "href": "https://www.tenable.com/plugins/nessus/165850", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165850);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/10\");\n\n script_cve_id(\n \"CVE-2020-11758\",\n \"CVE-2020-11759\",\n \"CVE-2020-11760\",\n \"CVE-2020-11761\",\n \"CVE-2020-11762\",\n \"CVE-2020-11763\",\n \"CVE-2020-11764\",\n \"CVE-2020-11765\",\n \"CVE-2020-15305\",\n \"CVE-2020-15306\",\n \"CVE-2021-3474\",\n \"CVE-2021-3475\",\n \"CVE-2021-3476\",\n \"CVE-2021-3477\",\n \"CVE-2021-3478\",\n \"CVE-2021-3479\",\n \"CVE-2021-3598\",\n \"CVE-2021-3605\",\n \"CVE-2021-3933\",\n \"CVE-2021-20296\",\n \"CVE-2021-23215\",\n \"CVE-2021-26260\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : OpenEXR (EulerOS-SA-2022-2475)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in\n ImfOptimizedPixelReading.h. (CVE-2020-11758)\n\n - An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in\n CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write\n to an out-of-bounds pointer. (CVE-2020-11759)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression\n in rleUncompress in ImfRle.cpp. (CVE-2020-11760)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman\n uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in\n DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.\n (CVE-2020-11762)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as\n demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp. (CVE-2020-11764)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read\n function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. (CVE-2020-11765)\n\n - An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in\n DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. (CVE-2020-15305)\n\n - An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer\n overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. (CVE-2020-15306)\n\n - A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker,\n that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL\n pointer dereference. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20296)\n\n - An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in\n versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.\n (CVE-2021-23215)\n\n - An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in\n versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This\n is a different flaw from CVE-2021-23215. (CVE-2021-26260)\n\n - There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR\n could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application\n availability. (CVE-2021-3474)\n\n - There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be\n processed by OpenEXR could cause an integer overflow, potentially leading to problems with application\n availability. (CVE-2021-3475)\n\n - A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker\n who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting\n application availability. (CVE-2021-3476)\n\n - There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker\n who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow,\n subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application\n availability. (CVE-2021-3477)\n\n - There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker\n able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The\n greatest impact of this flaw is to system availability. (CVE-2021-3478)\n\n - There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is\n able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory,\n resulting in an impact to system availability. (CVE-2021-3479)\n\n - There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker\n who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds\n read. The greatest risk from this flaw is to application availability. (CVE-2021-3598)\n\n - There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is\n able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The\n greatest risk from this flaw is to application availability. (CVE-2021-3605)\n\n - An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits.\n This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with\n application stability or lead to other attack paths. (CVE-2021-3933)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2475\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?35e2d207\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected OpenEXR packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3476\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3933\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"OpenEXR-libs-2.2.0-15.h3.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:58:57", "description": "According to the version of the cyrus-sasl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.(CVE-2019-19906)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : cyrus-sasl (EulerOS-SA-2020-1377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19906"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:cyrus-sasl", "p-cpe:/a:huawei:euleros:cyrus-sasl-devel", "p-cpe:/a:huawei:euleros:cyrus-sasl-gssapi", "p-cpe:/a:huawei:euleros:cyrus-sasl-lib", "p-cpe:/a:huawei:euleros:cyrus-sasl-md5", "p-cpe:/a:huawei:euleros:cyrus-sasl-plain", "p-cpe:/a:huawei:euleros:cyrus-sasl-scram", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1377.NASL", "href": "https://www.tenable.com/plugins/nessus/135506", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135506);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-19906\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : cyrus-sasl (EulerOS-SA-2020-1377)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the cyrus-sasl packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds\n write leading to unauthenticated remote\n denial-of-service in OpenLDAP via a malformed LDAP\n packet. The OpenLDAP crash is ultimately caused by an\n off-by-one error in _sasl_add_string in common.c in\n cyrus-sasl.(CVE-2019-19906)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1377\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f02ceaae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cyrus-sasl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cyrus-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cyrus-sasl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cyrus-sasl-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cyrus-sasl-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cyrus-sasl-md5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cyrus-sasl-plain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cyrus-sasl-scram\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"cyrus-sasl-2.1.26-20.h1\",\n \"cyrus-sasl-devel-2.1.26-20.h1\",\n \"cyrus-sasl-gssapi-2.1.26-20.h1\",\n \"cyrus-sasl-lib-2.1.26-20.h1\",\n \"cyrus-sasl-md5-2.1.26-20.h1\",\n \"cyrus-sasl-plain-2.1.26-20.h1\",\n \"cyrus-sasl-scram-2.1.26-20.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cyrus-sasl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:56:06", "description": "According to the version of the cyrus-sasl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.(CVE-2019-19906)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : cyrus-sasl (EulerOS-SA-2020-1145)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19906"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:cyrus-sasl", "p-cpe:/a:huawei:euleros:cyrus-sasl-devel", "p-cpe:/a:huawei:euleros:cyrus-sasl-gs2", "p-cpe:/a:huawei:euleros:cyrus-sasl-gssapi", "p-cpe:/a:huawei:euleros:cyrus-sasl-ldap", "p-cpe:/a:huawei:euleros:cyrus-sasl-lib", "p-cpe:/a:huawei:euleros:cyrus-sasl-md5", "p-cpe:/a:huawei:euleros:cyrus-sasl-ntlm", "p-cpe:/a:huawei:euleros:cyrus-sasl-plain", "p-cpe:/a:huawei:euleros:cyrus-sasl-scram", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1145.NASL", "href": "https://www.tenable.com/plugins/nessus/133979", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133979);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-19906\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : cyrus-sasl (EulerOS-SA-2020-1145)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the cyrus-sasl packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds\n write leading to unauthenticated remote\n denial-of-service in OpenLDAP via a malformed LDAP\n packet. The OpenLDAP crash is ultimately caused by an\n off-by-one error in _sasl_add_string in common.c in\n cyrus-sasl.(CVE-2019-19906)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1145\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?448fbbc0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cyrus-sasl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cyrus-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cyrus-sasl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cyrus-sasl-gs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cyrus-sasl-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cyrus-sasl-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cyrus-sasl-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cyrus-sasl-md5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cyrus-sasl-ntlm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cyrus-sasl-plain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cyrus-sasl-scram\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"cyrus-sasl-2.1.27-0.3rc7.h2.eulerosv2r8\",\n \"cyrus-sasl-devel-2.1.27-0.3rc7.h2.eulerosv2r8\",\n \"cyrus-sasl-gs2-2.1.27-0.3rc7.h2.eulerosv2r8\",\n \"cyrus-sasl-gssapi-2.1.27-0.3rc7.h2.eulerosv2r8\",\n \"cyrus-sasl-ldap-2.1.27-0.3rc7.h2.eulerosv2r8\",\n \"cyrus-sasl-lib-2.1.27-0.3rc7.h2.eulerosv2r8\",\n \"cyrus-sasl-md5-2.1.27-0.3rc7.h2.eulerosv2r8\",\n \"cyrus-sasl-ntlm-2.1.27-0.3rc7.h2.eulerosv2r8\",\n \"cyrus-sasl-plain-2.1.27-0.3rc7.h2.eulerosv2r8\",\n \"cyrus-sasl-scram-2.1.27-0.3rc7.h2.