DATABASE RESOURCES PRICING ABOUT US

{"id": "APPLE:9AAA600C4496E1F352EC9F07A8BDC39B", "vendorId": null, "type": "apple", "bulletinFamily": "software", "title": "About the security content of macOS Big Sur 11.0.1", "description": "# About the security content of macOS Big Sur 11.0.1\n\nThis document describes the security content of macOS Big Sur 11.0.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Big Sur 11.0.1\n\nReleased November 12, 2020\n\n**AMD**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27914: Yu Wang of Didi Research America\n\nCVE-2020-27915: Yu Wang of Didi Research America\n\nEntry added December 14, 2020\n\n**App Store**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Audio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab\n\n**Audio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab\n\n**Bluetooth**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause unexpected application termination or heap corruption\n\nDescription: Multiple integer overflows were addressed with improved input validation.\n\nCVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab\n\n**CFNetwork Cache**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team\n\nEntry added March 16, 2021\n\n**CoreAudio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27908: JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-9960: JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added December 14, 2020\n\n**CoreAudio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab\n\n**CoreCapture**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9949: Proteas\n\n**CoreGraphics**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted PDF may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-9897: S.Y. of ZecOps Mobile XDR, an anonymous researcher\n\nEntry added October 25, 2021\n\n**CoreGraphics**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\n**Crash Reporter**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan\n\n**CoreText**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-27922: Mickey Jin of Trend Micro\n\nEntry added December 14, 2020\n\n**CoreText**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9999: Apple\n\nEntry updated December 14, 2020\n\n**Directory Utility**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to access private information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-27937: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added March 16, 2021\n\n**Disk Images**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9965: Proteas\n\nCVE-2020-9966: Proteas\n\n**Finder**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Users may be unable to remove metadata indicating where files were downloaded from\n\nDescription: The issue was addressed with additional user controls.\n\nCVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com)\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2021-1790: Peter Nguyen Vu Hoang of STAR Labs\n\nEntry added May 25, 2022\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added October 25, 2021\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29629: an anonymous researcher\n\nEntry added October 25, 2021\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-27942: an anonymous researcher\n\nEntry added October 25, 2021\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2020-9962: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nEntry added December 14, 2020\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro\n\nEntry added December 14, 2020\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added December 14, 2020\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.\n\nCVE-2020-27931: Apple\n\nEntry added December 14, 2020\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27930: Google Project Zero\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-29639: Mickey Jin &amp; Qi Sun of Trend Micro working with Trend Micro's Zero Day Initiative\n\nEntry added July 21, 2021\n\n**Foundation**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10002: James Hutchins\n\n**HomeKit**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An attacker in a privileged network position may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved setting propagation.\n\nCVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology\n\nEntry added December 14, 2020\n\n**ImageIO**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added December 14, 2020\n\n**ImageIO**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27924: Lei Sun\n\nEntry added December 14, 2020\n\n**ImageIO**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27923: Lei Sun\n\nEntry updated December 14, 2020\n\n**ImageIO**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**Intel Graphics Driver**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nCVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc., and Luyi Xing of Indiana University Bloomington\n\nEntry added December 14, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative, Liu Long of Ant Security Light-Year Lab\n\nEntry added December 14, 2020, updated March 16, 2021\n\n**Image Processing**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added December 14, 2020\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2020-9967: Alex Plaskett (@alexjplaskett)\n\nEntry added December 14, 2020\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9975: Tielei Wang of Pangu Lab\n\nEntry added December 14, 2020\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-27921: Linus Henze (pinauten.de)\n\nEntry added December 14, 2020\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n\nCVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong Security Lab\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2020-27950: Google Project Zero\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9974: Tommy Muir (@Muirey03)\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-10016: Alex Helie\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2020-27932: Google Project Zero\n\n**libxml2**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27917: found by OSS-Fuzz\n\nCVE-2020-27920: found by OSS-Fuzz\n\nEntry updated December 14, 2020\n\n**libxml2**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-27911: found by OSS-Fuzz\n\n**libxpc**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nEntry added December 14, 2020\n\n**libxpc**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A parsing issue in the handling of directory paths was addressed with improved path validation.\n\nCVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Logging**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-10010: Tommy Muir (@Muirey03)\n\n**Mail**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9941: Fabian Ising of FH M\u00fcnster University of Applied Sciences and Damian Poddebniak of FH M\u00fcnster University of Applied Sciences\n\n**Messages**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local user may be able to discover a user\u2019s deleted messages\n\nDescription: The issue was addressed with improved deletion.\n\nCVE-2020-9988: William Breuer of the Netherlands\n\nCVE-2020-9989: von Brunn Media\n\n**Model I/O**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-10011: Aleksandar Nikolic of Cisco Talos\n\nEntry added December 14, 2020\n\n**Model I/O**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-13524: Aleksandar Nikolic of Cisco Talos\n\n**Model I/O**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10004: Aleksandar Nikolic of Cisco Talos\n\n**NetworkExtension**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro\n\n**NSRemoteView**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-27901: Thijs Alkemade of Computest Research Division\n\nEntry added December 14, 2020\n\n**NSRemoteView**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to preview files it does not have access to\n\nDescription: An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic.\n\nCVE-2020-27900: Thijs Alkemade of Computest Research Division\n\n**PCRE**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Multiple issues in pcre\n\nDescription: Multiple issues were addressed by updating to version 8.44.\n\nCVE-2019-20838\n\nCVE-2020-14155\n\n**Power Management**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative\n\n**python**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Cookies belonging to one origin may be sent to another origin\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-27896: an anonymous researcher\n\n**Quick Look**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious app may be able to determine the existence of files on the computer\n\nDescription: The issue was addressed with improved handling of icon caches.\n\nCVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**Quick Look**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted document may lead to a cross site scripting attack\n\nDescription: An access issue was addressed with improved access restrictions.\n\nCVE-2020-10012: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)\n\nEntry updated March 16, 2021\n\n**Ruby**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to modify the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-27896: an anonymous researcher\n\n**Ruby**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-10663: Jeremy Evans\n\n**Safari**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2020-9945: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati\n\n**Safari**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to determine a user's open tabs in Safari\n\nDescription: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.\n\nCVE-2020-9977: Josh Parnham (@joshparnham)\n\n**Safari**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2020-9942: an anonymous researcher, Rahul d Kankrale (servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho (@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab\n\n**Safari**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An inconsistent user interface issue was addressed with improved state management\n\nDescription: Visiting a malicious website may lead to address bar spoofing.\n\nCVE-2020-9987: Rafay Baloch (cybercitadel.com) of Cyber Citadel\n\nEntry added July 21, 2021\n\n**Sandbox**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local application may be able to enumerate the user's iCloud documents\n\nDescription: The issue was addressed with improved permissions logic.\n\nCVE-2021-1803: Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added March 16, 2021\n\n**Sandbox**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local user may be able to view senstive user information\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2020-9969: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\n**Screen Sharing**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A user with screen sharing access may be able to view another user's screen\n\nDescription: An issue existed in screen sharing. This issue was addressed with improved state management.\n\nCVE-2020-27893: pcsgomes\n\nEntry added March 16, 2021\n\n**Siri**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A person with physical access to an iOS device may be able to access contacts from the lock screen\n\nDescription: A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management.\n\nCVE-2021-1755: Yuval Ron, Amichai Shulman, and Eli Biham of Technion - Israel Institute of Technology\n\nEntry added March 16, 2021\n\n**smbx**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An attacker in a privileged network position may be able to perform denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2020-10005: Apple\n\nEntry added October 25, 2021\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9991\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9849\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed with improved checks.\n\nCVE-2020-15358\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A maliciously crafted SQL query may lead to data corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13631\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13434\n\nCVE-2020-13435\n\nCVE-2020-9991\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-13630\n\n**Symptom Framework**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27899: 08Tc3wBB working with ZecOps\n\nEntry added December 14, 2020\n\n**System Preferences**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10009: Thijs Alkemade of Computest Research Division\n\n**TCC**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application with root privileges may be able to access private information\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-10008: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nEntry added December 14, 2020\n\n**WebKit**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27918: Liu Long of Ant Security Light-Year Lab\n\nEntry updated December 14, 2020\n\n**WebKit**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A use after free issue was addressed with improved memory management\n\nDescription: Processing maliciously crafted web content may lead to arbitrary code execution.\n\nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9950: cc working with Trend Micro Zero Day Initiative\n\nEntry added July 21, 2021\n\n**Wi-Fi**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An attacker may be able to bypass Managed Frame Protection\n\nDescription: A denial of service issue was addressed with improved state handling.\n\nCVE-2020-27898: Stephan Marais of University of Johannesburg\n\n**XNU**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-27935: Lior Halphon (@LIJI32)\n\nEntry added December 17, 2020\n\n**Xsan**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2020-10006: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance.\n\nEntry added December 14, 2020\n\n**Audio**\n\nWe would like to acknowledge JunDong Xie and Xingwei Lin of Ant-Financial Light-Year Security Lab, Marc Schoenefeld Dr. rer. nat. for their assistance.\n\nEntry updated March 16, 2021\n\n**Bluetooth**\n\nWe would like to acknowledge Andy Davis of NCC Group, Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.\n\nEntry updated December 14, 2020\n\n**Clang**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\n**Core Location**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**Crash Reporter**\n\nWe would like to acknowledge Artur Byszko of AFINE for their assistance.\n\nEntry added December 14, 2020\n\n**Directory Utility**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**iAP**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero, Stephen R\u00f6ttger of Google for their assistance.\n\n**libxml2**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added December 14, 2020\n\n**Login Window**\n\nWe would like to acknowledge Rob Morton of Leidos for their assistance.\n\nEntry added March 16, 2021\n\n**Login Window**\n\nWe would like to acknowledge Rob Morton of Leidos for their assistance.\n\n**Photos Storage**\n\nWe would like to acknowledge Paulos Yibelo of LimeHats for their assistance.\n\n**Quick Look**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech Regu\u0142a of SecuRing (wojciechregula.blog) for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Gabriel Corona and Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their assistance.\n\n**Security**\n\nWe would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance.\n\n**System Preferences**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.\n\nEntry added March 16, 2021\n\n**System Preferences**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.\n\n**WebKit**\n\nMaximilian Blochberger of the Security in Distributed Systems Group of University of Hamburg\n\nEntry added May 25, 2022\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: May 25, 2022\n", "published": "2020-11-12T00:00:00", "modified": "2020-11-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3}, "severity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://support.apple.com/kb/HT211931", "reporter": "Apple", "references": ["https://support.apple.com/en-us/HT201222"], "cvelist": ["CVE-2019-14899", "CVE-2019-20838", "CVE-2020-10002", "CVE-2020-10003", "CVE-2020-10004", "CVE-2020-10005", "CVE-2020-10006", "CVE-2020-10007", "CVE-2020-10008", "CVE-2020-10009", "CVE-2020-10010", "CVE-2020-10011", "CVE-2020-10012", "CVE-2020-10014", "CVE-2020-10015", "CVE-2020-10016", "CVE-2020-10017", "CVE-2020-10663", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13524", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-14155", "CVE-2020-15358", "CVE-2020-27893", "CVE-2020-27894", "CVE-2020-27896", "CVE-2020-27897", "CVE-2020-27898", "CVE-2020-27899", "CVE-2020-27900", "CVE-2020-27901", "CVE-2020-27903", "CVE-2020-27904", "CVE-2020-27906", "CVE-2020-27907", "CVE-2020-27908", "CVE-2020-27909", "CVE-2020-27910", "CVE-2020-27911", "CVE-2020-27912", "CVE-2020-27914", "CVE-2020-27915", "CVE-2020-27916", "CVE-2020-27917", "CVE-2020-27918", "CVE-2020-27919", "CVE-2020-27920", "CVE-2020-27921", "CVE-2020-27922", "CVE-2020-27923", "CVE-2020-27924", "CVE-2020-27927", "CVE-2020-27930", "CVE-2020-27931", "CVE-2020-27932", "CVE-2020-27935", "CVE-2020-27937", "CVE-2020-27942", "CVE-2020-27945", "CVE-2020-27950", "CVE-2020-27952", "CVE-2020-29629", "CVE-2020-29639", "CVE-2020-9849", "CVE-2020-9876", "CVE-2020-9883", "CVE-2020-9897", "CVE-2020-9941", "CVE-2020-9942", "CVE-2020-9943", "CVE-2020-9944", "CVE-2020-9945", "CVE-2020-9947", "CVE-2020-9949", "CVE-2020-9950", "CVE-2020-9955", "CVE-2020-9956", "CVE-2020-9960", "CVE-2020-9962", "CVE-2020-9963", "CVE-2020-9965", "CVE-2020-9966", "CVE-2020-9967", "CVE-2020-9969", "CVE-2020-9971", "CVE-2020-9974", "CVE-2020-9975", "CVE-2020-9977", "CVE-2020-9978", "CVE-2020-9987", "CVE-2020-9988", "CVE-2020-9989", "CVE-2020-9991", "CVE-2020-9996", "CVE-2020-9999", "CVE-2021-1755", "CVE-2021-1775", "CVE-2021-1790", "CVE-2021-1803"], "immutableFields": [], "lastseen": "2022-10-21T20:54:56", "viewCount": 0, "enchantments": {"affected_software": {"major_version": [{"name": "macos big sur", "version": 11}]}, "affected_software_major_version": [{"name": "macos big sur", "version": 