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cyrus-sasl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:10:18", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14579-1 advisory.\n\n - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of- service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. (CVE-2019-19906)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : cyrus-sasl (SUSE-SU-2020:14579-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19906"], "modified": "2021-06-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cyrus-sasl", "p-cpe:/a:novell:suse_linux:cyrus-sasl-32bit", "p-cpe:/a:novell:suse_linux:cyrus-sasl-crammd5", "p-cpe:/a:novell:suse_linux:cyrus-sasl-crammd5-32bit", "p-cpe:/a:novell:suse_linux:cyrus-sasl-digestmd5", "p-cpe:/a:novell:suse_linux:cyrus-sasl-digestmd5-32bit", "p-cpe:/a:novell:suse_linux:cyrus-sasl-gssapi", "p-cpe:/a:novell:suse_linux:cyrus-sasl-gssapi-32bit", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-32bit", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-crammd5", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-crammd5-32bit", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-crammd5-x86", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-digestmd5", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-digestmd5-32bit", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-digestmd5-x86", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-gssapi", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-gssapi-32bit", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-gssapi-x86", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-ntlm", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-otp", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-otp-32bit", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-otp-x86", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-plain", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-plain-32bit", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-plain-x86", "p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-x86", "p-cpe:/a:novell:suse_linux:cyrus-sasl-otp", "p-cpe:/a:novell:suse_linux:cyrus-sasl-otp-32bit", "p-cpe:/a:novell:suse_linux:cyrus-sasl-plain", "p-cpe:/a:novell:suse_linux:cyrus-sasl-plain-32bit", "p-cpe:/a:novell:suse_linux:cyrus-sasl-saslauthd", "p-cpe:/a:novell:suse_linux:cyrus-sasl-sqlauxprop", "p-cpe:/a:novell:suse_linux:cyrus-sasl-sqlauxprop-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2020-14579-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150549", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2020:14579-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150549);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/10\");\n\n script_cve_id(\"CVE-2019-19906\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2020:14579-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : cyrus-sasl (SUSE-SU-2020:14579-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE-\nSU-2020:14579-1 advisory.\n\n - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-\n service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one\n error in _sasl_add_string in common.c in cyrus-sasl. (CVE-2019-19906)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159635\");\n # https://lists.suse.com/pipermail/sle-security-updates/2020-December/008085.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ab44e999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19906\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19906\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-crammd5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-crammd5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-digestmd5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-digestmd5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-gssapi-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-crammd5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-crammd5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-crammd5-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-digestmd5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-digestmd5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-digestmd5-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-gssapi-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-gssapi-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-ntlm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-otp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-otp-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-otp-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-plain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-plain-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-plain-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-openssl1-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-otp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-otp-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-plain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-plain-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-saslauthd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-sqlauxprop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-sasl-sqlauxprop-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(0|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP0/4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'cyrus-sasl-openssl1-2.1.22-182.26.4', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-crammd5-2.1.22-182.26.4', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-crammd5-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-crammd5-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-digestmd5-2.1.22-182.26.4', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-digestmd5-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-digestmd5-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-gssapi-2.1.22-182.26.4', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-gssapi-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-gssapi-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-ntlm-2.1.22-182.26.4', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-otp-2.1.22-182.26.4', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-otp-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-otp-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-plain-2.1.22-182.26.4', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-plain-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-plain-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'cyrus-sasl-2.1.22-182.26.4', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-crammd5-2.1.22-182.26.4', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-crammd5-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-crammd5-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-digestmd5-2.1.22-182.26.4', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-digestmd5-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-digestmd5-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-gssapi-2.1.22-182.26.4', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-gssapi-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-gssapi-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-otp-2.1.22-182.26.4', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-otp-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-otp-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-plain-2.1.22-182.26.4', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-plain-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-plain-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-saslauthd-2.1.22-182.26.4', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-sqlauxprop-2.1.22-182.26.4', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-sqlauxprop-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-sqlauxprop-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'cyrus-sasl-openssl1-2.1.22-182.26.4', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-crammd5-2.1.22-182.26.4', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-crammd5-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-crammd5-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-digestmd5-2.1.22-182.26.4', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-digestmd5-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-digestmd5-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-gssapi-2.1.22-182.26.4', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-gssapi-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-gssapi-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-ntlm-2.1.22-182.26.4', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-otp-2.1.22-182.26.4', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-otp-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-otp-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-plain-2.1.22-182.26.4', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-plain-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-openssl1-plain-32bit-2.1.22-182.26.4', 