11}], "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4442", "ALSA-2021:1581", "ALSA-2021:1968", "ALSA-2021:2587", "ALSA-2021:2588", "ALSA-2021:4373", "ALSA-2021:4381", "ALSA-2021:4396"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2020-13434", "ALPINE:CVE-2020-13435", "ALPINE:CVE-2020-13630", "ALPINE:CVE-2020-13631", "ALPINE:CVE-2020-15358"]}, {"type": "amazon", "idList": ["ALAS-2020-1416", "ALAS-2020-1422", "ALAS-2020-1423", "ALAS-2020-1426", "ALAS2-2021-1641"]}, {"type": "androidsecurity", "idList": ["ANDROID:2021-10-01"]}, {"type": "apple", "idList": ["APPLE:01EDA5CA5DA6F306F4C7CED2B3B4E329", "APPLE:05670E6C3D9F61F84F0D90D38C0910EC", "APPLE:0B6DF5CC92E6D0376210E301EBDB5732", "APPLE:0E1C386A7EBAE50F1A16EBD5FB86ED98", "APPLE:124F71A1E3856ED62AD0750B3590A96A", "APPLE:2B6F011ECD9EFE0F4D0983E7E6A91A15", "APPLE:362DE2664179C21B7B8FFF788120813E", "APPLE:3D7765FAAA5588336144E1B60D0B775E", "APPLE:434D01996DC8D47CF3A8A44E5D5FFFCA", "APPLE:47A6F4E1660238E39625B31A34F6CDF1", "APPLE:4CDA87B47F793E07ABCA7B9C9345521B", "APPLE:4D5F1F61CE90A350592B0D1EC1E9BD34", "APPLE:4EFA0D2FA6B1CE4BAB5F166BABB28BCC", "APPLE:524576436C5FDCCC5080CD76C6051F20", "APPLE:567F6B2E8EBD214D591678E8B0D79941", "APPLE:69486846F4E103257D8EDC36AB4251D2", "APPLE:6DF980035FA5B0EF863730813EC6725A", "APPLE:717EB24E41379638A244FDCE287538E6", "APPLE:76759F30E38205B816379E57C5E5C4C3", "APPLE:7B414D7D6363796AB8F0EB89C5EEC383", "APPLE:914AF8F52D4AB5DC92631271089CEE87", "APPLE:93614336BB03BEDDCA6E5681D8831D84", "APPLE:AA62A80C9E6F6992009BCCB45F9D570E", "APPLE:AE8E099C0BC7303FCBA838425C3EC32B", "APPLE:B42E67860AD9D9F5B9307A29A1189DF0", "APPLE:B61E4B61B5310615293FA7FAB3B993B7", "APPLE:BEC13883FC65A6FD008F312DB93C0A36", "APPLE:BF1622028DAB7FB7B0D91852357DB961", "APPLE:CD0AC1EBDB43CD4B1114F86ED71FAC48", "APPLE:E9C90A2600A9DE3614B923070AEC31B1", "APPLE:F2C4B9BCC0D3B8A4A2B36DA93D4E1980", "APPLE:F7DADB3E958148A6B63512580383CEA2", "APPLE:HT211288", "APPLE:HT211289", "APPLE:HT211290", "APPLE:HT211291", "APPLE:HT211292", "APPLE:HT211293", "APPLE:HT211294", "APPLE:HT211295", "APPLE:HT211843", "APPLE:HT211844", "APPLE:HT211845", "APPLE:HT211846", "APPLE:HT211847", "APPLE:HT211849", "APPLE:HT211850", "APPLE:HT211928", "APPLE:HT211929", "APPLE:HT211930", "APPLE:HT211931", "APPLE:HT211933", "APPLE:HT211934", "APPLE:HT211935", "APPLE:HT211940", "APPLE:HT211944", "APPLE:HT211945", "APPLE:HT211946", "APPLE:HT211947", "APPLE:HT211952", "APPLE:HT212011", "APPLE:HT212147"]}, {"type": "archlinux", "idList": ["ASA-202103-24", "ASA-202103-25"]}, {"type": "attackerkb", "idList": ["AKB:2DD5889D-6CD6-49F9-9A61-8707EA3DB9C1", "AKB:D136149E-293E-4305-8D53-92799185338C", "AKB:E0DE0B7B-1C3C-42CF-A5C7-E3B3D22CF85D"]}, {"type": "checkpoint_security", "idList": ["CPS:SK164019"]}, {"type": "chrome", "idList": ["GCSA-2509954079155194578"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2020-27930", "CISA-KEV-CVE-2020-27932", "CISA-KEV-CVE-2020-27950"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:C51D5E136965C2018AA261ADFD5CD91D", "CFOUNDRY:FAA30968EB5FC787D7DD15251E2F2C77", "CFOUNDRY:FF4932B5C8F02BCDD5166E1468967F16"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1665428177"]}, {"type": "cve", "idList": ["CVE-2019-14899", "CVE-2019-20838", "CVE-2020-10002", "CVE-2020-10003", "CVE-2020-10004", "CVE-2020-10005", "CVE-2020-10006", "CVE-2020-10007", "CVE-2020-10008", "CVE-2020-10009", "CVE-2020-10010", "CVE-2020-10011", "CVE-2020-10012", "CVE-2020-10014", "CVE-2020-10015", "CVE-2020-10016", "CVE-2020-10017", "CVE-2020-10663", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13524", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-14155", "CVE-2020-15358", "CVE-2020-27893", "CVE-2020-27894", "CVE-2020-27896", "CVE-2020-27897", "CVE-2020-27898", "CVE-2020-27899", "CVE-2020-27900", "CVE-2020-27901", "CVE-2020-27903", "CVE-2020-27904", "CVE-2020-27906", "CVE-2020-27907", "CVE-2020-27908", "CVE-2020-27909", "CVE-2020-27910", "CVE-2020-27911", "CVE-2020-27912", "CVE-2020-27914", "CVE-2020-27915", "CVE-2020-27916", "CVE-2020-27917", "CVE-2020-27918", "CVE-2020-27919", "CVE-2020-27920", "CVE-2020-27921", "CVE-2020-27922", "CVE-2020-27923", "CVE-2020-27924", "CVE-2020-27927", "CVE-2020-27930", "CVE-2020-27931", "CVE-2020-27932", "CVE-2020-27935", "CVE-2020-27937", "CVE-2020-27942", "CVE-2020-27945", "CVE-2020-27950", "CVE-2020-27952", "CVE-2020-29629", "CVE-2020-29639", "CVE-2020-9849", "CVE-2020-9876", "CVE-2020-9883", "CVE-2020-9897", "CVE-2020-9941", "CVE-2020-9942", "CVE-2020-9943", "CVE-2020-9944", "CVE-2020-9945", "CVE-2020-9947", "CVE-2020-9949", "CVE-2020-9950", "CVE-2020-9955", "CVE-2020-9956", "CVE-2020-9960", "CVE-2020-9962", "CVE-2020-9963", "CVE-2020-9965", "CVE-2020-9966", "CVE-2020-9967", "CVE-2020-9969", "CVE-2020-9971", "CVE-2020-9974", "CVE-2020-9975", "CVE-2020-9977", "CVE-2020-9978", "CVE-2020-9987", "CVE-2020-9988", "CVE-2020-9989", "CVE-2020-9991", "CVE-2020-9996", "CVE-2020-9999", "CVE-2021-1755", "CVE-2021-1775", "CVE-2021-1790", "CVE-2021-1803"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2190-1:22FB1", "DEBIAN:DLA-2190-1:342CE", "DEBIAN:DLA-2192-1:E4FCE", "DEBIAN:DLA-2192-1:FD86A", "DEBIAN:DLA-2221-1:3C6AD", "DEBIAN:DLA-2221-1:DCC99", "DEBIAN:DLA-2340-1:34DF9", "DEBIAN:DSA-4721-1:85B0A", "DEBIAN:DSA-4721-1:BB086", "DEBIAN:DSA-4877-1:61845", "DEBIAN:DSA-4877-1:95C13"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-20838", "DEBIANCVE:CVE-2020-10663", "DEBIANCVE:CVE-2020-13434", "DEBIANCVE:CVE-2020-13435", "DEBIANCVE:CVE-2020-13630", "DEBIANCVE:CVE-2020-13631", "DEBIANCVE:CVE-2020-14155", "DEBIANCVE:CVE-2020-15358", "DEBIANCVE:CVE-2020-27918", "DEBIANCVE:CVE-2020-9947"]}, {"type": "f5", "idList": ["F5:K02219239", "F5:K11155549"]}, {"type": "fedora", "idList": ["FEDORA:049BD604E7C5", "FEDORA:08C6260AAEC8", "FEDORA:40E0330A072B", "FEDORA:7E63530C02C9", "FEDORA:997C53060987", "FEDORA:A680A60877B2", "FEDORA:C3ED760C452F"]}, {"type": "freebsd", "idList": ["0A305431-BC98-11EA-A051-001B217B3468", "40194E1C-6D89-11EA-8082-80EE73419AF3", "C4AC9C79-AB37-11EA-8B5E-B42E99A1B9C3"]}, {"type": "gentoo", "idList": ["GLSA-202007-26", "GLSA-202104-03"]}, {"type": "github", "idList": ["GHSA-JPHG-QWRW-7W9G"]}, {"type": "githubexploit", "idList": ["29D81BD3-4876-5AE2-A189-A5E13E62CB04", "959B72B8-E40F-5FB7-BC9F-321AF7B232A3", "A7B3D8A2-6024-5329-87C3-9277F989B6A4", "EF070693-8057-5F11-B8E8-0FBE9FEEE35D"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:7659E73B419D190E6DA39B1523454604", "GOOGLEPROJECTZERO:A596034F451F58030932B2FC46FB6F38", "GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "ibm", "idList": ["20253899F502FDF9B48857A95C7DD8AE785940A7D1A6A2E66760804009268FA3", "281139F30DBD8FF3981EC6F46CCC25F3D1AB2B503A0460D13A7677E2BA52ED5F", "49B51E8647F7A4F0DC547625ABFE8CEDFE5DD4CC415227136048AF28A525CEE4", "58ED30D428A984C724173FE0D7B9F5728CB2116FBB12CF0CA485901C18039F85", "6549F7FB91216E6B5325DB660AF73FDF2D181F5FC1D3D96D412B600D6C349A96", "6DFE02E47206439339CF69003DED7C6A339BE8A9FDA6611EA300ACF64BDB9DD1", "74F2A94336E51B0E3062906A1A2B7FB8CDE35DFD901789C840E3CE1DA62E9EF6", "7E48E83AB3B599D048D884D2F2A9C830676F7F8EE7EFC2B799BFE4618D5E9A2F", "976991E08934E137D1B209E3B8F16F97B934322894053709C5863ECE2EB03B78", "97CF7C515357F1AFFF5BDC937895F029179A2F0A599F6865A2F4BA81F8C07371", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "A2E923A551C0F36BAC84848E053A3A93F2AC1141EB9D1739FE1D48A6684F5352", "AB7E82CD356AAA55900FFB785ECCA647E2DE687F0BE610FBC448CF5A139EB4CF", "BC0916015C108037BE6EEE58D101EE5DE12F752A3F9BF433C3D352C6406B3C0E", "BDFA432EA62E6EFDD1DA5F84B4EE926C27FCF1125443F9D0EC5005B0FEE74C89", "C782E28D921E60ACB8E9DA8D4E896C767C63812207127F74F0A2911E51EF5864", "CCE2284A1DEFC26817EC9BCCD38DA7A3854365480FF9426304A46C0C98F30195", "D0B31273B5CAE7971F9FBEBC2F13E62ED0E72188BCE9AE7F9E483C591E4A9F50", "D288D5ADF67DE9C3743BE8316D7F496F7CA64A396C1E8E9019178232D17AF15D", "DABA54C910D787AA9C35B75D7ABCC7D92583CC7B7E08D8777DA37589A3BB056B", "E266F803E71C486543CF623D66DDFA40AA2C4AEB0C15F49A79A5600D3D37709B", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C", "FABB94D4F22FE933341A4AC48321DD3E7433EB12024376434818EBEED312A6EB"]}, {"type": "ics", "idList": ["ICSA-22-069-09"]}, {"type": "kaspersky", "idList": ["KLA11926", "KLA11965", "KLA12006", "KLA12007", "KLA12008", "KLA12017"]}, {"type": "mageia", "idList": ["MGASA-2020-0186", "MGASA-2021-0181", "MGASA-2021-0303"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:03A8A13A14597942B62E89C732F431DE", "MALWAREBYTES:F71AD5CDA6C45C0B5692B8D33BFC95C5"]}, {"type": "mmpc", "idList": ["MMPC:103E36516D8F01093A2395B683168A00"]}, {"type": "mssecure", "idList": ["MSSECURE:103E36516D8F01093A2395B683168A00"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1641.NASL", "ALA_ALAS-2020-1416.NASL", "ALA_ALAS-2020-1422.NASL", "ALA_ALAS-2020-1423.NASL", "ALA_ALAS-2020-1426.NASL", "ALMA_LINUX_ALSA-2020-4442.NASL", "ALMA_LINUX_ALSA-2021-1581.NASL", "ALMA_LINUX_ALSA-2021-1968.NASL", "ALMA_LINUX_ALSA-2021-4373.NASL", "ALMA_LINUX_ALSA-2021-4381.NASL", "ALMA_LINUX_ALSA-2021-4396.NASL", "APPLETV_14_2.NASL", "APPLE_IOS_1249_CHECK.NBIN", "APPLE_IOS_136_CHECK.NBIN", "APPLE_IOS_142_CHECK.NBIN", "CENTOS8_RHSA-2020-2462.NASL", "CENTOS8_RHSA-2020-4442.NASL", "CENTOS8_RHSA-2021-1581.NASL", "CENTOS8_RHSA-2021-1968.NASL", "CENTOS8_RHSA-2021-2587.NASL", "CENTOS8_RHSA-2021-2588.NASL", "CENTOS8_RHSA-2021-4373.NASL", "CENTOS8_RHSA-2021-4381.NASL", "CENTOS8_RHSA-2021-4396.NASL", "DEBIAN_DLA-2190.NASL", "DEBIAN_DLA-2192.NASL", "DEBIAN_DLA-2221.NASL", "DEBIAN_DSA-4721.NASL", "DEBIAN_DSA-4877.NASL", "EULEROS_SA-2020-1590.NASL", "EULEROS_SA-2020-1615.NASL", "EULEROS_SA-2020-1686.NASL", "EULEROS_SA-2020-1691.NASL", "EULEROS_SA-2020-1693.NASL", "EULEROS_SA-2020-1717.NASL", "EULEROS_SA-2020-1819.NASL", "EULEROS_SA-2020-1827.NASL", "EULEROS_SA-2020-1896.NASL", "EULEROS_SA-2020-1908.NASL", "EULEROS_SA-2020-1930.NASL", "EULEROS_SA-2020-1942.NASL", "EULEROS_SA-2020-1950.NASL", "EULEROS_SA-2020-1955.NASL", "EULEROS_SA-2020-1987.NASL", "EULEROS_SA-2020-2059.NASL", "EULEROS_SA-2020-2088.NASL", "EULEROS_SA-2020-2139.NASL", "EULEROS_SA-2020-2379.NASL", "EULEROS_SA-2020-2398.NASL", "EULEROS_SA-2020-2453.NASL", "EULEROS_SA-2020-2458.NASL", "EULEROS_SA-2021-1626.NASL", "EULEROS_SA-2021-2156.NASL", "EULEROS_SA-2021-2169.NASL", "FEDORA_2020-0477F8840E.NASL", "FEDORA_2020-26DF92331A.NASL", "FEDORA_2020-A95706B117.NASL", "FEDORA_2020-D171BF636D.NASL", "FEDORA_2021-619711D709.NASL", "FEDORA_2021-864DC37032.NASL", "FREEBSD_PKG_0A305431BC9811EAA051001B217B3468.NASL", "FREEBSD_PKG_40194E1C6D8911EA808280EE73419AF3.NASL", "FREEBSD_PKG_C4AC9C79AB3711EA8B5EB42E99A1B9C3.NASL", "GENTOO_GLSA-202007-26.NASL", "GENTOO_GLSA-202104-03.NASL", "JUNIPER_JSA69705.NASL", "MACOS_HT211289.NASL", "MACOS_HT211849.NASL", "MACOS_HT211931.NASL", "MACOS_HT211946.NASL", "MACOS_HT212011.NASL", "MACOS_HT212147.NASL", "MACOS_HT212326.NASL", "MACOS_HT212327.NASL", "NEWSTART_CGSL_NS-SA-2021-0064_SQLITE.NASL", "NEWSTART_CGSL_NS-SA-2022-0052_SQLITE.NASL", "OPENSUSE-2020-586.NASL", "OPENSUSE-2021-1058.NASL", "OPENSUSE-2021-1130.NASL", "OPENSUSE-2021-1441.NASL", "OPENSUSE-2021-2320.NASL", "OPENSUSE-2021-2575.NASL", "OPENSUSE-2021-2637.NASL", "OPENSUSE-2021-2795.NASL", "OPENSUSE-2021-3529.NASL", "OPENSUSE-2021-637.NASL", "OPENSUSE-2022-0182-1.NASL", "ORACLELINUX_ELSA-2020-4442.NASL", "ORACLELINUX_ELSA-2021-1581.NASL", "ORACLELINUX_ELSA-2021-2587.NASL", "ORACLELINUX_ELSA-2021-2588.NASL", "ORACLELINUX_ELSA-2021-4373.NASL", "ORACLELINUX_ELSA-2021-4381.NASL", "ORACLELINUX_ELSA-2021-4396.NASL", "PHOTONOS_PHSA-2020-1_0-0294_RUBY.NASL", "PHOTONOS_PHSA-2020-1_0-0298_SQLITE.NASL", "PHOTONOS_PHSA-2020-1_0-0308_SQLITE.NASL", "PHOTONOS_PHSA-2020-2_0-0249_SQLITE.NASL", "PHOTONOS_PHSA-2020-2_0-0256_PCRE.NASL", "PHOTONOS_PHSA-2020-2_0-0261_SQLITE.NASL", "PHOTONOS_PHSA-2020-3_0-0089_RUBY.NASL", "PHOTONOS_PHSA-2020-3_0-0101_SQLITE.NASL", "PHOTONOS_PHSA-2020-3_0-0108_PCRE.NASL", "PHOTONOS_PHSA-2020-3_0-0113_SQLITE.NASL", "PHOTONOS_PHSA-2021-4_0-0007_MYSQL.NASL", "REDHAT-RHSA-2020-2462.NASL", "REDHAT-RHSA-2020-2473.NASL", "REDHAT-RHSA-2020-2670.NASL", "REDHAT-RHSA-2020-4442.NASL", "REDHAT-RHSA-2021-1581.NASL", "REDHAT-RHSA-2021-1968.NASL", "REDHAT-RHSA-2021-2104.NASL", "REDHAT-RHSA-2021-2230.NASL", "REDHAT-RHSA-2021-2587.NASL", "REDHAT-RHSA-2021-2588.NASL", "REDHAT-RHSA-2021-4373.NASL", "REDHAT-RHSA-2021-4381.NASL", "REDHAT-RHSA-2021-4396.NASL", "REDHAT-RHSA-2021-4614.NASL", "REDHAT-RHSA-2022-0581.NASL", "REDHAT-RHSA-2022-0582.NASL", "ROCKY_LINUX_RLSA-2020-2462.NASL", "ROCKY_LINUX_RLSA-2021-2587.NASL", "ROCKY_LINUX_RLSA-2021-2588.NASL", "SECURITYCENTER_5_19_0_TNS_2021_08.NASL", "SECURITYCENTER_5_19_0_TNS_2021_14.NASL", "SUSE_SU-2020-0995-1.NASL", "SUSE_SU-2020-1570-1.NASL", "SUSE_SU-2021-1430-1.NASL", "SUSE_SU-2021-1499-1.NASL", "SUSE_SU-2021-1990-1.NASL", "SUSE_SU-2021-2320-1.NASL", "SUSE_SU-2021-2564-1.NASL", "SUSE_SU-2021-2636-1.NASL", "SUSE_SU-2021-2637-1.NASL", "SUSE_SU-2021-2638-1.NASL", "SUSE_SU-2021-2795-1.NASL", "SUSE_SU-2021-3215-1.NASL", "SUSE_SU-2021-3529-1.NASL", "SUSE_SU-2021-3652-1.NASL", "SUSE_SU-2022-0142-1.NASL", "SUSE_SU-2022-0182-1.NASL", "SUSE_SU-2022-0182-2.NASL", "SUSE_SU-2022-0183-1.NASL", "UBUNTU_USN-4394-1.NASL", "UBUNTU_USN-4438-1.NASL", "UBUNTU_USN-4882-1.NASL", "UBUNTU_USN-4894-1.NASL", "UBUNTU_USN-5425-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704721", "OPENVAS:1361412562310844467", "OPENVAS:1361412562310853135", "OPENVAS:1361412562310877782", "OPENVAS:1361412562310877787", "OPENVAS:1361412562310877892", "OPENVAS:1361412562310877945", "OPENVAS:1361412562310892190", "OPENVAS:1361412562310892192", "OPENVAS:1361412562310892221", "OPENVAS:1361412562311220201590", "OPENVAS:1361412562311220201615", "OPENVAS:1361412562311220201686", "OPENVAS:1361412562311220201691", "OPENVAS:1361412562311220201693", "OPENVAS:1361412562311220201717"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021", "ORACLE:CPUAPR2022", "ORACLE:CPUJAN2021", "ORACLE:CPUJUL2020", "ORACLE:CPUOCT2020", "ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4442", "ELSA-2020-5724", "ELSA-2021-1581", "ELSA-2021-2587", "ELSA-2021-2588", "ELSA-2021-4373", "ELSA-2021-4381", "ELSA-2021-4396"]}, {"type": "osv", "idList": ["OSV:ASB-A-192605364", "OSV:DLA-2190-1", "OSV:DLA-2192-1", "OSV:DLA-2221-1", "OSV:DLA-2340-1", "OSV:DLA-2340-2", "OSV:DSA-4721-1", "OSV:DSA-4797-1", "OSV:DSA-4877-1", "OSV:GHSA-JPHG-QWRW-7W9G"]}, {"type": "photon", "idList": ["PHSA-2020-0089", "PHSA-2020-0101", "PHSA-2020-0108", "PHSA-2020-0113", "PHSA-2020-0242", "PHSA-2020-0249", "PHSA-2020-0256", "PHSA-2020-0261", "PHSA-2020-0308", "PHSA-2020-1.0-0294", "PHSA-2020-1.0-0298", "PHSA-2020-1.0-0305", "PHSA-2020-1.0-0308", "PHSA-2020-2.0-0249", "PHSA-2020-2.0-0256", "PHSA-2020-2.0-0261", "PHSA-2020-3.0-0089", "PHSA-2020-3.0-0101", "PHSA-2020-3.0-0108", "PHSA-2020-3.0-0113", "PHSA-2021-0007", "PHSA-2021-0197", "PHSA-2021-4.0-0007"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:70AF718BCABA36D5847184CA639B55C9"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F67633FF8EFFC87A7C686D113E22FCC9"]}, {"type": "redhat", "idList": ["RHSA-2020:2462", "RHSA-2020:2473", "RHSA-2020:2670", "RHSA-2020:4442", "RHSA-2020:5149", "RHSA-2020:5364", "RHSA-2020:5605", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:0050", "RHSA-2021:0146", "RHSA-2021:0190", "RHSA-2021:0436", "RHSA-2021:0799", "RHSA-2021:1581", "RHSA-2021:1968", "RHSA-2021:2021", "RHSA-2021:2104", "RHSA-2021:2121", "RHSA-2021:2130", "RHSA-2021:2136", "RHSA-2021:2230", "RHSA-2021:2461", "RHSA-2021:2479", "RHSA-2021:2532", "RHSA-2021:2543", "RHSA-2021:2587", "RHSA-2021:2588", "RHSA-2021:2705", "RHSA-2021:2920", "RHSA-2021:3016", "RHSA-2021:3119", "RHSA-2021:3556", "RHSA-2021:4032", "RHSA-2021:4373", "RHSA-2021:4381", "RHSA-2021:4396", "RHSA-2021:4613", "RHSA-2021:4614", "RHSA-2021:4627", "RHSA-2021:4845", "RHSA-2021:4848", "RHSA-2021:4902", "RHSA-2021:4914", "RHSA-2021:5038", "RHSA-2021:5127", "RHSA-2021:5128", "RHSA-2021:5129", "RHSA-2021:5137", "RHSA-2022:0056", "RHSA-2022:0202", "RHSA-2022:0318", "RHSA-2022:0434", "RHSA-2022:0580", "RHSA-2022:0581", "RHSA-2022:0582", "RHSA-2022:0842", "RHSA-2022:0856", "RHSA-2022:1081", "RHSA-2022:1396", "RHSA-2022:5069", "RHSA-2022:5070", "RHSA-2022:5840", "RHSA-2022:5924", "RHSA-2022:6429", "RHSA-2022:6526"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-14899", "RH:CVE-2019-20838", "RH:CVE-2020-10663", "RH:CVE-2020-13434", "RH:CVE-2020-13435", "RH:CVE-2020-13630", "RH:CVE-2020-13631", "RH:CVE-2020-14155", "RH:CVE-2020-15358", "RH:CVE-2020-27918", "RH:CVE-2020-9947"]}, {"type": "rocky", "idList": ["RLSA-2020:2462", "RLSA-2021:2587", "RLSA-2021:2588"]}, {"type": "rubygems", "idList": ["RUBY:JSON-2020-10663"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0586-1", "OPENSUSE-SU-2021:0637-1", "OPENSUSE-SU-2021:1058-1", "OPENSUSE-SU-2021:1441-1", "OPENSUSE-SU-2021:2320-1", "OPENSUSE-SU-2021:3529-1", "OPENSUSE-SU-2022:0182-1", "OPENSUSE-SU-2022:0182-2"]}, {"type": "symantec", "idList": ["SMNTC-111104"]}, {"type": "talos", "idList": ["TALOS-2020-1125", "TALOS-2021-1246"]}, {"type": "thn", "idList": ["THN:6D9C30F48BF06002190A9401A9E9AFC8", "THN:B8C45A3F30B93AE1B41277CEDFF4E5F7", "THN:DAE548E4C591A2718BC3A3D2C9440FB1", "THN:FD10C34E4C222666AC0DBB5533C900AF"]}, {"type": "threatpost", "idList": ["THREATPOST:86D26D0094ABE4C61D364343DB1F2C80", "THREATPOST:C90531BC1E0B38F400111112E4CBEF3A", "THREATPOST:CD0C6BFC2A71E723ABC80C9F2924375E"]}, {"type": "ubuntu", "idList": ["USN-4394-1", "USN-4438-1", "USN-4882-1", "USN-4894-1", "USN-5425-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-14899", "UB:CVE-2019-20838", "UB:CVE-2020-10663", "UB:CVE-2020-13434", "UB:CVE-2020-13435", "UB:CVE-2020-13630", "UB:CVE-2020-13631", "UB:CVE-2020-14155", "UB:CVE-2020-15358", "UB:CVE-2020-27918", "UB:CVE-2020-27920", "UB:CVE-2020-9849", "UB:CVE-2020-9947", "UB:CVE-2020-9991", "UB:CVE-2021-0646"]}, {"type": "veracode", "idList": ["VERACODE:22758", "VERACODE:26072", "VERACODE:26073", "VERACODE:27788", "VERACODE:27789", "VERACODE:28548", "VERACODE:29856", "VERACODE:30230", "VERACODE:30556", "VERACODE:32922"]}, {"type": "zdi", "idList": ["ZDI-20-1183", "ZDI-20-1238", "ZDI-20-1389", "ZDI-20-1390", "ZDI-20-1393", "ZDI-20-1394", "ZDI-20-1395", "ZDI-20-1396", "ZDI-20-1401", "ZDI-20-1402", "ZDI-20-1403", "ZDI-20-1404", "ZDI-20-1405", "ZDI-20-1406", "ZDI-20-1407", "ZDI-20-1408", "ZDI-20-1409", "ZDI-20-1410", "ZDI-20-1411", "ZDI-21-069", "ZDI-21-138", "ZDI-21-374", "ZDI-21-375", "ZDI-21-378", "ZDI-21-379", "ZDI-21-380", "ZDI-21-381", "ZDI-21-382", "ZDI-21-383", "ZDI-21-384", "ZDI-21-385", "ZDI-21-386", "ZDI-21-387", "ZDI-21-388", "ZDI-21-390", "ZDI-21-391", "ZDI-21-392", "ZDI-21-393", "ZDI-21-394", "ZDI-21-395", "ZDI-21-396", "ZDI-21-397", "ZDI-21-486"]}]}, "score": {"value": 0.8, "vector": "NONE"}, "epss": [{"cve": "CVE-2019-14899", "epss": "0.000460000", "percentile": "0.139640000", "modified": "2023-03-19"}, {"cve": "CVE-2019-20838", "epss": "0.007440000", "percentile": "0.780080000", "modified": "2023-03-19"}, {"cve": "CVE-2020-10002", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}, {"cve": "CVE-2020-10003", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}, {"cve": "CVE-2020-10004", "epss": "0.000890000", "percentile": "0.366290000", "modified": "2023-03-20"}, {"cve": "CVE-2020-10005", "epss": "0.000600000", "percentile": "0.230790000", "modified": "2023-03-20"}, {"cve": "CVE-2020-10006", "epss": "0.000640000", "percentile": "0.259690000", "modified": "2023-03-20"}, {"cve": "CVE-2020-10007", "epss": "0.000610000", "percentile": "0.235820000", "modified": "2023-03-20"}, {"cve": "CVE-2020-10008", "epss": "0.000570000", "percentile": "0.215800000", "modified": "2023-03-20"}, {"cve": "CVE-2020-10009", "epss": "0.000560000", "percentile": "0.213800000", "modified": "2023-03-20"}, {"cve": "CVE-2020-10010", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}, {"cve": "CVE-2020-10011", "epss": "0.000860000", "percentile": "0.348230000", "modified": "2023-03-20"}, {"cve": "CVE-2020-10012", "epss": "0.001290000", "percentile": "0.461150000", "modified": "2023-03-20"}, {"cve": "CVE-2020-10014", "epss": "0.000570000", "percentile": "0.216150000", "modified": "2023-03-20"}, {"cve": "CVE-2020-10015", "epss": "0.000800000", "percentile": "0.326300000", "modified": "2023-03-20"}, {"cve": "CVE-2020-10016", "epss": "0.001290000", "percentile": "0.461160000", "modified": "2023-03-20"}, {"cve": "CVE-2020-10017", "epss": "0.001180000", "percentile": "0.442320000", "modified": "2023-03-20"}, {"cve": "CVE-2020-10663", "epss": "0.002070000", "percentile": "0.569750000", "modified": "2023-03-19"}, {"cve": "CVE-2020-13434", "epss": "0.000630000", "percentile": "0.248960000", "modified": "2023-03-19"}, {"cve": "CVE-2020-13435", "epss": "0.001060000", "percentile": "0.414880000", "modified": "2023-03-19"}, {"cve": "CVE-2020-13524", "epss": "0.000530000", "percentile": "0.191820000", "modified": "2023-03-20"}, {"cve": "CVE-2020-13630", "epss": "0.000560000", "percentile": "0.214330000", "modified": "2023-03-19"}, {"cve": "CVE-2020-13631", "epss": "0.000520000", "percentile": "0.182360000", "modified": "2023-03-19"}, {"cve": "CVE-2020-14155", "epss": "0.002750000", "percentile": "0.630760000", "modified": "2023-03-19"}, {"cve": "CVE-2020-15358", "epss": "0.000780000", "percentile": "0.320080000", "modified": "2023-03-19"}, {"cve": "CVE-2020-27893", "epss": "0.000910000", "percentile": "0.371580000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27894", "epss": "0.000550000", "percentile": "0.208950000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27896", "epss": "0.000890000", "percentile": "0.362220000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27897", "epss": "0.000450000", "percentile": "0.125640000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27898", "epss": "0.000530000", "percentile": "0.191980000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27899", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27900", "epss": "0.000610000", "percentile": "0.238650000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27901", "epss": "0.000530000", "percentile": "0.190050000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27903", "epss": "0.000680000", "percentile": "0.277190000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27904", "epss": "0.000710000", "percentile": "0.288750000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27906", "epss": "0.003550000", "percentile": "0.676020000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27907", "epss": "0.000810000", "percentile": "0.329160000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27908", "epss": "0.000930000", "percentile": "0.379550000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27909", "epss": "0.000800000", "percentile": "0.326460000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27910", "epss": "0.000860000", "percentile": "0.348230000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27911", "epss": "0.002950000", "percentile": "0.644260000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27912", "epss": "0.001050000", "percentile": "0.411230000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27914", "epss": "0.000760000", "percentile": "0.305910000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27915", "epss": "0.000760000", "percentile": "0.305910000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27916", "epss": "0.001100000", "percentile": "0.424220000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27917", "epss": "0.001300000", "percentile": "0.461250000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27918", "epss": "0.000900000", "percentile": "0.366610000", "modified": "2023-03-19"}, {"cve": "CVE-2020-27919", "epss": "0.000760000", "percentile": "0.305910000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27920", "epss": "0.003580000", "percentile": "0.677380000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27921", "epss": "0.000760000", "percentile": "0.305910000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27922", "epss": "0.000740000", "percentile": "0.300790000