'sp':'0', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'cyrus-sasl-2.1.22-182.26.4', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-crammd5-2.1.22-182.26.4', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-crammd5-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-crammd5-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-digestmd5-2.1.22-182.26.4', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-digestmd5-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-digestmd5-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-gssapi-2.1.22-182.26.4', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-gssapi-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-gssapi-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-otp-2.1.22-182.26.4', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-otp-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-otp-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-plain-2.1.22-182.26.4', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-plain-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-plain-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-saslauthd-2.1.22-182.26.4', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-sqlauxprop-2.1.22-182.26.4', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-sqlauxprop-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'cyrus-sasl-sqlauxprop-32bit-2.1.22-182.26.4', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cyrus-sasl / cyrus-sasl-32bit / cyrus-sasl-crammd5 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:57:38", "description": "An update of the cyrus package has been released.", "cvss3": {}, "published": "2020-03-11T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Cyrus PHSA-2020-1.0-0283", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19906"], "modified": "2020-03-13T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:cyrus", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0283_CYRUS.NASL", "href": "https://www.tenable.com/plugins/nessus/134425", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0283. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134425);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/13\");\n\n script_cve_id(\"CVE-2019-19906\");\n\n script_name(english:\"Photon OS 1.0: Cyrus PHSA-2020-1.0-0283\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the cyrus package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-283.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19906\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:cyrus\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"cyrus-sasl-2.1.26-11.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"cyrus-sasl-debuginfo-2.1.26-11.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cyrus\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:32:03", "description": "There has been an out-of-bounds write in Cyrus SASL leading to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash was ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.\n\nFor Debian 8 'Jessie', this problem has been fixed in version 2.1.26.dfsg1-13+deb8u2.\n\nWe recommend that you upgrade your cyrus-sasl2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-23T00:00:00", "type": "nessus", "title": "Debian DLA-2044-1 : cyrus-sasl2 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19906"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:cyrus-sasl2-dbg", "p-cpe:/a:debian:debian_linux:cyrus-sasl2-doc", "p-cpe:/a:debian:debian_linux:cyrus-sasl2-heimdal-dbg", "p-cpe:/a:debian:debian_linux:cyrus-sasl2-mit-dbg", "p-cpe:/a:debian:debian_linux:libsasl2-2", "p-cpe:/a:debian:debian_linux:libsasl2-dev", "p-cpe:/a:debian:debian_linux:libsasl2-modules", "p-cpe:/a:debian:debian_linux:libsasl2-modules-db", "p-cpe:/a:debian:debian_linux:libsasl2-modules-gssapi-heimdal", "p-cpe:/a:debian:debian_linux:libsasl2-modules-gssapi-mit", "p-cpe:/a:debian:debian_linux:libsasl2-modules-ldap", "p-cpe:/a:debian:debian_linux:libsasl2-modules-otp", "p-cpe:/a:debian:debian_linux:libsasl2-modules-sql", "p-cpe:/a:debian:debian_linux:sasl2-bin", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2044.NASL", "href": "https://www.tenable.com/plugins/nessus/132344", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2044-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132344);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-19906\");\n\n script_name(english:\"Debian DLA-2044-1 : cyrus-sasl2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"There has been an out-of-bounds write in Cyrus SASL leading to\nunauthenticated remote denial of service in OpenLDAP via a malformed\nLDAP packet. The OpenLDAP crash was ultimately caused by an off-by-one\nerror in _sasl_add_string in common.c in cyrus-sasl.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n2.1.26.dfsg1-13+deb8u2.\n\nWe recommend that you upgrade your cyrus-sasl2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/cyrus-sasl2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19906\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cyrus-sasl2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cyrus-sasl2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cyrus-sasl2-heimdal-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cyrus-sasl2-mit-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsasl2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsasl2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsasl2-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsasl2-modules-db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsasl2-modules-gssapi-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsasl2-modules-gssapi-mit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsasl2-modules-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsasl2-modules-otp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsasl2-modules-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sasl2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"cyrus-sasl2-dbg\", reference:\"2.1.26.dfsg1-13+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"cyrus-sasl2-doc\", reference:\"2.1.26.dfsg1-13+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"cyrus-sasl2-heimdal-dbg\", reference:\"2.1.26.dfsg1-13+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"cyrus-sasl2-mit-dbg\", reference:\"2.1.26.dfsg1-13+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsasl2-2\", reference:\"2.1.26.dfsg1-13+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsasl2-dev\", reference:\"2.1.26.dfsg1-13+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsasl2-modules\", reference:\"2.1.26.dfsg1-13+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsasl2-modules-db\", reference:\"2.1.26.dfsg1-13+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsasl2-modules-gssapi-heimdal\", reference:\"2.1.26.dfsg1-13+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsasl2-modules-gssapi-mit\", reference:\"2.1.26.dfsg1-13+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsasl2-modules-ldap\", reference:\"2.1.26.dfsg1-13+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsasl2-modules-otp\", reference:\"2.1.26.dfsg1-13+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsasl2-modules-sql\", reference:\"2.1.26.dfsg1-13+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"sasl2-bin\", reference:\"2.1.26.dfsg1-13+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:58:36", "description": "Security fix for CVE 2019 19906\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-04-06T00:00:00", "type": "nessus", "title": "Fedora 31 : cyrus-sasl (2020-bf829f9a84)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19906"], "modified": "2020-04-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cyrus-sasl", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-BF829F9A84.NASL", "href": "https://www.tenable.com/plugins/nessus/135214", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-bf829f9a84.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135214);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/08\");\n\n script_cve_id(\"CVE-2019-19906\");\n script_xref(name:\"FEDORA\", value:\"2020-bf829f9a84\");\n\n script_name(english:\"Fedora 31 : cyrus-sasl (2020-bf829f9a84)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE 2019 19906\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-bf829f9a84\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cyrus-sasl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cyrus-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"cyrus-sasl-2.1.27-3.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cyrus-sasl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2023-05-15T16:52:50", "description": "MinGW Windows OpenEXR library. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-05-16T03:40:01", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: mingw-OpenEXR-2.4.1-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"], "modified": "2020-05-16T03:40:01", "id": "FEDORA:03034610C904", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-15T16:52:50", "description": "MinGW Windows ilmbase library. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-05-16T03:40:00", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: mingw-ilmbase-2.4.1-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"], "modified": "2020-05-16T03:40:00", "id": "FEDORA:9F70F610C901", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/23DHUGWLZZKNI7KCIMYAEI3JJS3TMI6X/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T15:26:38", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-07T01:09:26", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: webkit2gtk3-2.28.4-3.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-08-07T01:09:26", "id": "FEDORA:CBE8E30B452C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OUWSIKTH7SSMIRIJAIUN53IAW2P5BMTP/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T15:26:38", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-04T01:21:10", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: webkit2gtk3-2.28.4-3.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-08-04T01:21:10", "id": "FEDORA:A56F0309448D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SJH3GWTEC5YTRI3G5YELXZAFZQ66ZYOZ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-01T16:34:38", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: cyrus-sasl-2.1.27-4.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19906"], "modified": "2020-04-01T16:34:38", "id": "FEDORA:2FCE26076F64", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MW6GZCLECGL2PBNHVNPJIX4RPVRVFR7R/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-04T03:22:19", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: cyrus-sasl-2.1.27-3.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19906"], "modified": "2020-04-04T03:22:19", "id": "FEDORA:248856062BF1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OB4GSVOJ6ESHQNT5GSV63OX5D4KPSTGT/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2023-12-03T17:33:22", "description": "The updated packages fix security vulnerabilities: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. (CVE-2020-11758) An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. (CVE-2020-11759) An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. (CVE-2020-11760) An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761) An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case. (CVE-2020-11762) An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763) An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. (CVE-2020-11764) An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. (CVE-2020-11765) \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-05-05T15:20:37", "type": "mageia", "title": "Updated openexr packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"], "modified": "2020-05-05T15:20:37", "id": "MGASA-2020-0189", "href": "https://advisories.mageia.org/MGASA-2020-0189.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T17:33:22", "description": "Updated cyrus-sasl packages fix security vulnerability: Stephan Zeisberg reported an out-of-bounds write vulnerability in the _sasl_add_string() function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take advantage of this issue to cause denial-of-service conditions for applications using the library (CVE-2019-19906). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-05T18:37:51", "type": "mageia", "title": "Updated cyrus-sasl packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19906"], "modified": "2020-01-05T18:37:51", "id": "MGASA-2020-0011", "href": "https://advisories.mageia.org/MGASA-2020-0011.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-05-22T13:24:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-18T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for mingw-OpenEXR (FEDORA-2020-e244f22a51)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11765", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-11762"], "modified": "2020-05-20T00:00:00", "id": "OPENVAS:1361412562310877857", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877857", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877857\");\n script_version(\"2020-05-20T02:28:18+0000\");\n script_cve_id(\"CVE-2020-11765\", \"CVE-2020-11764\", \"CVE-2020-11763\", \"CVE-2020-11762\", \"CVE-2020-11761\", \"CVE-2020-11760\", \"CVE-2020-11759\", \"CVE-2020-11758\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-20 02:28:18 +0000 (Wed, 20 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-18 03:24:19 +0000 (Mon, 18 May 2020)\");\n script_name(\"Fedora: Security Advisory for mingw-OpenEXR (FEDORA-2020-e244f22a51)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-e244f22a51\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-OpenEXR'\n package(s) announced via the FEDORA-2020-e244f22a51 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MinGW Windows OpenEXR library.\");\n\n script_tag(name:\"affected\", value:\"'mingw-OpenEXR' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mingw-OpenEXR\", rpm:\"mingw-OpenEXR~2.4.1~1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-22T13:26:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-18T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for mingw-ilmbase (FEDORA-2020-e244f22a51)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11765", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-11762"], "modified": "2020-05-20T00:00:00", "id": "OPENVAS:1361412562310877847", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877847", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877847\");\n script_version(\"2020-05-20T02:28:18+0000\");\n script_cve_id(\"CVE-2020-11765\", \"CVE-2020-11764\", \"CVE-2020-11763\", \"CVE-2020-11762\", \"CVE-2020-11761\", \"CVE-2020-11760\", \"CVE-2020-11759\", \"CVE-2020-11758\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-20 02:28:18 +0000 (Wed, 20 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-18 03:24:01 +0000 (Mon, 18 May 2020)\");\n script_name(\"Fedora: Security Advisory for mingw-ilmbase (FEDORA-2020-e244f22a51)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-e244f22a51\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23DHUGWLZZKNI7KCIMYAEI3JJS3TMI6X\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-ilmbase'\n package(s) announced via the FEDORA-2020-e244f22a51 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MinGW Windows ilmbase library.\");\n\n script_tag(name:\"affected\", value:\"'mingw-ilmbase' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mingw-ilmbase\", rpm:\"mingw-ilmbase~2.4.1~1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-28T13:22:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-23T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for openexr (openSUSE-SU-2020:0682-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11765", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11764", "CVE-2020-11762"], "modified": "2020-05-27T00:00:00", "id": "OPENVAS:1361412562310853164", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853164", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853164\");\n script_version(\"2020-05-27T04:05:03+0000\");\n script_cve_id(\"CVE-2020-11758\", \"CVE-2020-11760\", \"CVE-2020-11761\", \"CVE-2020-11762\", \"CVE-2020-11763\", \"CVE-2020-11764\", \"CVE-2020-11765\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-27 04:05:03 +0000 (Wed, 27 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-23 03:00:42 +0000 (Sat, 23 May 2020)\");\n script_name(\"openSUSE: Security Advisory for openexr (openSUSE-SU-2020:0682-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0682-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openexr'\n package(s) announced via the openSUSE-SU-2020:0682-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openexr provides the following fix:\n\n Security issues fixed:\n\n - CVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read\n function by DwaCompressor:Classifier:Classifier (bsc#1169575).\n\n - CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp (bsc#1169574).\n\n - CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated\n by ImfTileOffsets.cpp (bsc#1169576).\n\n - CVE-2020-11762: Fixed an out-of-bounds read and write in\n DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the\n UNKNOWN compression case (bsc#1169549).\n\n - CVE-2020-11761: Fixed an out-of-bounds read during Huffman\n uncompression, as demonstrated by FastHufDecoder:refill in\n ImfFastHuf.cpp (bsc#1169578).\n\n - CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in\n rleUncompress in ImfRle.cpp (bsc#1169580).\n\n - CVE-2020-11758: Fixed an out-of-bounds read in\n ImfOptimizedPixelReading.h (bsc#1169573).