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27923", "epss": "0.000860000", "percentile": "0.348330000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27924", "epss": "0.000860000", "percentile": "0.348230000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27927", "epss": "0.000860000", "percentile": "0.348330000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27930", "epss": "0.001250000", "percentile": "0.452640000", "modified": "2023-03-19"}, {"cve": "CVE-2020-27931", "epss": "0.000930000", "percentile": "0.380150000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27932", "epss": "0.001250000", "percentile": "0.452640000", "modified": "2023-03-19"}, {"cve": "CVE-2020-27935", "epss": "0.000560000", "percentile": "0.213800000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27937", "epss": "0.000610000", "percentile": "0.238650000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27942", "epss": "0.000730000", "percentile": "0.296060000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27945", "epss": "0.000770000", "percentile": "0.311630000", "modified": "2023-03-20"}, {"cve": "CVE-2020-27950", "epss": "0.002720000", "percentile": "0.629070000", "modified": "2023-03-19"}, {"cve": "CVE-2020-27952", "epss": "0.000800000", "percentile": "0.326300000", "modified": "2023-03-20"}, {"cve": "CVE-2020-29629", "epss": "0.000540000", "percentile": "0.194500000", "modified": "2023-03-20"}, {"cve": "CVE-2020-29639", "epss": "0.000610000", "percentile": "0.235640000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9849", "epss": "0.003390000", "percentile": "0.668190000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9876", "epss": "0.001080000", "percentile": "0.420880000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9883", "epss": "0.000950000", "percentile": "0.385370000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9897", "epss": "0.000650000", "percentile": "0.264080000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9941", "epss": "0.003020000", "percentile": "0.648520000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9942", "epss": "0.000860000", "percentile": "0.348440000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9943", "epss": "0.000730000", "percentile": "0.294650000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9944", "epss": "0.000730000", "percentile": "0.294650000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9945", "epss": "0.000860000", "percentile": "0.348440000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9947", "epss": "0.003400000", "percentile": "0.668480000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9949", "epss": "0.001290000", "percentile": "0.461160000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9950", "epss": "0.002850000", "percentile": "0.637830000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9955", "epss": "0.000890000", "percentile": "0.363280000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9956", "epss": "0.000930000", "percentile": "0.379550000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9960", "epss": "0.000860000", "percentile": "0.348230000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9962", "epss": "0.000860000", "percentile": "0.347110000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9963", "epss": "0.000650000", "percentile": "0.263910000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9965", "epss": "0.000860000", "percentile": "0.348230000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9966", "epss": "0.000860000", "percentile": "0.348230000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9967", "epss": "0.001320000", "percentile": "0.465710000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9969", "epss": "0.000540000", "percentile": "0.194360000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9971", "epss": "0.000650000", "percentile": "0.266560000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9974", "epss": "0.000880000", "percentile": "0.359160000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9975", "epss": "0.000860000", "percentile": "0.348330000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9977", "epss": "0.000650000", "percentile": "0.263910000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9978", "epss": "0.000470000", "percentile": "0.143710000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9987", "epss": "0.000720000", "percentile": "0.292930000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9988", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9989", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9991", "epss": "0.004830000", "percentile": "0.721650000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9996", "epss": "0.000860000", "percentile": "0.348440000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9999", "epss": "0.001180000", "percentile": "0.442320000", "modified": "2023-03-20"}, {"cve": "CVE-2021-1755", "epss": "0.000500000", "percentile": "0.174850000", "modified": "2023-03-20"}, {"cve": "CVE-2021-1775", "epss": "0.000680000", "percentile": "0.278170000", "modified": "2023-03-20"}, {"cve": "CVE-2021-1790", "epss": "0.000650000", "percentile": "0.264420000", "modified": "2023-03-20"}, {"cve": "CVE-2021-1803", "epss": "0.000480000", "percentile": "0.149910000", "modified": "2023-03-20"}], "vulnersScore": 0.8}, "_state": {"affected_software_major_version": 1666422819, "dependencies": 1666639943, "score": 1666639956, "epss": 1679323282}, "_internal": {"score_hash": "c540d90a7e0c80153106f0b68e75d2eb"}, "affectedSoftware": [{"version": "11.0.1", "operator": "lt", "name": "macos big sur"}]}

{"apple": [{"lastseen": "2021-02-19T04:44:31", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Big Sur 11.0.1\n\nReleased November 12, 2020\n\n**AMD**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27914: Yu Wang of Didi Research America\n\nCVE-2020-27915: Yu Wang of Didi Research America\n\nEntry added December 14, 2020\n\n**App Store**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Audio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab\n\n**Audio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab\n\n**Bluetooth**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause unexpected application termination or heap corruption\n\nDescription: Multiple integer overflows were addressed with improved input validation.\n\nCVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab\n\n**CoreAudio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\nCVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\nEntry added December 14, 2020\n\n**CoreAudio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab\n\n**CoreCapture**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9949: Proteas\n\n**CoreGraphics**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\n**Crash Reporter**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan\n\n**CoreText**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-27922: Mickey Jin of Trend Micro\n\nEntry added December 14, 2020\n\n**CoreText**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9999: Apple\n\nEntry updated December 14, 2020\n\n**Disk Images**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9965: Proteas\n\nCVE-2020-9966: Proteas\n\n**Finder**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Users may be unable to remove metadata indicating where files were downloaded from\n\nDescription: The issue was addressed with additional user controls.\n\nCVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com)\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2020-9962: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nEntry added December 14, 2020\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro\n\nEntry added December 14, 2020\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added December 14, 2020\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.\n\nCVE-2020-27931: Apple\n\nEntry added December 14, 2020\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27930: Google Project Zero\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab\n\n**Foundation**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10002: James Hutchins\n\n**HomeKit**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An attacker in a privileged network position may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved setting propagation.\n\nCVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology\n\nEntry added December 14, 2020\n\n**ImageIO**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added December 14, 2020\n\n**ImageIO**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27924: Lei Sun\n\nEntry added December 14, 2020\n\n**ImageIO**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27923: Lei Sun\n\nEntry updated December 14, 2020\n\n**ImageIO**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**Intel Graphics Driver**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nCVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc., and Luyi Xing of Indiana University Bloomington\n\nEntry added December 14, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nEntry added December 14, 2020\n\n**Image Processing**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added December 14, 2020\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2020-9967: Alex Plaskett (@alexjplaskett)\n\nEntry added December 14, 2020\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9975: Tielei Wang of Pangu Lab\n\nEntry added December 14, 2020\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-27921: Linus Henze (pinauten.de)\n\nEntry added December 14, 2020\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n\nCVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong Security Lab\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2020-27950: Google Project Zero\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9974: Tommy Muir (@Muirey03)\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-10016: Alex Helie\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2020-27932: Google Project Zero\n\n**libxml2**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27917: found by OSS-Fuzz\n\nCVE-2020-27920: found by OSS-Fuzz\n\nEntry updated December 14, 2020\n\n**libxml2**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-27911: found by OSS-Fuzz\n\n**libxpc**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nEntry added December 14, 2020\n\n**libxpc**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A parsing issue in the handling of directory paths was addressed with improved path validation.\n\nCVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Logging**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-10010: Tommy Muir (@Muirey03)\n\n**Mail**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9941: Fabian Ising of FH M\u00fcnster University of Applied Sciences and Damian Poddebniak of FH M\u00fcnster University of Applied Sciences\n\n**Messages**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local user may be able to discover a user\u2019s deleted messages\n\nDescription: The issue was addressed with improved deletion.\n\nCVE-2020-9988: William Breuer of the Netherlands\n\nCVE-2020-9989: von Brunn Media\n\n**Model I/O**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-10011: Aleksandar Nikolic of Cisco Talos\n\nEntry added December 14, 2020\n\n**Model I/O**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-13524: Aleksandar Nikolic of Cisco Talos\n\n**Model I/O**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10004: Aleksandar Nikolic of Cisco Talos\n\n**NetworkExtension**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro\n\n**NSRemoteView**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-27901: Thijs Alkemade of Computest Research Division\n\nEntry added December 14, 2020\n\n**NSRemoteView**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to preview files it does not have access to\n\nDescription: An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic.\n\nCVE-2020-27900: Thijs Alkemade of Computest Research Division\n\n**PCRE**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Multiple issues in pcre\n\nDescription: Multiple issues were addressed by updating to version 8.44.\n\nCVE-2019-20838\n\nCVE-2020-14155\n\n**Power Management**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative\n\n**python**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Cookies belonging to one origin may be sent to another origin\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-27896: an anonymous researcher\n\n**Quick Look**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious app may be able to determine the existence of files on the computer\n\nDescription: The issue was addressed with improved handling of icon caches.\n\nCVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**Quick Look**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted document may lead to a cross site scripting attack\n\nDescription: An access issue was addressed with improved access restrictions.\n\nCVE-2020-10012: Heige of KnownSec 404 Team (https://www.knownsec.com/) and Bo Qu of Palo Alto Networks (https://www.paloaltonetworks.com/)\n\n**Ruby**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to modify the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-27896: an anonymous researcher\n\n**Ruby**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-10663: Jeremy Evans\n\n**Safari**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati\n\n**Safari**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to determine a user's open tabs in Safari\n\nDescription: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.\n\nCVE-2020-9977: Josh Parnham (@joshparnham)\n\n**Safari**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2020-9942: an anonymous researcher, Rahul d Kankrale (servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho (@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab\n\n**Sandbox**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local user may be able to view senstive user information\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2020-9969: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9991\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9849\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed with improved checks.\n\nCVE-2020-15358\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A maliciously crafted SQL query may lead to data corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13631\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13434\n\nCVE-2020-13435\n\nCVE-2020-9991\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-13630\n\n**Symptom Framework**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27899: 08Tc3wBB working with ZecOps\n\nEntry added December 14, 2020\n\n**System Preferences**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10009: Thijs Alkemade of Computest Research Division\n\n**TCC**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application with root privileges may be able to access private information\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-10008: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nEntry added December 14, 2020\n\n**WebKit**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27918: Liu Long of Ant Security Light-Year Lab\n\nEntry updated December 14, 2020\n\n**Wi-Fi**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An attacker may be able to bypass Managed Frame Protection\n\nDescription: A denial of service issue was addressed with improved state handling.\n\nCVE-2020-27898: Stephan Marais of University of Johannesburg\n\n**XNU**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-27935: Lior Halphon (@LIJI32)\n\nEntry added December 17, 2020\n\n**Xsan**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2020-10006: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance.\n\nEntry added December 14, 2020\n\n**Audio**\n\nWe would like to acknowledge JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab, an anonymous researcher for their assistance.\n\n**Bluetooth**\n\nWe would like to acknowledge Andy Davis of NCC Group, Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.\n\nEntry updated December 14, 2020\n\n**Clang**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\n**Core Location**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**Crash Reporter**\n\nWe would like to acknowledge Artur Byszko of AFINE for their assistance.\n\nEntry added December 14, 2020\n\n**Directory Utility**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**iAP**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero, Stephen R\u00f6ttger of Google for their assistance.\n\n**libxml2**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added December 14, 2020\n\n**Login Window**\n\nWe would like to acknowledge Rob Morton of Leidos for their assistance.\n\n**Photos Storage**\n\nWe would like to acknowledge Paulos Yibelo of LimeHats for their assistance.\n\n**Quick Look**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech Regu\u0142a of SecuRing (wojciechregula.blog) for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Gabriel Corona and Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their assistance.\n\n**Security**\n\nWe would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance.\n\n**System Preferences**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.\n", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-18T06:14:03", "title": "About the security content of macOS Big Sur 11.0.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27950", "CVE-2020-27931", "CVE-2020-9974", "CVE-2020-27918", "CVE-2020-13434", "CVE-2020-27898", "CVE-2020-27923", "CVE-2020-9996", "CVE-2020-9991", "CVE-2020-9988", "CVE-2020-9967", "CVE-2020-10008", "CVE-2020-9965", "CVE-2020-10004", "CVE-2020-9883", "CVE-2020-27896", "CVE-2020-27935", "CVE-2020-27903", "CVE-2020-27912", "CVE-2020-14155", "CVE-2020-27897", "CVE-2020-27901", "CVE-2020-10010", "CVE-2020-10009", "CVE-2020-9977", "CVE-2020-27909", "CVE-2020-27919", "CVE-2020-9963", "CVE-2020-10007", "CVE-2020-10015", "CVE-2020-9876", "CVE-2020-9969", "CVE-2020-9942", "CVE-2020-10012", "CVE-2020-27906", "CVE-2020-9962", "CVE-2020-9943", "CVE-2020-27927", "CVE-2020-27924", "CVE-2020-9978", "CVE-2020-9999", "CVE-2020-13631", "CVE-2019-20838", "CVE-2020-9955", "CVE-2020-9945", "CVE-2020-27907", "CVE-2020-9989", "CVE-2020-27915", "CVE-2020-9949", "CVE-2020-27900", "CVE-2020-10002", "CVE-2020-10006", "CVE-2020-27904", "CVE-2020-9941", "CVE-2020-9956", "CVE-2020-9849", "CVE-2020-27908", "CVE-2020-27921", "CVE-2019-14899", "CVE-2020-9960", "CVE-2020-10016", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-10003", "CVE-2020-10663", "CVE-2020-9944", "CVE-2020-10011", "CVE-2020-27952", "CVE-2020-27920", "CVE-2020-27911", "CVE-2020-13524", "CVE-2020-10014", "CVE-2020-15358", "CVE-2020-27910", "CVE-2020-27917", "CVE-2020-9975", "CVE-2020-10017", "CVE-2020-27930", "CVE-2020-27914", "CVE-2020-27932", "CVE-2020-27916", "CVE-2020-27899", "CVE-2020-27894", "CVE-2020-9971", "CVE-2020-27922", "CVE-2020-9966"], "modified": "2021-02-18T06:14:03", "id": "APPLE:HT211931", "href": "https://support.apple.com/kb/HT211931", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-21T22:02:53", "description": "# About the security content of watchOS 7.1\n\nThis document describes the security content of watchOS 7.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 7.1\n\nReleased November 5, 2020\n\n**Audio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab\n\n**CoreAudio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab\n\n**CoreAudio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27908: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\nEntry updated March 16, 2021\n\n**CoreText**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-27922: Mickey Jin of Trend Micro\n\nEntry added March 16, 2021\n\n**Crash Reporter**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan\n\n**FontParser**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27930: Google Project Zero\n\n**FontParser**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab\n\n**Foundation**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10002: James Hutchins\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27924: Lei Sun\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27923: Lei Sun\n\nEntry updated March 16, 2021\n\n**IOAcceleratorFamily**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-27905: Mohamed Ghannam (@_simo36)\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2020-27950: Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9974: Tommy Muir (@Muirey03)\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-10016: Alex Helie\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2020-27932: Google Project Zero\n\n**libxml2**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27917: found by OSS-Fuzz\n\nCVE-2020-27920: found by OSS-Fuzz\n\nEntry updated March 16, 2021\n\n**libxml2**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-27911: found by OSS-Fuzz\n\n**Logging**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-10010: Tommy Muir (@Muirey03)\n\n**Symptom Framework**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27899: 08Tc3wBB working with ZecOps\n\nEntry added December 15, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27918: Liu Long of Ant Security Light-Year Lab\n\nEntry updated March 16, 2021\n\n**XNU**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-27935: Lior Halphon (@LIJI32)\n\nEntry added December 15, 2020\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 16, 2021\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-05T00:00:00", "type": "apple", "title": "About the security content of watchOS 7.