\n\n Non-security issue fixed:\n\n - Enable tests when building the package on x86_64. (bsc#1146648)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-682=1\");\n\n script_tag(name:\"affected\", value:\"'openexr' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libIlmImf-2_2-23\", rpm:\"libIlmImf-2_2-23~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libIlmImf-2_2-23-debuginfo\", rpm:\"libIlmImf-2_2-23-debuginfo~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libIlmImfUtil-2_2-23\", rpm:\"libIlmImfUtil-2_2-23~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libIlmImfUtil-2_2-23-debuginfo\", rpm:\"libIlmImfUtil-2_2-23-debuginfo~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openexr\", rpm:\"openexr~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openexr-debuginfo\", rpm:\"openexr-debuginfo~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openexr-debugsource\", rpm:\"openexr-debugsource~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openexr-devel\", rpm:\"openexr-devel~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openexr-doc\", rpm:\"openexr-doc~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libIlmImf-2_2-23-32bit\", rpm:\"libIlmImf-2_2-23-32bit~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libIlmImf-2_2-23-32bit-debuginfo\", rpm:\"libIlmImf-2_2-23-32bit-debuginfo~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libIlmImfUtil-2_2-23-32bit\", rpm:\"libIlmImfUtil-2_2-23-32bit~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libIlmImfUtil-2_2-23-32bit-debuginfo\", rpm:\"libIlmImfUtil-2_2-23-32bit-debuginfo~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-06T01:15:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-04-28T00:00:00", "type": "openvas", "title": "Ubuntu: Security Advisory for openexr (USN-4339-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9111", "CVE-2017-9113", "CVE-2020-11761", "CVE-2017-9115", "CVE-2020-11763", "CVE-2020-11765", "CVE-2018-18444", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-11762"], "modified": "2020-04-30T00:00:00", "id": "OPENVAS:1361412562310844403", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844403", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844403\");\n script_version(\"2020-04-30T08:51:29+0000\");\n script_cve_id(\"CVE-2017-9111\", \"CVE-2017-9113\", \"CVE-2017-9115\", \"CVE-2018-18444\", \"CVE-2020-11758\", \"CVE-2020-11759\", \"CVE-2020-11760\", \"CVE-2020-11761\", \"CVE-2020-11762\", \"CVE-2020-11763\", \"CVE-2020-11764\", \"CVE-2020-11765\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-30 08:51:29 +0000 (Thu, 30 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-28 03:00:15 +0000 (Tue, 28 Apr 2020)\");\n script_name(\"Ubuntu: Security Advisory for openexr (USN-4339-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU19\\.10|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4339-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-April/005402.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openexr'\n package(s) announced via the USN-4339-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Brandon Perry discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service, or possibly\nexecute arbitrary code. This issue only applied to Ubuntu 20.04 LTS.\n(CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)\n\nTan Jie discovered that OpenEXR incorrectly handled certain malformed EXR\nimage files. If a user were tricked into opening a crafted EXR image file,\na remote attacker could cause a denial of service, or possibly execute\narbitrary code. This issue only applied to Ubuntu 20.04 LTS.\n(CVE-2018-18444)\n\nSamuel Gro\u00df discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service, or possibly\nexecute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760,\nCVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)\n\nIt was discovered that OpenEXR incorrectly handled certain malformed EXR\nimage files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service. (CVE-2020-11765)\");\n\n script_tag(name:\"affected\", value:\"'openexr' package(s) on Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libopenexr23\", ver:\"2.2.1-4.1ubuntu1.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openexr\", ver:\"2.2.1-4.1ubuntu1.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libopenexr22\", ver:\"2.2.0-11.1ubuntu1.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openexr\", ver:\"2.2.0-11.1ubuntu1.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libopenexr22\", ver:\"2.2.0-10ubuntu2.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openexr\", ver:\"2.2.0-10ubuntu2.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-15T14:50:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-04-03T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for cyrus-sasl (FEDORA-2020-51d591d035)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19906"], "modified": "2020-04-07T00:00:00", "id": "OPENVAS:1361412562310877653", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877653", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877653\");\n script_version(\"2020-04-07T12:33:10+0000\");\n script_cve_id(\"CVE-2019-19906\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-07 12:33:10 +0000 (Tue, 07 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-03 03:17:42 +0000 (Fri, 03 Apr 2020)\");\n script_name(\"Fedora: Security Advisory for cyrus-sasl (FEDORA-2020-51d591d035)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-51d591d035\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MW6GZCLECGL2PBNHVNPJIX4RPVRVFR7R\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cyrus-sasl'\n package(s) announced via the FEDORA-2020-51d591d035 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The cyrus-sasl package contains the Cyrus implementation of SASL.\nSASL is the Simple Authentication and Security Layer, a method for\nadding authentication support to connection-based protocols.\");\n\n script_tag(name:\"affected\", value:\"'cyrus-sasl' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"cyrus-sasl\", rpm:\"cyrus-sasl~2.1.27~4.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-30T16:43:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-29T00:00:00", "type": "openvas", "title": "Ubuntu: Security Advisory for cyrus-sasl2 (USN-4256-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19906"], "modified": "2020-01-30T00:00:00", "id": "OPENVAS:1361412562310844313", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844313", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844313\");\n script_version(\"2020-01-30T08:15:08+0000\");\n script_cve_id(\"CVE-2019-19906\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-30 08:15:08 +0000 (Thu, 30 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-29 04:00:17 +0000 (Wed, 29 Jan 2020)\");\n script_name(\"Ubuntu: Security Advisory for cyrus-sasl2 (USN-4256-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU19\\.10|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4256-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-January/005298.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cyrus-sasl2'\n package(s) announced via the USN-4256-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that Cyrus SASL incorrectly handled certain LDAP packets.\nAn attacker could possibly use this issue to execute arbitrary code or cause\na denial of service.\");\n\n script_tag(name:\"affected\", value:\"'cyrus-sasl2' package(s) on Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libsasl2-2\", ver:\"2.1.27+dfsg-1ubuntu0.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libsasl2-2\", ver:\"2.1.27~101-g0780600+dfsg-3ubuntu2.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libsasl2-2\", ver:\"2.1.26.dfsg1-14ubuntu0.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-17T16:55:18", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2020-1377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19906"], "modified": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201377", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201377", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1377\");\n script_version(\"2020-04-16T05:45:53+0000\");\n script_cve_id(\"CVE-2019-19906\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:45:53 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:45:53 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2020-1377)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1377\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1377\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'cyrus-sasl' package(s) announced via the EulerOS-SA-2020-1377 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.(CVE-2019-19906)\");\n\n script_tag(name:\"affected\", value:\"'cyrus-sasl' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"cyrus-sasl\", rpm:\"cyrus-sasl~2.1.26~20.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cyrus-sasl-devel\", rpm:\"cyrus-sasl-devel~2.1.26~20.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cyrus-sasl-gssapi\", rpm:\"cyrus-sasl-gssapi~2.1.26~20.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cyrus-sasl-lib\", rpm:\"cyrus-sasl-lib~2.1.26~20.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cyrus-sasl-md5\", rpm:\"cyrus-sasl-md5~2.1.26~20.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cyrus-sasl-plain\", rpm:\"cyrus-sasl-plain~2.1.26~20.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cyrus-sasl-scram\", rpm:\"cyrus-sasl-scram~2.1.26~20.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-08T12:58:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-12-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4591-1 (cyrus-sasl2 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19906"], "modified": "2020-01-07T00:00:00", "id": "OPENVAS:1361412562310704591", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704591", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704591\");\n script_version(\"2020-01-07T08:25:23+0000\");\n script_cve_id(\"CVE-2019-19906\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-07 08:25:23 +0000 (Tue, 07 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-21 03:00:05 +0000 (Sat, 21 Dec 2019)\");\n script_name(\"Debian Security Advisory DSA 4591-1 (cyrus-sasl2 - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|10)\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4591.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4591-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cyrus-sasl2'\n package(s) announced via the DSA-4591-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Stephan Zeisberg reported an out-of-bounds write vulnerability in the\n_sasl_add_string() function in cyrus-sasl2, a library implementing the\nSimple Authentication and Security Layer. A remote attacker can take\nadvantage of this issue to cause denial-of-service conditions for\napplications using the library.\");\n\n script_tag(name:\"affected\", value:\"'cyrus-sasl2' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), this problem has been fixed\nin version 2.1.27~101-g0780600+dfsg-3+deb9u1.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.1.27+dfsg-1+deb10u1.\n\nWe recommend that you upgrade your cyrus-sasl2 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-sasl2-doc\", ver:\"2.1.27~101-g0780600+dfsg-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-2\", ver:\"2.1.27~101-g0780600+dfsg-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-dev\", ver:\"2.1.27~101-g0780600+dfsg-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules\", ver:\"2.1.27~101-g0780600+dfsg-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-db\", ver:\"2.1.27~101-g0780600+dfsg-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-gssapi-heimdal\", ver:\"2.1.27~101-g0780600+dfsg-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-gssapi-mit\", ver:\"2.1.27~101-g0780600+dfsg-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-ldap\", ver:\"2.1.27~101-g0780600+dfsg-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-otp\", ver:\"2.1.27~101-g0780600+dfsg-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-sql\", ver:\"2.1.27~101-g0780600+dfsg-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"sasl2-bin\", ver:\"2.1.27~101-g0780600+dfsg-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-sasl2-doc\", ver:\"2.1.27+dfsg-1+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-2\", ver:\"2.1.27+dfsg-1+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-dev\", ver:\"2.1.27+dfsg-1+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules\", ver:\"2.1.27+dfsg-1+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-db\", ver:\"2.1.27+dfsg-1+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-gssapi-heimdal\", ver:\"2.1.27+dfsg-1+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-gssapi-mit\", ver:\"2.1.27+dfsg-1+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-ldap\", ver:\"2.1.27+dfsg-1+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-otp\", ver:\"2.1.27+dfsg-1+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-sql\", ver:\"2.1.27+dfsg-1+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"sasl2-bin\", ver:\"2.1.27+dfsg-1+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T19:24:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-12-21T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for cyrus-sasl2 (DLA-2044-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19906"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310892044", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892044", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892044\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-19906\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-21 03:00:12 +0000 (Sat, 21 Dec 2019)\");\n script_name(\"Debian LTS: Security Advisory for cyrus-sasl2 (DLA-2044-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2044-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/947043\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cyrus-sasl2'\n package(s) announced via the DLA-2044-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"There has been an out-of-bounds write in Cyrus SASL leading to\nunauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP\npacket. The OpenLDAP crash was ultimately caused by an off-by-one error\nin _sasl_add_string in common.c in cyrus-sasl.\");\n\n script_tag(name:\"affected\", value:\"'cyrus-sasl2' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n2.1.26.dfsg1-13+deb8u2.\n\nWe recommend that you upgrade your cyrus-sasl2 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-sasl2-dbg\", ver:\"2.1.26.dfsg1-13+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-sasl2-doc\", ver:\"2.1.26.dfsg1-13+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-sasl2-heimdal-dbg\", ver:\"2.1.26.dfsg1-13+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-sasl2-mit-dbg\", ver:\"2.1.26.dfsg1-13+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-2\", ver:\"2.1.26.dfsg1-13+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-dev\", ver:\"2.1.26.dfsg1-13+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules\", ver:\"2.1.26.dfsg1-13+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-db\", ver:\"2.1.26.dfsg1-13+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-gssapi-heimdal\", ver:\"2.1.26.dfsg1-13+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-gssapi-mit\", ver:\"2.1.26.dfsg1-13+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-ldap\", ver:\"2.1.26.dfsg1-13+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-otp\", ver:\"2.1.26.dfsg1-13+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsasl2-modules-sql\", ver:\"2.1.26.dfsg1-13+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"sasl2-bin\", ver:\"2.1.26.dfsg1-13+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-15T14:49:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-04-05T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for cyrus-sasl (FEDORA-2020-bf829f9a84)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19906"], "modified": "2020-04-07T00:00:00", "id": "OPENVAS:1361412562310877666", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877666", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877666\");\n script_version(\"2020-04-07T12:33:10+0000\");\n script_cve_id(\"CVE-2019-19906\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-07 12:33:10 +0000 (Tue, 07 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-05 03:20:08 +0000 (Sun, 05 Apr 2020)\");\n script_name(\"Fedora: Security Advisory for cyrus-sasl (FEDORA-2020-bf829f9a84)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-bf829f9a84\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OB4GSVOJ6ESHQNT5GSV63OX5D4KPSTGT\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cyrus-sasl'\n package(s) announced via the FEDORA-2020-bf829f9a84 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The cyrus-sasl package contains the Cyrus implementation of SASL.\nSASL is the Simple Authentication and Security Layer, a method for\nadding authentication support to connection-based protocols.\");\n\n script_tag(name:\"affected\", value:\"'cyrus-sasl' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"cyrus-sasl\", rpm:\"cyrus-sasl~2.1.27~3.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2022-11-10T08:11:05", "description": "An update that solves 7 vulnerabilities and has one errata\n is now available.\n\nDescription:\n\n This update for openexr provides the following fix:\n\n Security issues fixed:\n\n - CVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read\n function by DwaCompressor:Classifier:Classifier (bsc#1169575).\n - CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp (bsc#1169574).\n - CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated\n by ImfTileOffsets.cpp (bsc#1169576).\n - CVE-2020-11762: Fixed an out-of-bounds read and write in\n DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the\n UNKNOWN compression case (bsc#1169549).\n - CVE-2020-11761: Fixed an out-of-bounds read during Huffman\n uncompression, as demonstrated by FastHufDecoder:refill in\n ImfFastHuf.cpp (bsc#1169578).\n - CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in\n rleUncompress in ImfRle.cpp (bsc#1169580).\n - CVE-2020-11758: Fixed an out-of-bounds read in\n ImfOptimizedPixelReading.h (bsc#1169573).