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10002", "CVE-2020-10003", "CVE-2020-10010", "CVE-2020-10016", "CVE-2020-10017", "CVE-2020-27899", "CVE-2020-27905", "CVE-2020-27908", "CVE-2020-27909", "CVE-2020-27910", "CVE-2020-27911", "CVE-2020-27912", "CVE-2020-27916", "CVE-2020-27917", "CVE-2020-27918", "CVE-2020-27920", "CVE-2020-27922", "CVE-2020-27923", "CVE-2020-27924", "CVE-2020-27927", "CVE-2020-27930", "CVE-2020-27932", "CVE-2020-27935", "CVE-2020-27950", "CVE-2020-9974"], "modified": "2020-11-05T00:00:00", "id": "APPLE:124F71A1E3856ED62AD0750B3590A96A", "href": "https://support.apple.com/kb/HT211928", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T22:03:36", "description": "# About the security content of tvOS 14.2\n\nThis document describes the security content of tvOS 14.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## tvOS 14.2\n\nReleased November 5, 2020\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab\n\n**CoreAudio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab\n\n**CoreAudio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27908: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab\n\nEntry updated March 16, 2021\n\n**CoreText**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-27922: Mickey Jin of Trend Micro\n\nEntry added March 16, 2021\n\n**Crash Reporter**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan\n\n**FontParser**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab\n\n**Foundation**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10002: James Hutchins\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27924: Lei Sun\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27923: Lei Sun\n\nEntry updated March 16, 2021\n\n**IOAcceleratorFamily**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-27905: Mohamed Ghannam (@_simo36)\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9974: Tommy Muir (@Muirey03)\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-10016: Alex Helie\n\n**libxml2**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27917: found by OSS-Fuzz\n\nCVE-2020-27920: found by OSS-Fuzz\n\nEntry updated March 16, 2021\n\n**libxml2**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-27911: found by OSS-Fuzz\n\n**Logging**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-10010: Tommy Muir (@Muirey03)\n\n**Model I/O**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-10011: Aleksandar Nikolic of Cisco Talos\n\nEntry added December 15, 2020\n\n**Model I/O**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10004: Aleksandar Nikolic of Cisco Talos\n\nEntry added March 16, 2021\n\n**Symptom Framework**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27899: 08Tc3wBB working with ZecOps\n\nEntry added December 15, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27918: Liu Long of Ant Security Light-Year Lab\n\nEntry updated March 16, 2021\n\n**XNU**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-27935: Lior Halphon (@LIJI32)\n\nEntry added December 15, 2020\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 16, 2021\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-05T00:00:00", "type": "apple", "title": "About the security content of tvOS 14.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10002", "CVE-2020-10003", "CVE-2020-10004", "CVE-2020-10010", "CVE-2020-10011", "CVE-2020-10016", "CVE-2020-10017", "CVE-2020-27899", "CVE-2020-27905", "CVE-2020-27908", "CVE-2020-27909", "CVE-2020-27910", "CVE-2020-27911", "CVE-2020-27912", "CVE-2020-27916", "CVE-2020-27917", "CVE-2020-27918", "CVE-2020-27920", "CVE-2020-27922", "CVE-2020-27923", "CVE-2020-27924", "CVE-2020-27927", "CVE-2020-27935", "CVE-2020-9974"], "modified": "2020-11-05T00:00:00", "id": "APPLE:4D5F1F61CE90A350592B0D1EC1E9BD34", "href": "https://support.apple.com/kb/HT211930", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:24", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 7.1\n\nReleased November 5, 2020\n\n**Audio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab\n\n**CoreAudio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab\n\n**CoreAudio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**Crash Reporter**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan\n\n**FontParser**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27930: Google Project Zero\n\n**FontParser**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab\n\n**Foundation**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10002: James Hutchins\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\n**IOAcceleratorFamily**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-27905: Mohamed Ghannam (@_simo36)\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2020-27950: Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9974: Tommy Muir (@Muirey03)\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-10016: Alex Helie\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2020-27932: Google Project Zero\n\n**libxml2**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27917: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-27911: found by OSS-Fuzz\n\n**Logging**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-10010: Tommy Muir (@Muirey03)\n\n**Symptom Framework**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27899: 08Tc3wBB working with ZecOps\n\nEntry added December 15, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27918: an anonymous researcher\n\n**XNU**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-27935: Lior Halphon (@LIJI32)\n\nEntry added December 15, 2020\n", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T06:04:57", "title": "About the security content of watchOS 7.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27950", "CVE-2020-9974", "CVE-2020-27918", "CVE-2020-27935", "CVE-2020-27912", "CVE-2020-10010", "CVE-2020-27909", "CVE-2020-27927", "CVE-2020-10002", "CVE-2020-10016", "CVE-2020-10003", "CVE-2020-27911", "CVE-2020-27905", "CVE-2020-27910", "CVE-2020-27917", "CVE-2020-10017", "CVE-2020-27930", "CVE-2020-27932", "CVE-2020-27916", "CVE-2020-27899"], "modified": "2020-12-15T06:04:57", "id": "APPLE:HT211928", "href": "https://support.apple.com/kb/HT211928", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:20", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## tvOS 14.2\n\nReleased November 5, 2020\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab\n\n**CoreAudio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab\n\n**CoreAudio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**Crash Reporter**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan\n\n**FontParser**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab\n\n**Foundation**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10002: James Hutchins\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\n**IOAcceleratorFamily**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-27905: Mohamed Ghannam (@_simo36)\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9974: Tommy Muir (@Muirey03)\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-10016: Alex Helie\n\n**libxml2**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27917: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-27911: found by OSS-Fuzz\n\n**Logging**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-10010: Tommy Muir (@Muirey03)\n\n**Model I/O**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-10011: Aleksandar Nikolic of Cisco Talos\n\nEntry added December 15, 2020\n\n**Symptom Framework**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27899: 08Tc3wBB working with ZecOps\n\nEntry added December 15, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27918: an anonymous researcher\n\n**XNU**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-27935: Lior Halphon (@LIJI32)\n\nEntry added December 15, 2020\n", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T05:56:55", "title": "About the security content of tvOS 14.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9974", "CVE-2020-27918", "CVE-2020-27935", "CVE-2020-27912", "CVE-2020-10010", "CVE-2020-27909", "CVE-2020-27927", "CVE-2020-10002", "CVE-2020-10016", "CVE-2020-10003", "CVE-2020-10011", "CVE-2020-27911", "CVE-2020-27905", "CVE-2020-27910", "CVE-2020-27917", "CVE-2020-10017", "CVE-2020-27916", "CVE-2020-27899"], "modified": "2020-12-15T05:56:55", "id": "APPLE:HT211930", "href": "https://support.apple.com/kb/HT211930", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-11T14:20:15", "description": "# About the security content of iOS 14.2 and iPadOS 14.2\n\nThis document describes the security content of iOS 14.2 and iPadOS 14.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 14.2 and iPadOS 14.2\n\nReleased November 5, 2020\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab\n\n**CallKit**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A user may answer two calls simultaneously without indication they have answered a second call\n\nDescription: An issue existed in the handling of incoming calls. The issue was addressed with additional state checks.\n\nCVE-2020-27925: Nick Tangri\n\n**CoreAudio**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab\n\n**CoreAudio**\n\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27908: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab\n\nEntry updated March 16, 2021\n\n**CoreGraphics**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted PDF may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-9897: S.Y. of ZecOps Mobile XDR, an anonymous researcher\n\nEntry added October 25, 2021\n\n**CoreText**\n\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-27922: Mickey Jin of Trend Micro\n\nEntry added March 16, 2021\n\n**Crash Reporter**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan\n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27930: Google Project Zero\n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab\n\n**Foundation**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10002: James Hutchins\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27924: Lei Sun\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27923: Lei Sun\n\nEntry updated March 16, 2021\n\n**IOAcceleratorFamily**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-27905: Mohamed Ghannam (@_simo36)\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2020-27950: Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9974: Tommy Muir (@Muirey03)\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-10016: Alex Helie\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2020-27932: Google Project Zero\n\n**Keyboard**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A person with physical access to an iOS device may be able to access stored passwords without authentication\n\nDescription: An authentication issue was addressed with improved state management.\n\nCVE-2020-27902: Connor Ford (@connorford2)\n\n**libxml2**\n\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27917: found by OSS-Fuzz\n\nCVE-2020-27920: found by OSS-Fuzz\n\nEntry updated March 16, 2021\n\n**libxml2**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-27911: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27926: found by OSS-Fuzz\n\n**Logging**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-10010: Tommy Muir (@Muirey03)\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10004: Aleksandar Nikolic of Cisco Talos\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-13524: Aleksandar Nikolic of Cisco Talos\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-10011: Aleksandar Nikolic of Cisco Talos\n\n**Symptom Framework**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27899: 08Tc3wBB working with ZecOps\n\nEntry added December 15, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27918: Liu Long of Ant Security Light-Year Lab\n\nEntry updated March 16, 2021\n\n**XNU**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-27935: Lior Halphon (@LIJI32)\n\nEntry added December 15, 2020\n\n\n\n## Additional recognition\n\n**NetworkExtension**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added December 15, 2020\n\n**Safari**\n\nWe would like to acknowledge Gabriel Corona for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 26, 2021\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-05T00:00:00", "type": "apple", "title": "About the security content of iOS 14.2 and iPadOS 14.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10002", "CVE-2020-10003", "CVE-2020-10004", "CVE-2020-10010", "CVE-2020-10011", "CVE-2020-10016", "CVE-2020-10017", "CVE-2020-13524", "CVE-2020-27899", "CVE-2020-27902", "CVE-2020-27905", "CVE-2020-27908", "CVE-2020-27909", "CVE-2020-27910", "CVE-2020-27911", "CVE-2020-27912", "CVE-2020-27916", "CVE-2020-27917", "CVE-2020-27918", "CVE-2020-27920", "CVE-2020-27922", "CVE-2020-27923", "CVE-2020-27924", "CVE-2020-27925", "CVE-2020-27926", "CVE-2020-27927", "CVE-2020-27930", "CVE-2020-27932", "CVE-2020-27935", "CVE-2020-27950", "CVE-2020-9897", "CVE-2020-9974"], "modified": "2020-11-05T00:00:00", "id": "APPLE:CD0AC1EBDB43CD4B1114F86ED71FAC48", "href": "https://support.apple.com/kb/HT211929", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:49", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 14.2 and iPadOS 14.2\n\nReleased November 5, 2020\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab\n\n**CallKit**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A user may answer two calls simultaneously without indication they have answered a second call\n\nDescription: An issue existed in the handling of incoming calls. The issue was addressed with additional state checks.\n\nCVE-2020-27925: Nick Tangri\n\n**CoreAudio**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab\n\n**CoreAudio**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**Crash Reporter**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan\n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27930: Google Project Zero\n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab\n\n**Foundation**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10002: James Hutchins\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\n**IOAcceleratorFamily**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-27905: Mohamed Ghannam (@_simo36)\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2020-27950: Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9974: Tommy Muir (@Muirey03)\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-10016: Alex Helie\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2020-27932: Google Project Zero\n\n**Keyboard**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A person with physical access to an iOS device may be able to access stored passwords without authentication\n\nDescription: An authentication issue was addressed with improved state management.\n\nCVE-2020-27902: Connor Ford (@connorford2)\n\n**libxml2**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27917: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-27911: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27926: found by OSS-Fuzz\n\n**Logging**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-10010: Tommy Muir (@Muirey03)\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10004: Aleksandar Nikolic of Cisco Talos\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-13524: Aleksandar Nikolic of Cisco Talos\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-10011: Aleksandar Nikolic of Cisco Talos\n\n**Symptom Framework**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27899: 08Tc3wBB working with ZecOps\n\nEntry added December 15, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27918: an anonymous researcher\n\n**XNU**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-27935: Lior Halphon (@LIJI32)\n\nEntry added December 15, 2020\n\n\n\n## Additional recognition\n\n**NetworkExtension**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added December 15, 2020\n\n**Safari**\n\nWe would like to acknowledge Gabriel Corona for their assistance.\n", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T06:00:53", "title": "About the security content of iOS 14.2 and iPadOS 14.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27926", "CVE-2020-27950", "CVE-2020-9974", "CVE-2020-27918", "CVE-2020-10004", "CVE-2020-27935", "CVE-2020-27912", "CVE-2020-10010", "CVE-2020-27909", "CVE-2020-27927", "CVE-2020-10002", "CVE-2020-27925", "CVE-2020-10016", "CVE-2020-10003", "CVE-2020-10011", "CVE-2020-27911", "CVE-2020-27905", "CVE-2020-13524", "CVE-2020-27910", "CVE-2020-27917", "CVE-2020-10017", "CVE-2020-27930", "CVE-2020-27902", "CVE-2020-27932", "CVE-2020-27916", "CVE-2020-27899"], "modified": "2020-12-15T06:00:53", "id": "APPLE:HT211929", "href": "https://support.apple.com/kb/HT211929", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-30T14:53:24", "description": "# About the security content of watchOS 7.0\n\nThis document describes the security content of watchOS 7.0.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 7.0\n\nReleased September 16, 2020\n\n**Audio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**Audio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreAudio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9960: JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added March 16, 2021\n\n**CoreAudio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Playing a malicious audio file may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreCapture**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9949: Proteas\n\nEntry added November 12, 2020\n\n**CoreText**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9999: Apple\n\nEntry added December 15, 2020\n\n**Disk Images**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9965: Proteas\n\nCVE-2020-9966: Proteas\n\nEntry added November 12, 2020\n\n**FontParser**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29629: an anonymous researcher\n\nEntry added January 19, 2022\n\n**FontParser**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added March 16, 2021\n\n**FontParser**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2020-9962: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nEntry added March 16, 2021\n\n**FontParser**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.\n\nCVE-2020-27931: Apple\n\nEntry added March 16, 2021\n\n**FontParser**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-29639: Mickey Jin &amp; Qi Sun of Trend Micro working with Trend Micro's Zero Day Initiative\n\nEntry added July 21, 2021\n\n**HomeKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An attacker in a privileged network position may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved setting propagation.\n\nCVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-36521: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added May 25, 2022\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added November 12, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added November 12, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added December 15, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2020-9967: Alex Plaskett (@alexjplaskett)\n\nEntry added March 16, 2021\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9975: Tielei Wang of Pangu Lab\n\nEntry added March 16, 2021\n\n**Keyboard**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany\n\n**libxml2**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9981: found by OSS-Fuzz\n\nEntry added November 12, 2020\n\n**libxpc**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nEntry added December 15, 2020\n\n**Mail**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9941: Fabian Ising of FH M\u00fcnster University of Applied Sciences and Damian Poddebniak of FH M\u00fcnster University of Applied Sciences\n\nEntry added November 12, 2020\n\n**Messages**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local user may be able to discover a user\u2019s deleted messages\n\nDescription: The issue was addressed with improved deletion.