\n\n Non-security issue fixed:\n\n - Enable tests when building the package on x86_64. (bsc#1146648)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-682=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-05-23T00:00:00", "type": "suse", "title": "Security update for openexr (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"], "modified": "2020-05-23T00:00:00", "id": "OPENSUSE-SU-2020:0682-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UPIMHT3QWHTJ2S55J25KV3UTF3KXVI46/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-10T08:10:53", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for webkit2gtk3 fixes the following issues:\n\n - Update to version 2.28.4 (bsc#1174662):\n + Fix several crashes and rendering issues.\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894,\n CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-1256=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-25T00:00:00", "type": "suse", "title": "Security update for webkit2gtk3 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-08-25T00:00:00", "id": "OPENSUSE-SU-2020:1256-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DHP5PSRB6P6HQHCNMY75J76LLTLPQEB2/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-10T08:10:53", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for webkit2gtk3 fixes the following issues:\n\n - Update to version 2.28.4 (bsc#1174662):\n + Fix several crashes and rendering issues.\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894,\n CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-1275=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-28T00:00:00", "type": "suse", "title": "Security update for webkit2gtk3 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-08-28T00:00:00", "id": "OPENSUSE-SU-2020:1275-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HSYHJSOAT52BOF2K6K3RLYFHUAZSWXXJ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-21T21:39:33", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4739-1 security@debian.org\nhttps://www.debian.org/security/ Alberto Garcia\nAugust 03, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : webkit2gtk\nCVE ID : CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895\n CVE-2020-9915 CVE-2020-9925\n\nThe following vulnerabilities have been discovered in the webkit2gtk\nweb engine:\n\nCVE-2020-9862\n\n Ophir Lojkine discovered that copying a URL from the Web Inspector\n may lead to command injection.\n\nCVE-2020-9893\n\n 0011 discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n\nCVE-2020-9894\n\n 0011 discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n\nCVE-2020-9895\n\n Wen Xu discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n\nCVE-2020-9915\n\n Ayoub Ait Elmokhtar discovered that processing maliciously crafted\n web content may prevent Content Security Policy from being\n enforced.\n\nCVE-2020-9925\n\n An anonymous researcher discovered that processing maliciously\n crafted web content may lead to universal cross site scripting.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.28.4-1~deb10u1.\n\nWe recommend that you upgrade your webkit2gtk packages.\n\nFor the detailed security status of webkit2gtk please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/webkit2gtk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-08-03T15:08:52", "type": "debian", "title": "[SECURITY] [DSA 4739-1] webkit2gtk security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-08-03T15:08:52", "id": "DEBIAN:DSA-4739-1:90328", "href": "https://lists.debian.org/debian-security-announce/2020/msg00147.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-04T10:26:01", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4739-1 security@debian.org\nhttps://www.debian.org/security/ Alberto Garcia\nAugust 03, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : webkit2gtk\nCVE ID : CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895\n CVE-2020-9915 CVE-2020-9925\n\nThe following vulnerabilities have been discovered in the webkit2gtk\nweb engine:\n\nCVE-2020-9862\n\n Ophir Lojkine discovered that copying a URL from the Web Inspector\n may lead to command injection.\n\nCVE-2020-9893\n\n 0011 discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n\nCVE-2020-9894\n\n 0011 discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n\nCVE-2020-9895\n\n Wen Xu discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n\nCVE-2020-9915\n\n Ayoub Ait Elmokhtar discovered that processing maliciously crafted\n web content may prevent Content Security Policy from being\n enforced.\n\nCVE-2020-9925\n\n An anonymous researcher discovered that processing maliciously\n crafted web content may lead to universal cross site scripting.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.28.4-1~deb10u1.\n\nWe recommend that you upgrade your webkit2gtk packages.\n\nFor the detailed security status of webkit2gtk please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/webkit2gtk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-03T15:08:52", "type": "debian", "title": "[SECURITY] [DSA 4739-1] webkit2gtk security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-08-03T15:08:52", "id": "DEBIAN:DSA-4739-1:5AEC6", "href": "https://lists.debian.org/debian-security-announce/2020/msg00147.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-04T10:25:33", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4755-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nAugust 29, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openexr\nCVE ID : CVE-2017-9111 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 \n CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 \n CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765 \n CVE-2020-15305 CVE-2020-15306\n\nMultiple security issues were found in the OpenEXR image library, which\ncould result in denial of service and potentially the execution of\narbitrary code when processing malformed EXR image files.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.2.1-4.1+deb10u1.\n\nWe recommend that you upgrade your openexr packages.\n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-29T17:35:55", "type": "debian", "title": "[SECURITY] [DSA 4755-1] openexr security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9111", "CVE-2017-9113", "CVE-2017-9114", "CVE-2017-9115", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-15305", "CVE-2020-15306"], "modified": "2020-08-29T17:35:55", "id": "DEBIAN:DSA-4755-1:22E9E", "href": "https://lists.debian.org/debian-security-announce/2020/msg00162.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:45:59", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2358-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ \nAugust 30, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : openexr\nVersion : 2.2.0-11+deb9u1\nCVE ID : CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 \n CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2017-12596 \n CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 \n CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765 \n CVE-2020-15305 CVE-2020-15306\n\nMultiple security issues were found in the OpenEXR image library, which \ncould result in denial of service and potentially the execution of \narbitrary code when processing malformed EXR image files.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.2.0-11+deb9u1.\n\nWe recommend that you upgrade your openexr packages.\n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-30T19:36:12", "type": "debian", "title": "[SECURITY] [DLA 2358-1] openexr security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12596", "CVE-2017-9110", "CVE-2017-9111", "CVE-2017-9112", "CVE-2017-9113", "CVE-2017-9114", "CVE-2017-9115", "CVE-2017-9116", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-15305", "CVE-2020-15306"], "modified": "2020-08-30T19:36:12", "id": "DEBIAN:DLA-2358-1:F7DB9", "href": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:11:06", "description": "Package : cyrus-sasl2\nVersion : 2.1.26.dfsg1-13+deb8u2\nCVE ID : CVE-2019-19906\nDebian Bug : 947043\n\n\nThere has been an out-of-bounds write in Cyrus SASL leading to\nunauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP\npacket. The OpenLDAP crash was ultimately caused by an off-by-one error\nin _sasl_add_string in common.c in cyrus-sasl.\n\nFor Debian 8 &quot;Jessie&quot;, this problem has been fixed in version\n2.1.26.dfsg1-13+deb8u2.\n\nWe recommend that you upgrade your cyrus-sasl2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-20T14:38:49", "type": "debian", "title": "[SECURITY] [DLA 2044-1] cyrus-sasl2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19906"], "modified": "2019-12-20T14:38:49", "id": "DEBIAN:DLA-2044-1:26388", "href": "https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-22T11:36:49", "description": "Package : cyrus-sasl2\nVersion : 2.1.26.dfsg1-13+deb8u2\nCVE ID : CVE-2019-19906\nDebian Bug : 947043\n\n\nThere has been an out-of-bounds write in Cyrus SASL leading to\nunauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP\npacket. The OpenLDAP crash was ultimately caused by an off-by-one error\nin _sasl_add_string in common.c in cyrus-sasl.\n\nFor Debian 8 &quot;Jessie&quot;, this problem has been fixed in version\n2.1.26.dfsg1-13+deb8u2.