\n\nCVE-2020-9989: von Brunn Media\n\nEntry added November 12, 2020\n\n**Phone**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: The screen lock may not engage after the specified time period\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9946: Daniel Larsson of iolight AB\n\n**Safari**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba, Piotr Duszynski\n\nEntry added November 12, 2020\n\n**Sandbox**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local user may be able to view senstive user information\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2020-9969: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nEntry added November 12, 2020\n\n**Sandbox**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec\n\nEntry updated September 17, 2020\n\n**SQLite**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13434\n\nCVE-2020-13435\n\nCVE-2020-9991\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating SQLite to version 3.32.3.\n\nCVE-2020-15358\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9849\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A maliciously crafted SQL query may lead to data corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13631\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-13630\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9950: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9983: zhunki\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9952: Ryan Pickren (ryanpickren.com)\n\n\n\n## Additional recognition\n\n**Audio**\n\nWe would like to acknowledge JunDong Xie and Xingwei Lin of Ant-Financial Light-Year Security Lab for their assistance.\n\nEntry added March 16, 2021\n\n**Audio**\n\nWe would like to acknowledge JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab for their assistance.\n\nEntry added November 12, 2020\n\n**Bluetooth**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**Clang**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\nEntry added November 12, 2020\n\n**Core Location**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**Crash Reporter**\n\nWe would like to acknowledge Artur Byszko of AFINE for their assistance.\n\nEntry added December 15, 2020\n\n**iAP**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\nEntry added November 12, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero, Stephen R\u00f6ttger of Google for their assistance.\n\nEntry updated November 12, 2020\n\n**libxml2**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added March 16, 2021\n\n**Location Framework**\n\nWe would like to acknowledge Nicolas Brunner (linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.\n\nEntry updated October 19, 2020\n\n**Mail Drafts**\n\nWe would like to acknowledge Jon Bottarini of HackerOne for their assistance.\n\nEntry added November 12, 2020\n\n**Safari**\n\nWe would like to acknowledge Andreas Gutmann (@KryptoAndI) of OneSpan's Innovation Centre (onespan.com) and University College London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre (onespan.com) and University College London, Jack Cable of Lightning Security, Ryan Pickren (ryanpickren.com), Yair Amit for their assistance.\n\nEntry added October 19, 2020, updated November 12, 2020\n\n**WebKit**\n\nWe would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added November 12, 2020\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: May 25, 2022\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-09-16T00:00:00", "type": "apple", "title": "About the security content of watchOS 7.0", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-15358", "CVE-2020-27931", "CVE-2020-29629", "CVE-2020-29639", "CVE-2020-36521", "CVE-2020-9849", "CVE-2020-9876", "CVE-2020-9941", "CVE-2020-9943", "CVE-2020-9944", "CVE-2020-9946", "CVE-2020-9947", "CVE-2020-9949", "CVE-2020-9950", "CVE-2020-9951", "CVE-2020-9952", "CVE-2020-9954", "CVE-2020-9955", "CVE-2020-9956", "CVE-2020-9960", "CVE-2020-9961", "CVE-2020-9962", "CVE-2020-9965", "CVE-2020-9966", "CVE-2020-9967", "CVE-2020-9968", "CVE-2020-9969", "CVE-2020-9971", "CVE-2020-9975", "CVE-2020-9976", "CVE-2020-9978", "CVE-2020-9981", "CVE-2020-9983", "CVE-2020-9989", "CVE-2020-9991", "CVE-2020-9993", "CVE-2020-9999"], "modified": "2020-09-16T00:00:00", "id": "APPLE:914AF8F52D4AB5DC92631271089CEE87", "href": "https://support.apple.com/kb/HT211844", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-25T20:57:03", "description": "# About the security content of tvOS 14.0\n\nThis document describes the security content of tvOS 14.0.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## tvOS 14.0\n\nReleased September 16, 2020\n\n**Assets**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker may be able to misuse a trust relationship to download malicious content\n\nDescription: A trust issue was addressed by removing a legacy API.\n\nCVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup\n\nEntry updated November 12, 2020\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreAudio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9960: JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added March 16, 2021\n\n**CoreAudio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Playing a malicious audio file may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreCapture**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9949: Proteas\n\nEntry added November 12, 2020\n\n**CoreText**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9999: Apple\n\nEntry added December 15, 2020\n\n**Disk Images**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9965: Proteas\n\nCVE-2020-9966: Proteas\n\nEntry added November 12, 2020\n\n**FontParser**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29629: an anonymous researcher\n\nEntry added January 19, 2022\n\n**FontParser**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added March 16, 2021\n\n**FontParser**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2020-9962: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nEntry added March 16, 2021\n\n**FontParser**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.\n\nCVE-2020-27931: Apple\n\nEntry added March 16, 2021\n\n**FontParser**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking. \n\nCVE-2020-29639: Mickey Jin &amp; Qi Sun of Trend Micro working with Trend Micro's Zero Day Initiative\n\nEntry added July 21, 2021\n\n**HomeKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker in a privileged network position may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved setting propagation.\n\nCVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-36521: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added May 25, 2022\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added November 12, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added December 15, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added November 12, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2020-9967: Alex Plaskett (@alexjplaskett)\n\nEntry added March 16, 2021\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9975: Tielei Wang of Pangu Lab\n\nEntry added March 16, 2021\n\n**Keyboard**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany\n\n**libxml2**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9981: found by OSS-Fuzz\n\nEntry added November 12, 2020\n\n**libxpc**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nEntry added December 15, 2020\n\n**Sandbox**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local user may be able to view senstive user information\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2020-9969: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nEntry added November 12, 2020\n\n**Sandbox**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec\n\nEntry updated September 17, 2020\n\n**SQLite**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13434\n\nCVE-2020-13435\n\nCVE-2020-9991\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating SQLite to version 3.32.3.\n\nCVE-2020-15358\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A maliciously crafted SQL query may lead to data corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13631\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9849\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-13630\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9950: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9983: zhunki\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9952: Ryan Pickren (ryanpickren.com)\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10013: Yu Wang of Didi Research America\n\nEntry added November 12, 2020\n\n\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance.\n\nEntry added December 15, 2020\n\n**Audio**\n\nWe would like to acknowledge JunDong Xie and Xingwei Lin of Ant-Financial Light-Year Security Lab for their assistance.\n\nEntry added March 16, 2021\n\n**Audio**\n\nWe would like to acknowledge JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab for their assistance.\n\nEntry added November 12, 2020\n\n**Bluetooth**\n\nWe would like to acknowledge Andy Davis of NCC Group and Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.\n\n**Clang**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\nEntry added November 12, 2020\n\n**Core Location**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**Crash Reporter**\n\nWe would like to acknowledge Artur Byszko of AFINE for their assistance.\n\nEntry added December 15, 2020\n\n**iAP**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero, Stephen R\u00f6ttger of Google for their assistance.\n\nEntry updated November 12, 2020\n\n**libxml2**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added March 16, 2021\n\n**Location Framework**\n\nWe would like to acknowledge Nicolas Brunner (linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.\n\nEntry updated October 19, 2020\n\n**Safari**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added November 12, 2020\n\n**WebKit**\n\nWe would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab, Maximilian Blochberger of the Security in Distributed Systems Group of University of Hamburg for their assistance.\n\nEntry added November 12, 2020, updated May 25, 2022 \n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: May 25, 2022\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-09-16T00:00:00", "type": "apple", "title": "About the security content of tvOS 14.0", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10013", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-15358", "CVE-2020-27931", "CVE-2020-29629", "CVE-2020-29639", "CVE-2020-36521", "CVE-2020-9849", "CVE-2020-9876", "CVE-2020-9943", "CVE-2020-9944", "CVE-2020-9947", "CVE-2020-9949", "CVE-2020-9950", "CVE-2020-9951", "CVE-2020-9952", "CVE-2020-9954", "CVE-2020-9955", "CVE-2020-9956", "CVE-2020-9960", "CVE-2020-9961", "CVE-2020-9962", "CVE-2020-9965", "CVE-2020-9966", "CVE-2020-9967", "CVE-2020-9968", "CVE-2020-9969", "CVE-2020-9971", "CVE-2020-9975", "CVE-2020-9976", "CVE-2020-9978", "CVE-2020-9979", "CVE-2020-9981", "CVE-2020-9983", "CVE-2020-9991", "CVE-2020-9999"], "modified": "2020-09-16T00:00:00", "id": "APPLE:BF1622028DAB7FB7B0D91852357DB961", "href": "https://support.apple.com/kb/HT211843", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:55", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 7.0\n\nReleased September 16, 2020\n\n**Audio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**Audio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreAudio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Playing a malicious audio file may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreCapture**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9949: Proteas\n\nEntry added November 12, 2020\n\n**CoreText**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9999: Apple\n\nEntry added December 15, 2020\n\n**Disk Images**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9965: Proteas\n\nCVE-2020-9966: Proteas\n\nEntry added November 12, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added November 12, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added November 12, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added December 15, 2020\n\n**Keyboard**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany\n\n**libxml2**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9981: found by OSS-Fuzz\n\nEntry added November 12, 2020\n\n**libxpc**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nEntry added December 15, 2020\n\n**Mail**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9941: Fabian Ising of FH M\u00fcnster University of Applied Sciences and Damian Poddebniak of FH M\u00fcnster University of Applied Sciences\n\nEntry added November 12, 2020\n\n**Messages**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local user may be able to discover a user\u2019s deleted messages\n\nDescription: The issue was addressed with improved deletion.\n\nCVE-2020-9989: von Brunn Media\n\nEntry added November 12, 2020\n\n**Phone**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: The screen lock may not engage after the specified time period\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9946: Daniel Larsson of iolight AB\n\n**Safari**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba, Piotr Duszynski\n\nEntry added November 12, 2020\n\n**Sandbox**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local user may be able to view senstive user information\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2020-9969: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nEntry added November 12, 2020\n\n**Sandbox**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec\n\nEntry updated September 17, 2020\n\n**SQLite**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13434\n\nCVE-2020-13435\n\nCVE-2020-9991\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating SQLite to version 3.32.3.\n\nCVE-2020-15358\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9849\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A maliciously crafted SQL query may lead to data corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13631\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-13630\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9950: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9983: zhunki\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9952: Ryan Pickren (ryanpickren.com)\n\n\n\n## Additional recognition\n\n**Audio**\n\nWe would like to acknowledge JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added November 12, 2020\n\n**Bluetooth**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**Clang**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\nEntry added November 12, 2020\n\n**Core Location**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**Crash Reporter**\n\nWe would like to acknowledge Artur Byszko of AFINE for their assistance.\n\nEntry added December 15, 2020\n\n**iAP**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\nEntry added November 12, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero, Stephen R\u00f6ttger of Google for their assistance.\n\nEntry updated November 12, 2020\n\n**Location Framework**\n\nWe would like to acknowledge Nicolas Brunner (linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.\n\nEntry updated October 19, 2020\n\n**Mail Drafts**\n\nWe would like to acknowledge Jon Bottarini of HackerOne for their assistance.\n\nEntry added November 12, 2020\n\n**Safari**\n\nWe would like to acknowledge Andreas Gutmann (@KryptoAndI) of OneSpan's Innovation Centre (onespan.com) and University College London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre (onespan.com) and University College London, Jack Cable of Lightning Security, Ryan Pickren (ryanpickren.com), Yair Amit for their assistance.\n\nEntry added October 19, 2020, updated November 12, 2020\n\n**WebKit**\n\nWe would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added November 12, 2020\n", "edition": 10, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T05:33:40", "title": "About the security content of watchOS 7.0 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9954", "CVE-2020-13434", "CVE-2020-9991", "CVE-2020-9951", "CVE-2020-9968", "CVE-2020-9965", "CVE-2020-9981", "CVE-2020-9952", "CVE-2020-9950", "CVE-2020-9983", "CVE-2020-9946", "CVE-2020-9976", "CVE-2020-9961", "CVE-2020-9876", "CVE-2020-9969", "CVE-2020-9943", "CVE-2020-9999", "CVE-2020-13631", "CVE-2020-9955", "CVE-2020-9989", "CVE-2020-9949", "CVE-2020-9941", "CVE-2020-9849", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-9947", "CVE-2020-9944", "CVE-2020-15358", "CVE-2020-9971", "CVE-2020-9993", "CVE-2020-9966"], "modified": "2020-12-15T05:33:40", "id": "APPLE:HT211844", "href": "https://support.apple.com/kb/HT211844", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:41", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iCloud for Windows 11.5\n\nReleased December 2, 2020\n\n**CoreText**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9999: Apple\n\nEntry added December 15, 2020\n\n**Foundation**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10002: James Hutchins\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**libxml2**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27917: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-27911: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9981: found by OSS-Fuzz\n\n**SQLite**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13434\n\nCVE-2020-13435\n\n**SQLite**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-13630\n\n**SQLite**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9849\n\n**SQLite**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A maliciously crafted SQL query may lead to data corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13631\n\n**WebKit**\n\nAvailable for: \n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos\n\nCVE-2020-27918: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9983: zhunki\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27918: an anonymous researcher\n\nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos\n\n\n\n## Additional recognition\n\n**Safari**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.\n", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T06:06:19", "title": "About the security content of iCloud for Windows 11.5 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27918", "CVE-2020-13434", "CVE-2020-9951", "CVE-2020-9981", "CVE-2020-27912", "CVE-2020-9983", "CVE-2020-9961", "CVE-2020-9876", "CVE-2020-9999", "CVE-2020-13631", "CVE-2020-10002", "CVE-2020-9849", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-9947", "CVE-2020-27911", "CVE-2020-27917"], "modified": "2020-12-15T06:06:19", "id": "APPLE:HT211935", "href": "https://support.apple.com/kb/HT211935", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-22T14:49:09", "description": "# About the security content of iCloud for Windows 11.5\n\nThis document describes the security content of iCloud for Windows 11.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iCloud for Windows 11.5\n\nReleased December 2, 2020\n\n**CoreText**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9999: Apple\n\nEntry added December 15, 2020\n\n**Foundation**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10002: James Hutchins\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**libxml2**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27917: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-27911: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9981: found by OSS-Fuzz\n\n**SQLite**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13434\n\nCVE-2020-13435\n\n**SQLite**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-13630\n\n**SQLite**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9849\n\n**SQLite**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A maliciously crafted SQL query may lead to data corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13631\n\n**WebKit**\n\nAvailable for: \n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos\n\nCVE-2020-27918: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9983: zhunki\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27918: an anonymous researcher\n\nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos\n\n\n\n## Additional recognition\n\n**Safari**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: December 15, 2020\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-02T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 11.5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10002", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-27911", "CVE-2020-27912", "CVE-2020-27917", "CVE-2020-27918", "CVE-2020-9849", "CVE-2020-9876", "CVE-2020-9947", "CVE-2020-9951", "CVE-2020-9961", "CVE-2020-9981", "CVE-2020-9983", "CVE-2020-9999"], "modified": "2020-12-02T00:00:00", "id": "APPLE:4CDA87B47F793E07ABCA7B9C9345521B", "href": "https://support.apple.com/kb/HT211935", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:58", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## tvOS 14.0\n\nReleased September 16, 2020\n\n**Assets**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker may be able to misuse a trust relationship to download malicious content\n\nDescription: A trust issue was addressed by removing a legacy API.\n\nCVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup\n\nEntry updated November 12, 2020\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreAudio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Playing a malicious audio file may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreCapture**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9949: Proteas\n\nEntry added November 12, 2020\n\n**CoreText**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9999: Apple\n\nEntry added December 15, 2020\n\n**Disk Images**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9965: Proteas\n\nCVE-2020-9966: Proteas\n\nEntry added November 12, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added November 12, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added December 15, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added November 12, 2020\n\n**Keyboard**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany\n\n**libxml2**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9981: found by OSS-Fuzz\n\nEntry added November 12, 2020\n\n**libxpc**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nEntry added December 15, 2020\n\n**Sandbox**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local user may be able to view senstive user information\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2020-9969: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nEntry added November 12, 2020\n\n**Sandbox**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec\n\nEntry updated September 17, 2020\n\n**SQLite**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13434\n\nCVE-2020-13435\n\nCVE-2020-9991\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating SQLite to version 3.32.3.\n\nCVE-2020-15358\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A maliciously crafted SQL query may lead to data corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13631\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9849\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-13630\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9950: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9983: zhunki\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9952: Ryan Pickren (ryanpickren.com)\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10013: Yu Wang of Didi Research America\n\nEntry added November 12, 2020\n\n\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance.\n\nEntry added December 15, 2020\n\n**Audio**\n\nWe would like to acknowledge JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added November 12, 2020\n\n**Bluetooth**\n\nWe would like to acknowledge Andy Davis of NCC Group and Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.\n\n**Clang**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\nEntry added November 12, 2020\n\n**Core Location**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**Crash Reporter**\n\nWe would like to acknowledge Artur Byszko of AFINE for their assistance.\n\nEntry added December 15, 2020\n\n**iAP**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero, Stephen R\u00f6ttger of Google for their assistance.\n\nEntry updated November 12, 2020\n\n**Location Framework**\n\nWe would like to acknowledge Nicolas Brunner (linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.\n\nEntry updated October 19, 2020\n\n**Safari**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added November 12, 2020\n\n**WebKit**\n\nWe would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.\n\nEntry added November 12, 2020\n", "edition": 9, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T05:52:05", "title": "About the security content of tvOS 14.0 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9954", "CVE-2020-13434", "CVE-2020-9991", "CVE-2020-9951", "CVE-2020-9968", "CVE-2020-10013", "CVE-2020-9965", "CVE-2020-9981", "CVE-2020-9952", "CVE-2020-9950", "CVE-2020-9983", "CVE-2020-9976", "CVE-2020-9961", "CVE-2020-9876", "CVE-2020-9969", "CVE-2020-9943", "CVE-2020-9979", "CVE-2020-9999", "CVE-2020-13631", "CVE-2020-9955", "CVE-2020-9949", "CVE-2020-9849", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-9947", "CVE-2020-9944", "CVE-2020-15358", "CVE-2020-9971", "CVE-2020-9966"], "modified": "2020-12-15T05:52:05", "id": "APPLE:HT211843", "href": "https://support.apple.com/kb/HT211843", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-25T20:57:06", "description": "# About the security content of iOS 14.0 and iPadOS 14.0\n\nThis document describes the security content of iOS 14.0 and iPadOS 14.0.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 14.0 and iPadOS 14.0\n\nReleased September 16, 2020\n\n**AppleAVD**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to cause unexpected system termination or write kernel memory\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9958: Mohamed Ghannam (@_simo36)\n\n**Assets**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker may be able to misuse a trust relationship to download malicious content\n\nDescription: A trust issue was addressed by removing a legacy API.\n\nCVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup\n\nEntry updated November 12, 2020\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreAudio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9960: JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 25, 2021\n\n**CoreAudio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Playing a malicious audio file may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreCapture**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9949: Proteas\n\nEntry added November 12, 2020\n\n**CoreText**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9999: Apple\n\nEntry added December 15, 2020\n\n**Disk Images**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9965: Proteas\n\nCVE-2020-9966: Proteas\n\nEntry added November 12, 2020\n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29629: an anonymous researcher\n\nEntry added January 19, 2022\n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added February 25, 2021\n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2020-9962: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nEntry added February 25, 2021\n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.\n\nCVE-2020-27931: Apple\n\nEntry added February 25, 2021\n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29639: Mickey Jin &amp; Qi Sun of Trend Micro\n\nEntry added February 25, 2021\n\n**HomeKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged network position may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved setting propagation.\n\nCVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology\n\nEntry added February 25, 2021\n\n**Icons**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to identify what other applications a user has installed\n\nDescription: The issue was addressed with improved handling of icon caches.\n\nCVE-2020-9773: Chilik Tamir of Zimperium zLabs\n\n**IDE Device Support**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network\n\nDescription: This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7.\n\nCVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen of Zimperium zLabs\n\nEntry updated September 17, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-36521: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added May 25, 2022\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added December 15, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added November 12, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added November 12, 2020\n\n**IOSurfaceAccelerator**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local user may be able to read kernel memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2020-9967: Alex Plaskett (@alexjplaskett)\n\nEntry added February 25, 2021\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9975: Tielei Wang of Pangu Lab\n\nEntry added February 25, 2021\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\nEntry added November 12, 2020\n\n**Keyboard**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany\n\n**libxml2**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9981: found by OSS-Fuzz\n\nEntry added November 12, 2020\n\n**libxpc**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nEntry added December 15, 2020\n\n**Mail**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9941: Fabian Ising of FH M\u00fcnster University of Applied Sciences and Damian Poddebniak of FH M\u00fcnster University of Applied Sciences\n\nEntry added November 12, 2020\n\n**Messages**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local user may be able to discover a user\u2019s deleted messages\n\nDescription: The issue was addressed with improved deletion.\n\nCVE-2020-9988: William Breuer of the Netherlands\n\nCVE-2020-9989: von Brunn Media\n\nEntry added November 12, 2020\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-13520: Aleksandar Nikolic of Cisco Talos\n\nEntry added November 12, 2020\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-6147: Aleksandar Nikolic of Cisco Talos\n\nCVE-2020-9972: Aleksandar Nikolic of Cisco Talos\n\nEntry added November 12, 2020\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9973: Aleksandar Nikolic of Cisco Talos\n\n**NetworkExtension**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro\n\nEntry added November 12, 2020\n\n**Phone**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: The screen lock may not engage after the specified time period\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9946: Daniel Larsson of iolight AB\n\n**Quick Look**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious app may be able to determine the existence of files on the computer\n\nDescription: The issue was addressed with improved handling of icon caches.\n\nCVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added November 12, 2020\n\n**Safari**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to determine a user's open tabs in Safari\n\nDescription: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.\n\nCVE-2020-9977: Josh Parnham (@joshparnham)\n\nEntry added November 12, 2020\n\n**Safari**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba, Piotr Duszynski\n\nEntry added November 12, 2020 \n\n\n**Sandbox**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local user may be able to view senstive user information\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2020-9969: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nEntry added November 12, 2020\n\n**Sandbox**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec\n\nEntry updated September 17, 2020\n\n**Siri**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen\n\nDescription: A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management.\n\nCVE-2020-9959: an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, Andrew Goldberg The University of Texas at Austin, McCombs School of Business, Meli\u0307h Kerem G\u00fcne\u015f of Li\u0307v College, Sinan Gulguler\n\nEntry updated December 15, 2020\n\n**SQLite**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13434\n\nCVE-2020-13435\n\nCVE-2020-9991\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9849\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating SQLite to version 3.32.3.\n\nCVE-2020-15358\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A maliciously crafted SQL query may lead to data corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13631\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-13630\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9950: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9983: zhunki\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9952: Ryan Pickren (ryanpickren.com)\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10013: Yu Wang of Didi Research America\n\nEntry added November 12, 2020\n\n\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance.\n\nEntry added December 15, 2020\n\n**App Store**\n\nWe would like to acknowledge Giyas Umarov of Holmdel High School for their assistance.\n\n**Audio**\n\nWe would like to acknowledge JunDong Xie and Xingwei Lin of Ant-Financial Light-Year Security Lab for their assistance.\n\nEntry added November 12, 2020\n\n**Bluetooth**\n\nWe would like to acknowledge Andy Davis of NCC Group and Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.\n\n**CallKit**\n\nWe would like to acknowledge Federico Zanetello for their assistance.\n\n**CarPlay**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**Clang**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\nEntry added November 12, 2020\n\n**Core Location**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**Crash Reporter**\n\nWe would like to acknowledge Artur Byszko of AFINE for their assistance.\n\nEntry added December 15, 2020\n\n**debugserver**\n\nWe would like to acknowledge Linus Henze (pinauten.de) for their assistance.\n\n**FaceTime**\n\nWe would like to acknowledge Federico Zanetello for their assistance.\n\nEntry added February 25, 2021\n\n**iAP**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**iBoot**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero, Stephen R\u00f6ttger of Google for their assistance.\n\nEntry updated November 12, 2020\n\n**libarchive**\n\n****We would like to acknowledge Dzmitry Plotnikau and an anonymous researcher for their assistance.\n\n**libxml2**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added February 25, 2021\n\n**lldb**\n\nWe would like to acknowledge Linus Henze (pinauten.de) for their assistance.\n\nEntry added November 12, 2020\n\n**Location Framework**\n\nWe would like to acknowledge Nicolas Brunner (linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.\n\nEntry updated October 19, 2020\n\n**Mail**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added November 12, 2020\n\n**Mail Drafts**\n\nWe would like to acknowledge Jon Bottarini of HackerOne for their assistance.\n\nEntry added November 12, 2020\n\n**Maps**\n\nWe would like to acknowledge Matthew Dolan of Amazon Alexa for their assistance.\n\n**NetworkExtension**\n\nWe would like to acknowledge Thijs Alkemade of Computest and \u2018Qubo Song\u2019 of \u2018Symantec, a division of Broadcom\u2019 for their assistance.\n\n**Phone Keypad**\n\nWe would like to acknowledge Hasan Fahrettin Kaya of Akdeniz University Faculty of Tourism, an anonymous researcher for their assistance.\n\nEntry added November 12, 2020, updated December 15, 2020\n\n**Safari**\n\nWe would like to acknowledge Andreas Gutmann (@KryptoAndI) of OneSpan's Innovation Centre (onespan.com) and University College London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre (onespan.com) and University College London, Jack Cable of Lightning Security, Ryan Pickren (ryanpickren.com), Yair Amit for their assistance.\n\nEntry added November 12, 2020\n\n**Safari Reader**\n\nWe would like to acknowledge Zhiyang Zeng (@Wester) of OPPO ZIWU Security Lab for their assistance.\n\nEntry added November 12, 2020\n\n**Security**\n\nWe would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance.\n\nEntry added November 12, 2020\n\n**Status Bar**\n\nWe would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and an anonymous researcher for their assistance.\n\n**Telephony**\n\nWe would like to acknowledge Onur Can B\u0131kmaz, Vodafone Turkey @canbkmaz, Yi\u011fit Can YILMAZ (@yilmazcanyigit), an anonymous researcher for their assistance.\n\nEntry updated November 12, 2020\n\n**UIKit**\n\nWe would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt, and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk Inc for their assistance.\n\n**Web App**\n\nWe would like to acknowledge Augusto Alvarez of Outcourse Limited for their assistance.\n\nEntry added February 25, 2021\n\n**Web App**\n\nWe would like to acknowledge Augusto Alvarez of Outcourse Limited for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab, and Maximilian Blochberger of the Security in Distributed Systems Group of University of Hamburg for their assistance.\n\nEntry added November 12, 2020, updated May 25, 2022 \n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: May 25, 2022\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-09-16T00:00:00", "type": "apple", "title": "About the security content of iOS 14.0 and iPadOS 14.0", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14899", "CVE-2020-10013", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13520", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-15358", "CVE-2020-27931", "CVE-2020-29629", "CVE-2020-29639", "CVE-2020-36521", "CVE-2020-6147", "CVE-2020-9773", "CVE-2020-9849", "CVE-2020-9876", "CVE-2020-9941", "CVE-2020-9943", "CVE-2020-9944", "CVE-2020-9946", "CVE-2020-9947", "CVE-2020-9949", "CVE-2020-9950", "CVE-2020-9951", "CVE-2020-9952", "CVE-2020-9954", "CVE-2020-9955", "CVE-2020-9956", "CVE-2020-9958", "CVE-2020-9959", "CVE-2020-9960", "CVE-2020-9961", "CVE-2020-9962", "CVE-2020-9963", "CVE-2020-9964", "CVE-2020-9965", "CVE-2020-9966", "CVE-2020-9967", "CVE-2020-9968", "CVE-2020-9969", "CVE-2020-9971", "CVE-2020-9972", "CVE-2020-9973", "CVE-2020-9975", "CVE-2020-9976", "CVE-2020-9977", "CVE-2020-9978", "CVE-2020-9979", "CVE-2020-9981", "CVE-2020-9983", "CVE-2020-9988", "CVE-2020-9989", "CVE-2020-9991", "CVE-2020-9992", "CVE-2020-9993", "CVE-2020-9996", "CVE-2020-9999"], "modified": "2020-09-16T00:00:00", "id": "APPLE:47A6F4E1660238E39625B31A34F6CDF1", "href": "https://support.apple.com/kb/HT211850", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-02T04:45:01", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave\n\nReleased December 14, 2020\n\n**AMD**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27914: Yu Wang of Didi Research America\n\nCVE-2020-27915: Yu Wang of Didi Research America\n\n**AMD**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2020-27936: Yu Wang of Didi Research America\n\nEntry added February 1, 2021\n\n**App Store**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**AppleGraphicsControl**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A validation issue was addressed with improved logic.\n\nCVE-2020-27941: shrek_wzw\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-29621: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**Audio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9943: JunDong Xie of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9944: JunDong Xie of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab\n\n**Bluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to cause unexpected application termination or heap corruption\n\nDescription: Multiple integer overflows were addressed with improved input validation.\n\nCVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab\n\n**CoreAudio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab\n\n**CoreAudio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**CoreAudio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab\n\n**CoreText**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-27922: Mickey Jin of Trend Micro\n\n**CUPS**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An input validation issue was addressed with improved memory handling.\n\nCVE-2020-10001: Niky &lt;kittymore83@gmail.com&gt; of China Mobile\n\nEntry added February 1, 2021\n\n**FontParser**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-27946: Mateusz Jurczyk of Google Project Zero\n\n**FontParser**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2020-9962: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\n**FontParser**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro\n\n**FontParser**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro\u2019s Zero Day Initiative\n\n**FontParser**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.\n\nCVE-2020-27931: Apple\n\nCVE-2020-27943: Mateusz Jurczyk of Google Project Zero\n\nCVE-2020-27944: Mateusz Jurczyk of Google Project Zero\n\nCVE-2020-29624: Mateusz Jurczyk of Google Project Zero\n\nEntry updated December 22, 2020\n\n**FontParser**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**Foundation**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10002: James Hutchins\n\n**Graphics Drivers**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27947: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\n**Graphics Drivers**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-29612: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\n**HomeKit**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An attacker in a privileged network position may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved setting propagation.