\n\nWe recommend that you upgrade your cyrus-sasl2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-20T14:38:49", "type": "debian", "title": "[SECURITY] [DLA 2044-1] cyrus-sasl2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19906"], "modified": "2019-12-20T14:38:49", "id": "DEBIAN:DLA-2044-1:3FF98", "href": "https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2023-12-03T17:34:57", "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. \n\n### Description\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.28.4\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-31T00:00:00", "type": "gentoo", "title": "WebKitGTK+: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-07-31T00:00:00", "id": "GLSA-202007-61", "href": "https://security.gentoo.org/glsa/202007-61", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:34:32", "description": "### Background\n\nOpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light &amp; Magic for use in computer imaging applications. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenEXR users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/openexr-2.5.6\"", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-07-11T00:00:00", "type": "gentoo", "title": "OpenEXR: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-15304", "CVE-2020-15305", "CVE-2020-15306", "CVE-2021-20296", "CVE-2021-3474", "CVE-2021-3475", "CVE-2021-3476", "CVE-2021-3477", "CVE-2021-3478", "CVE-2021-3479"], "modified": "2021-07-11T00:00:00", "id": "GLSA-202107-27", "href": "https://security.gentoo.org/glsa/202107-27", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2023-12-03T20:18:55", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * webkit2gtk \\- Web content engine library for GTK+\n\nA large number of security issues were discovered in the WebKitGTK Web and \nJavaScript engines. If a user were tricked into viewing a malicious \nwebsite, a remote attacker could exploit a variety of issues related to web \nbrowser security, including cross-site scripting attacks, denial of service \nattacks, and arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-03T00:00:00", "type": "ubuntu", "title": "WebKitGTK vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-08-03T00:00:00", "id": "USN-4444-1", "href": "https://ubuntu.com/security/notices/USN-4444-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T20:50:00", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 19.10 \n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * openexr \\- tools for the OpenEXR image format\n\nBrandon Perry discovered that OpenEXR incorrectly handled certain malformed \nEXR image files. If a user were tricked into opening a crafted EXR image \nfile, a remote attacker could cause a denial of service, or possibly \nexecute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. \n(CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)\n\nTan Jie discovered that OpenEXR incorrectly handled certain malformed EXR \nimage files. If a user were tricked into opening a crafted EXR image file, \na remote attacker could cause a denial of service, or possibly execute \narbitrary code. This issue only applied to Ubuntu 20.04 LTS. \n(CVE-2018-18444)\n\nSamuel Gro\u00df discovered that OpenEXR incorrectly handled certain malformed \nEXR image files. If a user were tricked into opening a crafted EXR image \nfile, a remote attacker could cause a denial of service, or possibly \nexecute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, \nCVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)\n\nIt was discovered that OpenEXR incorrectly handled certain malformed EXR \nimage files. If a user were tricked into opening a crafted EXR image \nfile, a remote attacker could cause a denial of service. (CVE-2020-11765)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-27T00:00:00", "type": "ubuntu", "title": "OpenEXR vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9111", "CVE-2017-9113", "CVE-2017-9115", "CVE-2018-18444", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"], "modified": "2020-04-27T00:00:00", "id": "USN-4339-1", "href": "https://ubuntu.com/security/notices/USN-4339-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:19:11", "description": "\nThe following vulnerabilities have been discovered in the webkit2gtk\nweb engine:\n\n\n* [CVE-2020-9862](https://security-tracker.debian.org/tracker/CVE-2020-9862)\nOphir Lojkine discovered that copying a URL from the Web Inspector\n may lead to command injection.\n* [CVE-2020-9893](https://security-tracker.debian.org/tracker/CVE-2020-9893)\n0011 discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n* [CVE-2020-9894](https://security-tracker.debian.org/tracker/CVE-2020-9894)\n0011 discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n* [CVE-2020-9895](https://security-tracker.debian.org/tracker/CVE-2020-9895)\nWen Xu discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n* [CVE-2020-9915](https://security-tracker.debian.org/tracker/CVE-2020-9915)\nAyoub Ait Elmokhtar discovered that processing maliciously crafted\n web content may prevent Content Security Policy from being\n enforced.\n* [CVE-2020-9925](https://security-tracker.debian.org/tracker/CVE-2020-9925)\nAn anonymous researcher discovered that processing maliciously\n crafted web content may lead to universal cross site scripting.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.28.4-1~deb10u1.\n\n\nWe recommend that you upgrade your webkit2gtk packages.\n\n\nFor the detailed security status of webkit2gtk please refer to its\nsecurity tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/webkit2gtk](https://security-tracker.debian.org/tracker/webkit2gtk)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-08-03T00:00:00", "type": "osv", "title": "webkit2gtk - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9952", "CVE-2020-9894", "CVE-2020-9925", "CVE-2020-9895", "CVE-2020-9893", "CVE-2020-9915"], "modified": "2022-08-10T07:19:05", "id": "OSV:DSA-4739-1", "href": "https://osv.dev/vulnerability/DSA-4739-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:07:07", "description": "\nMultiple security issues were found in the OpenEXR image library, which\ncould result in denial of service and potentially the execution of\narbitrary code when processing malformed EXR image files.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.2.1-4.1+deb10u1.\n\n\nWe recommend that you upgrade your openexr packages.\n\n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/openexr](https://security-tracker.debian.org/tracker/openexr)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-08-29T00:00:00", "type": "osv", "title": "openexr - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9111", "CVE-2017-9113", "CVE-2020-11761", "CVE-2017-9115", "CVE-2020-11763", "CVE-2020-11765", "CVE-2018-18444", "CVE-2020-15305", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-11762", "CVE-2020-15306"], "modified": "2022-08-10T07:07:03", "id": "OSV:DSA-4755-1", "href": "https://osv.dev/vulnerability/DSA-4755-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:18:55", "description": "\nMultiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.2.0-11+deb9u1.\n\n\nWe recommend that you upgrade your openexr packages.\n\n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/openexr>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-08-30T00:00:00", "type": "osv", "title": "openexr - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9111", "CVE-2017-9112", "CVE-2017-9113", "CVE-2020-11761", "CVE-2017-9110", "CVE-2017-12596", "CVE-2017-9115", "CVE-2020-11763", "CVE-2020-11765", "CVE-2018-18444", "CVE-2020-15305", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-11762", "CVE-2017-9114", "CVE-2017-9116", "CVE-2020-15306"], "modified": "2022-08-05T05:18:52", "id": "OSV:DLA-2358-1", "href": "https://osv.dev/vulnerability/DLA-2358-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:15:26", "description": "\nStephan Zeisberg reported an out-of-bounds write vulnerability in the\n\\_sasl\\_add\\_string() function in cyrus-sasl2, a library implementing the\nSimple Authentication and Security Layer. A remote attacker can take\nadvantage of this issue to cause denial-of-service conditions for\napplications using the library.\n\n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 2.1.27~101-g0780600+dfsg-3+deb9u1.\n\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.1.27+dfsg-1+deb10u1.\n\n\nWe recommend that you upgrade your cyrus-sasl2 packages.\n\n\nFor the detailed security status of cyrus-sasl2 please refer to its\nsecurity tracker page at:\n<https://security-tracker.debian.org/tracker/cyrus-sasl2>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-20T00:00:00", "type": "osv", "title": "cyrus-sasl2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19906"], "modified": "2022-08-10T07:15:12", "id": "OSV:DSA-4591-1", "href": "https://osv.dev/vulnerability/DSA-4591-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cloudfoundry": [{"lastseen": "2023-12-03T17:16:55", "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nBrandon Perry discovered that OpenEXR incorrec