\n\nCVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology\n\n**ImageIO**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-27939: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-29625: XingWei Lin of Ant Security Light-Year Lab\n\nEntry added December 22, 2020, updated February 1, 2021\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29615: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-29616: zhouat working with Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27924: Lei Sun\n\nCVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-29611: Alexandru-Vlad Niculae working with Google Project Zero\n\nEntry updated December 17, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to heap corruption\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab\n\nCVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27923: Lei Sun\n\n**Image Processing**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nCVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9974: Tommy Muir (@Muirey03)\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-10016: Alex Helie\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2020-9967: Alex Plaskett (@alexjplaskett)\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9975: Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-27921: Linus Henze (pinauten.de)\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace\n\nDescription: This issue was addressed with improved checks to prevent unauthorized actions.\n\nCVE-2020-27949: Steffen Klee (@_kleest) of TU Darmstadt, Secure Mobile Networking Lab\n\n**Kernel**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2020-29620: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**libxml2**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-27911: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27920: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27926: found by OSS-Fuzz\n\n**libxpc**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A parsing issue in the handling of directory paths was addressed with improved path validation.\n\nCVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Logging**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-10010: Tommy Muir (@Muirey03)\n\n**Login Window**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: An attacker in a privileged network position may be able to bypass authentication policy\n\nDescription: An authentication issue was addressed with improved state management.\n\nCVE-2020-29633: Jewel Lambert of Original Spin, LLC.\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted file may lead to heap corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-29614: ZhiWei Sun(@5n1p3r0010) from Topsec Alpha Lab\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-13520: Aleksandar Nikolic of Cisco Talos\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9972: Aleksandar Nikolic of Cisco Talos\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-13524: Aleksandar Nikolic of Cisco Talos\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10004: Aleksandar Nikolic of Cisco Talos\n\n**NSRemoteView**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-27901: Thijs Alkemade of Computest Research Division\n\n**Power Management**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan\n\nEntry added February 1, 2021\n\n**Power Management**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative\n\n**Quick Look**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted document may lead to a cross site scripting attack\n\nDescription: An access issue was addressed with improved access restrictions.\n\nCVE-2020-10012: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)\n\n**Ruby**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to modify the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-27896: an anonymous researcher\n\n**System Preferences**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10009: Thijs Alkemade of Computest Research Division\n\n**WebKit Storage**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A user may be unable to fully delete browsing history\n\nDescription: \"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion.\n\nCVE-2020-29623: Simon Hunt of OvalTwo LTD\n\nEntry added February 1, 2021\n\n**WebRTC**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-15969: an anonymous researcher\n\n**Wi-Fi**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An attacker may be able to bypass Managed Frame Protection\n\nDescription: A denial of service issue was addressed with improved state handling.\n\nCVE-2020-27898: Stephan Marais of University of Johannesburg\n", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-01T06:39:19", "title": "About the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27926", "CVE-2020-27943", "CVE-2020-29612", "CVE-2020-27931", "CVE-2020-9974", "CVE-2020-27898", "CVE-2020-29620", "CVE-2020-15969", "CVE-2020-29617", "CVE-2020-27923", "CVE-2020-29614", "CVE-2020-27944", "CVE-2020-9967", "CVE-2020-13520", "CVE-2020-29616", "CVE-2020-27949", "CVE-2020-10004", "CVE-2020-27896", "CVE-2020-27903", "CVE-2020-27912", "CVE-2020-29615", "CVE-2020-27941", "CVE-2020-27897", "CVE-2020-27901", "CVE-2020-10010", "CVE-2020-10009", "CVE-2020-27919", "CVE-2020-29633", "CVE-2020-10007", "CVE-2020-10015", "CVE-2020-10001", "CVE-2020-29619", "CVE-2020-10012", "CVE-2020-27906", "CVE-2020-9962", "CVE-2020-9943", "CVE-2020-27924", "CVE-2020-9978", "CVE-2020-27939", "CVE-2020-27907", "CVE-2020-27936", "CVE-2020-27915", "CVE-2020-10002", "CVE-2020-27938", "CVE-2020-9956", "CVE-2020-29611", "CVE-2020-27908", "CVE-2020-27921", "CVE-2020-29623", "CVE-2020-9960", "CVE-2020-10016", "CVE-2020-29621", "CVE-2020-29608", "CVE-2020-9944", "CVE-2020-29625", "CVE-2020-27952", "CVE-2020-27947", "CVE-2020-27920", "CVE-2020-27911", "CVE-2020-13524", "CVE-2020-9972", "CVE-2020-10014", "CVE-2020-27910", "CVE-2020-9975", "CVE-2020-10017", "CVE-2020-27914", "CVE-2020-29624", "CVE-2020-27946", "CVE-2020-29618", "CVE-2020-27916", "CVE-2020-27948", "CVE-2020-27922"], "modified": "2021-02-01T06:39:19", "id": "APPLE:HT212011", "href": "https://support.apple.com/kb/HT212011", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-22T14:49:06", "description": "# About the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave\n\nThis document describes the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave\n\nReleased December 14, 2020\n\n**AMD**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27914: Yu Wang of Didi Research America\n\nCVE-2020-27915: Yu Wang of Didi Research America\n\n**AMD**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2020-27936: Yu Wang of Didi Research America\n\nEntry added February 1, 2021\n\n**App Store**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**AppleGraphicsControl**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A validation issue was addressed with improved logic.\n\nCVE-2020-27941: shrek_wzw\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-29621: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**Audio**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted audio file may disclose restricted memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29610: Anonymous working with Trend Micro Zero Day Initiative\n\nEntry added March 16, 2021\n\n**Audio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9943: JunDong Xie of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9944: JunDong Xie of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab\n\n**Bluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to cause unexpected application termination or heap corruption\n\nDescription: Multiple integer overflows were addressed with improved input validation.\n\nCVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab\n\n**CoreAudio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab\n\n**CoreAudio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27908: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-9960: JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab\n\nEntry updated March 16, 2021\n\n**CoreAudio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab\n\n**CoreText**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-27922: Mickey Jin of Trend Micro\n\n**CUPS**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An input validation issue was addressed with improved memory handling.\n\nCVE-2020-10001: Niky &lt;kittymore83@gmail.com&gt; of China Mobile\n\nEntry added February 1, 2021\n\n**FontParser**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-27946: Mateusz Jurczyk of Google Project Zero\n\n**FontParser**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2020-9962: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\n**FontParser**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro\n\n**FontParser**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro\u2019s Zero Day Initiative\n\n**FontParser**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.\n\nCVE-2020-27931: Apple\n\nCVE-2020-27943: Mateusz Jurczyk of Google Project Zero\n\nCVE-2020-27944: Mateusz Jurczyk of Google Project Zero\n\nCVE-2020-29624: Mateusz Jurczyk of Google Project Zero\n\nEntry updated December 22, 2020\n\n**FontParser**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**Foundation**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10002: James Hutchins\n\n**Graphics Drivers**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27947: ABC Research s.r.o. working with Trend Micro Zero Day Initiative, Liu Long of Ant Security Light-Year Lab\n\nEntry updated March 16, 2021\n\n**Graphics Drivers**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-29612: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\n**HomeKit**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An attacker in a privileged network position may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved setting propagation.\n\nCVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology\n\n**ImageIO**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-27939: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-29625: XingWei Lin of Ant Security Light-Year Lab\n\nEntry added December 22, 2020, updated February 1, 2021\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29615: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-29616: zhouat working with Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27924: Lei Sun\n\nCVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-29611: Alexandru-Vlad Niculae working with Google Project Zero\n\nEntry updated December 17, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to heap corruption\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab\n\nCVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27923: Lei Sun\n\n**Image Processing**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nCVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative, Liu Long of Ant Security Light-Year Lab\n\nEntry updated March 16, 2021\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9974: Tommy Muir (@Muirey03)\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-10016: Alex Helie\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2020-9967: Alex Plaskett (@alexjplaskett)\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9975: Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-27921: Linus Henze (pinauten.de)\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace\n\nDescription: This issue was addressed with improved checks to prevent unauthorized actions.\n\nCVE-2020-27949: Steffen Klee (@_kleest) of TU Darmstadt, Secure Mobile Networking Lab\n\n**Kernel**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2020-29620: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**libxml2**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-27911: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27920: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27926: found by OSS-Fuzz\n\n**libxpc**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A parsing issue in the handling of directory paths was addressed with improved path validation.\n\nCVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Logging**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-10010: Tommy Muir (@Muirey03)\n\n**Login Window**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: An attacker in a privileged network position may be able to bypass authentication policy\n\nDescription: An authentication issue was addressed with improved state management.\n\nCVE-2020-29633: Jewel Lambert of Original Spin, LLC.\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted file may lead to heap corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-29614: ZhiWei Sun(@5n1p3r0010) of Topsec Alpha Lab\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-13520: Aleksandar Nikolic of Cisco Talos\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9972: Aleksandar Nikolic of Cisco Talos\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-13524: Aleksandar Nikolic of Cisco Talos\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10004: Aleksandar Nikolic of Cisco Talos\n\n**NSRemoteView**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-27901: Thijs Alkemade of Computest Research Division\n\n**Power Management**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan\n\nEntry added February 1, 2021\n\n**Power Management**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative\n\n**Quick Look**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted document may lead to a cross site scripting attack\n\nDescription: An access issue was addressed with improved access restrictions.\n\nCVE-2020-10012: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)\n\n**Ruby**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to modify the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-27896: an anonymous researcher\n\n**System Preferences**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10009: Thijs Alkemade of Computest Research Division\n\n**WebKit Storage**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A user may be unable to fully delete browsing history\n\nDescription: \"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion.\n\nCVE-2020-29623: Simon Hunt of OvalTwo LTD\n\nEntry added February 1, 2021\n\n**WebRTC**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-15969: an anonymous researcher\n\n**Wi-Fi**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An attacker may be able to bypass Managed Frame Protection\n\nDescription: A denial of service issue was addressed with improved state handling.\n\nCVE-2020-27898: Stephan Marais of University of Johannesburg\n\n\n\n## Additional recognition\n\n**CoreAudio**\n\nWe would like to acknowledge JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab for their assistance.\n\nEntry added March 16, 2021\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 16, 2021\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-14T00:00:00", "type": "apple", "title": "About the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10001", "CVE-2020-10002", "CVE-2020-10004", "CVE-2020-10007", "CVE-2020-10009", "CVE-2020-10010", "CVE-2020-10012", "CVE-2020-10014", "CVE-2020-10015", "CVE-2020-10016", "CVE-2020-10017", "CVE-2020-13520", "CVE-2020-13524", "CVE-2020-15969", "CVE-2020-27896", "CVE-2020-27897", "CVE-2020-27898", "CVE-2020-27901", "CVE-2020-27903", "CVE-2020-27906", "CVE-2020-27907", "CVE-2020-27908", "CVE-2020-27910", "CVE-2020-27911", "CVE-2020-27912", "CVE-2020-27914", "CVE-2020-27915", "CVE-2020-27916", "CVE-2020-27919", "CVE-2020-27920", "CVE-2020-27921", "CVE-2020-27922", "CVE-2020-27923", "CVE-2020-27924", "CVE-2020-27926", "CVE-2020-27931", "CVE-2020-27936", "CVE-2020-27938", "CVE-2020-27939", "CVE-2020-27941", "CVE-2020-27943", "CVE-2020-27944", "CVE-2020-27946", "CVE-2020-27947", "CVE-2020-27948", "CVE-2020-27949", "CVE-2020-27952", "CVE-2020-29608", "CVE-2020-29610", "CVE-2020-29611", "CVE-2020-29612", "CVE-2020-29614", "CVE-2020-29615", "CVE-2020-29616", "CVE-2020-29617", "CVE-2020-29618", "CVE-2020-29619", "CVE-2020-29620", "CVE-2020-29621", "CVE-2020-29623", "CVE-2020-29624", "CVE-2020-29625", "CVE-2020-29633", "CVE-2020-9943", "CVE-2020-9944", "CVE-2020-9956", "CVE-2020-9960", "CVE-2020-9962", "CVE-2020-9967", "CVE-2020-9972", "CVE-2020-9974", "CVE-2020-9975", "CVE-2020-9978"], "modified": "2020-12-14T00:00:00", "id": "APPLE:69486846F4E103257D8EDC36AB4251D2", "href": "https://support.apple.com/kb/HT212011", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:51", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 14.0 and iPadOS 14.0\n\nReleased September 16, 2020\n\n**AppleAVD**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An application may be able to cause unexpected system termination or write kernel memory\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9958: Mohamed Ghannam (@_simo36)\n\n**Assets**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An attacker may be able to misuse a trust relationship to download malicious content\n\nDescription: A trust issue was addressed by removing a legacy API.\n\nCVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup\n\nEntry updated November 12, 2020\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreAudio**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Playing a malicious audio file may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreCapture**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9949: Proteas\n\nEntry added November 12, 2020\n\n**CoreText**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9999: Apple\n\nEntry added December 15, 2020\n\n**Disk Images**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9965: Proteas\n\nCVE-2020-9966: Proteas\n\nEntry added November 12, 2020\n\n**Icons**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to identify what other applications a user has installed\n\nDescription: The issue was addressed with improved handling of icon caches.\n\nCVE-2020-9773: Chilik Tamir of Zimperium zLabs\n\n**IDE Device Support**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network\n\nDescription: This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7.\n\nCVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen of Zimperium zLabs\n\nEntry updated September 17, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added December 15, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added November 12, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added November 12, 2020\n\n**IOSurfaceAccelerator**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A local user may be able to read kernel memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\nEntry added November 12, 2020\n\n**Keyboard**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany\n\n**libxml2**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9981: found by OSS-Fuzz\n\nEntry added November 12, 2020\n\n**libxpc**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nEntry added December 15, 2020\n\n**Mail**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A remote attacker may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9941: Fabian Ising of FH M\u00fcnster University of Applied Sciences and Damian Poddebniak of FH M\u00fcnster University of Applied Sciences\n\nEntry added November 12, 2020\n\n**Messages**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A local user may be able to discover a user\u2019s deleted messages\n\nDescription: The issue was addressed with improved deletion.\n\nCVE-2020-9988: William Breuer of the Netherlands\n\nCVE-2020-9989: von Brunn Media\n\nEntry added November 12, 2020\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-13520: Aleksandar Nikolic of Cisco Talos\n\nEntry added November 12, 2020\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-6147: Aleksandar Nikolic of Cisco Talos\n\nCVE-2020-9972: Aleksandar Nikolic of Cisco Talos\n\nEntry added November 12, 2020\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9973: Aleksandar Nikolic of Cisco Talos\n\n**NetworkExtension**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro\n\nEntry added November 12, 2020\n\n**Phone**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: The screen lock may not engage after the specified time period\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9946: Daniel Larsson of iolight AB\n\n**Quick Look**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious app may be able to determine the existence of files on the computer\n\nDescription: The issue was addressed with improved handling of icon caches.\n\nCVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added November 12, 2020\n\n**Safari**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to determine a user's open tabs in Safari\n\nDescription: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.\n\nCVE-2020-9977: Josh Parnham (@joshparnham)\n\nEntry added November 12, 2020\n\n**Safari**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba, Piotr Duszynski\n\nEntry added November 12, 2020 \n\n\n**Sandbox**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A local user may be able to view senstive user information\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2020-9969: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nEntry added November 12, 2020\n\n**Sandbox**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec\n\nEntry updated September 17, 2020\n\n**Siri**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen\n\nDescription: A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management.\n\nCVE-2020-9959: an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, Andrew Goldberg The University of Texas at Austin, McCombs School of Business, Meli\u0307h Kerem G\u00fcne\u015f of Li\u0307v College, Sinan Gulguler\n\nEntry updated December 15, 2020\n\n**SQLite**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13434\n\nCVE-2020-13435\n\nCVE-2020-9991\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9849\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating SQLite to version 3.32.3.\n\nCVE-2020-15358\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A maliciously crafted SQL query may lead to data corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13631\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-13630\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9950: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9983: zhunki\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9952: Ryan Pickren (ryanpickren.com)\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10013: Yu Wang of Didi Research America\n\nEntry added November 12, 2020\n\n\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance.\n\nEntry added December 15, 2020\n\n**App Store**\n\nWe would like to acknowledge Giyas Umarov of Holmdel High School for their assistance.\n\n**Audio**\n\nWe would like to acknowledge JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added November 12, 2020\n\n**Bluetooth**\n\nWe would like to acknowledge Andy Davis of NCC Group and Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.\n\n**CallKit**\n\nWe would like to acknowledge Federico Zanetello for their assistance.\n\n**CarPlay**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**Clang**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\nEntry added November 12, 2020\n\n**Core Location**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**Crash Reporter**\n\nWe would like to acknowledge Artur Byszko of AFINE for their assistance.\n\nEntry added December 15, 2020\n\n**debugserver**\n\nWe would like to acknowledge Linus Henze (pinauten.de) for their assistance.\n\n**iAP**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**iBoot**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero, Stephen R\u00f6ttger of Google for their assistance.\n\nEntry updated November 12, 2020\n\n**libarchive**\n\n****We would like to acknowledge Dzmitry Plotnikau and an anonymous researcher for their assistance.\n\n**lldb**\n\nWe would like to acknowledge Linus Henze (pinauten.de) for their assistance.\n\nEntry added November 12, 2020\n\n**Location Framework**\n\nWe would like to acknowledge Nicolas Brunner (linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.\n\nEntry updated October 19, 2020\n\n**Mail**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added November 12, 2020\n\n**Mail Drafts**\n\nWe would like to acknowledge Jon Bottarini of HackerOne for their assistance.\n\nEntry added November 12, 2020\n\n**Maps**\n\nWe would like to acknowledge Matthew Dolan of Amazon Alexa for their assistance.\n\n**NetworkExtension**\n\nWe would like to acknowledge Thijs Alkemade of Computest and \u2018Qubo Song\u2019 of \u2018Symantec, a division of Broadcom\u2019 for their assistance.\n\n**Phone Keypad**\n\nWe would like to acknowledge Hasan Fahrettin Kaya of Akdeniz University Faculty of Tourism, an anonymous researcher for their assistance.\n\nEntry added November 12, 2020, updated December 15, 2020\n\n**Safari**\n\nWe would like to acknowledge Andreas Gutmann (@KryptoAndI) of OneSpan's Innovation Centre (onespan.com) and University College London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre (onespan.com) and University College London, Jack Cable of Lightning Security, Ryan Pickren (ryanpickren.com), Yair Amit for their assistance.\n\nEntry added November 12, 2020\n\n**Safari Reader**\n\nWe would like to acknowledge Zhiyang Zeng (@Wester) of OPPO ZIWU Security Lab for their assistance.\n\nEntry added November 12, 2020\n\n**Security**\n\nWe would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance.\n\nEntry added November 12, 2020\n\n**Status Bar**\n\nWe would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and an anonymous researcher for their assistance.\n\n**Telephony**\n\nWe would like to acknowledge Onur Can B\u0131kmaz, Vodafone Turkey @canbkmaz, Yi\u011fit Can YILMAZ (@yilmazcanyigit), an anonymous researcher for their assistance.\n\nEntry updated November 12, 2020\n\n**UIKit**\n\nWe would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt, and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk Inc for their assistance.\n\n**Web App**\n\nWe would like to acknowledge Augusto Alvarez of Outcourse Limited for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.\n\nEntry added November 12, 2020\n", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T05:43:15", "title": "About the security content of iOS 14.0 and iPadOS 14.0 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9773", "CVE-2020-9954", "CVE-2020-13434", "CVE-2020-9996", "CVE-2020-9991", "CVE-2020-9951", "CVE-2020-9988", "CVE-2020-9968", "CVE-2020-13520", "CVE-2020-10013", "CVE-2020-9965", "CVE-2020-9981", "CVE-2020-9952", "CVE-2020-9950", "CVE-2020-9977", "CVE-2020-9963", "CVE-2020-9983", "CVE-2020-9946", "CVE-2020-9976", "CVE-2020-9961", "CVE-2020-9876", "CVE-2020-6147", "CVE-2020-9958", "CVE-2020-9969", "CVE-2020-9943", "CVE-2020-9979", "CVE-2020-9973", "CVE-2020-9999", "CVE-2020-13631", "CVE-2020-9955", "CVE-2020-9964", "CVE-2020-9989", "CVE-2020-9949", "CVE-2020-9941", "CVE-2020-9849", "CVE-2019-14899", "CVE-2020-13435", "CVE-2020-9992", "CVE-2020-13630", "CVE-2020-9959", "CVE-2020-9947", "CVE-2020-9944", "CVE-2020-9972", "CVE-2020-15358", "CVE-2020-9971", "CVE-2020-9993", "CVE-2020-9966"], "modified": "2020-12-15T05:43:15", "id": "APPLE:HT211850", "href": "https://support.apple.com/kb/HT211850", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:36", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iTunes 12.11 for Windows\n\nReleased November 17, 2020\n\n**Foundation**\n\nAvailable for: Windows 10 and later\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10002: James Hutchins\n\n**ImageIO**\n\nAvailable for: Windows 10 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\n**libxml2**\n\nAvailable for: Windows 10 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27917: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: Windows 10 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-27911: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 10 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27918: an anonymous researcher\n\n**Windows Security**\n\nAvailable for: Windows 10 and later\n\nImpact: A malicious application may be able to access local users Apple IDs\n\nDescription: An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.\n\nCVE-2020-27895: Sourav Newatia (linkedin.com/in/sourav-newatia-5b0848a8/)\n", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-17T09:59:50", "title": "About the security content of iTunes 12.11 for Windows - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27918", "CVE-2020-27912", "CVE-2020-10002", "CVE-2020-27911", "CVE-2020-27917", "CVE-2020-27895"], "modified": "2020-11-17T09:59:50", "id": "APPLE:HT211933", "href": "https://support.apple.com/kb/HT211933", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-06T22:02:49", "description": "# About the security content of iTunes 12.11 for Windows\n\nThis document describes the security content of iTunes 12.11 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iTunes 12.11 for Windows\n\nReleased November 17, 2020\n\n**Foundation**\n\nAvailable for: Windows 10 and later\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10002: James Hutchins\n\n**ImageIO**\n\nAvailable for: Windows 10 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\n**libxml2**\n\nAvailable for: Windows 10 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27917: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: Windows 10 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-27911: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 10 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27918: an anonymous researcher\n\n**Windows Security**\n\nAvailable for: Windows 10 and later\n\nImpact: A malicious application may be able to access local users Apple IDs\n\nDescription: An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.\n\nCVE-2020-27895: Sourav Newatia (linkedin.com/in/sourav-newatia-5b0848a8/)\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 17, 2020\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-17T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.11 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10002", "CVE-2020-27895", "CVE-2020-27911", "CVE-2020-27912", "CVE-2020-27917", "CVE-2020-27918"], "modified": "2020-11-17T00:00:00", "id": "APPLE:6DF980035FA5B0EF863730813EC6725A", "href": "https://support.apple.com/kb/HT211933", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:55", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iTunes 12.10.9 for Windows\n\nReleased September 16, 2020\n\n**CoreText**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9999: Mickey Jin &amp; Junzhi Lu of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9981: found by OSS-Fuzz\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13434\n\nCVE-2020-13435\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-13630\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: A maliciously crafted SQL query may lead to data corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13631\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9849\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9983: zhunki\n", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-13T09:13:16", "title": "About the security content of iTunes 12.10.9 for Windows - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13434", "CVE-2020-9951", "CVE-2020-9981", "CVE-2020-9983", "CVE-2020-9961", "CVE-2020-9876", "CVE-2020-9999", "CVE-2020-13631", "CVE-2020-9849", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-9947"], "modified": "2020-11-13T09:13:16", "id": "APPLE:HT211952", "href": "https://support.apple.com/kb/HT211952", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-18T15:35:01", "description": "# About the security content of macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update\n\nThis document describes the security content of macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update\n\nReleased November 5, 2020\n\n**FontParser**\n\nAvailable for: macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27930: Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2020-27932: Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2020-27950: Google Project Zero\n\n\n\nmacOS will have the following build number after you install this update: 19H15.\n\nLearn how to [find the macOS version and build number on your Mac](<https://support.apple.com/kb/HT201260>).\n\nLearn how to [update the software on your Mac](<https://support.apple.com/kb/HT201541>).\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 05, 2020\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-05T00:00:00", "type": "apple", "title": "About the security content of macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27930", "CVE-2020-27932", "CVE-2020-27950"], "modified": "2020-11-05T00:00:00", "id": "APPLE:567F6B2E8EBD214D591678E8B0D79941", "href": "https://support.apple.com/kb/HT211947", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:05", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 5.3.9\n\nReleased November 5, 2020\n\n**FontParser**\n\nAvailable for: Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to an iPhone with iOS 12 installed\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27930: Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to an iPhone with iOS 12 installed\n\nImpact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2020-27950: Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to an iPhone with iOS 12 installed\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2020-27932: Google Project Zero\n", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-05T08:16:05", "title": "About the security content of watchOS 5.3.9 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27950", "CVE-2020-27930", "CVE-2020-27932"], "modified": "2020-11-05T08:16:05", "id": "APPLE:HT211945", "href": "https://support.apple.com/kb/HT211945", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:03", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 6.2.9\n\nReleased November 5, 2020\n\n**FontParser**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27930: Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2020-27950: Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2020-27932: Google Project Zero\n", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-05T06:43:55", "title": "About the security content of watchOS 6.2.9 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27950", "CVE-2020-27930", "CVE-2020-27932"], "modified": "2020-11-05T06:43:55", "id": "APPLE:HT211944", "href": "https://support.apple.com/kb/HT211944", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:05", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update\n\nReleased November 5, 2020\n\n**FontParser**\n\nAvailable for: macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27930: Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2020-27932: Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2020-27950: Google Project Zero\n\n\n\nmacOS will have the following build number after you install this update: 19H15.\n\nLearn how to [find the macOS version and build number on your Mac](<https://support.apple.com/kb/HT201260>).\n\nLearn how to [update the software on your Mac](<https://support.apple.com/kb/HT201541>).\n", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-05T06:38:42", "title": "About the security content of macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27950", "CVE-2020-27930", "CVE-2020-27932"], "modified": "2020-11-05T06:38:42", "id": "APPLE:HT211947", "href": "https://support.apple.com/kb/HT211947", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:26", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave\n\nReleased November 12, 2020\n\n**FontParser**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27930: Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2020-27932: Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\n\nImpact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2020-27950: Google Project Zero\n", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-12T07:45:57", "title": "About the security content of Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27950", "CVE-2020-27930", "CVE-2020-27932"], "modified": "2020-11-12T07:45:57", "id": "APPLE:HT211946", "href": "https://support.apple.com/kb/HT211946", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-22T14:49:10", "description": "# About the security content of watchOS 5.3.9\n\nThis document describes the security content of watchOS 5.3.9.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 5.3.9\n\nReleased November 5, 2020\n\n**FontParser**\n\nAvailable for: Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to an iPhone with iOS 12 installed\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27930: Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to an iPhone with iOS 12 installed\n\nImpact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2020-27950: Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to an iPhone with iOS 12 installed\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2020-27932: Google Project Zero\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 05, 2020\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-05T00:00:00", "type": "apple", "title": "About the security content of watchOS 5.3.9", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27930", "CVE-2020-27932", "CVE-2020-27950"], "modified": "2020-11-05T00:00:00", "id": "APPLE:93614336BB03BEDDCA6E5681D8831D84", "href": "https://support.apple.com/kb/HT211945", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T22:03:35", "description": "# About the security content of Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave\n\nThis document describes the security content of Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave\n\nReleased November 12, 2020\n\n**FontParser**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27930: Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2020-27932: Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\n\nImpact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2020-27950: Google Project Zero\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 12, 2020\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-12T00:00:00", "type": "apple", "title": "About the security content of Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27930", "CVE-2020-27932", "CVE-2020-27950"], "modified": "2020-11-12T00:00:00", "id": "APPLE:4EFA0D2FA6B1CE4BAB5F166BABB28BCC", "href": "https://support.apple.com/kb/HT211946", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-22T14:49:10", "description": "# About the security content of watchOS 6.2.9\n\nThis document describes the security content of watchOS 6.2.9.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 6.2.9\n\nReleased November 5, 2020\n\n**FontParser**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27930: Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2020-27950: Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2020-27932: Google Project Zero\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 05, 2020\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-05T00:00:00", "type": "apple", "title": "About the security content of watchOS 6.2.9", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27930", "CVE-2020-27932", "CVE-2020-27950"], "modified": "2020-11-05T00:00:00", "id": "APPLE:01EDA5CA5DA6F306F4C7CED2B3B4E329", "href": "https://support.apple.com/kb/HT211944", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-29T05:59:51", "description": "# About the security content of iTunes 12.10.9 for Windows\n\nThis document describes the security content of iTunes 12.10.9 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iTunes 12.10.9 for Windows\n\nReleased September 16, 2020\n\n**CoreText**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9999: Mickey Jin &amp; Junzhi Lu of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-36521: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added May 25, 2022\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9981: found by OSS-Fuzz\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13434\n\nCVE-2020-13435\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-13630\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: A maliciously crafted SQL query may lead to data corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13631\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9849\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9983: zhunki\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: May 25, 2022\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-09-16T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.10.9 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-36521", "CVE-2020-9849", "CVE-2020-9876", "CVE-2020-9947", "CVE-2020-9951", "CVE-2020-9961", "CVE-2020-9981", "CVE-2020-9983", "CVE-2020-9999"], "modified": "2020-09-16T00:00:00", "id": "APPLE:7B414D7D6363796AB8F0EB89C5EEC383", "href": "https://support.apple.com/kb/HT211952", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:53", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 12.4.9\n\nReleased November 5, 2020\n\n**FaceTime**\n\nAvailable for: iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2 and 3, iPod touch (6th generation)\n\nImpact: A user may send video in Group FaceTime calls without knowing that they have done so\n\nDescription: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management.\n\nCVE-2020-27929: James P (@Jam_Penn)\n\n**FontParser**\n\nAvailable for: iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2 and 3, iPod touch (6th generation)\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27930: Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2 and 3, iPod touch (6th generation)\n\nImpact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2020-27950: Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2 and 3, iPod touch (6th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2020-27932: Google Project Zero\n", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-05T06:30:47", "title": "About the security content of iOS 12.4.9 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27950", "CVE-2020-27929", "CVE-2020-27930", "CVE-2020-27932"], "modified": "2020-11-05T06:30:47", "id": "APPLE:HT211940", "href": "https://support.apple.com/kb/HT211940", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-18T22:02:44", "description": "# About the security content of iOS 12.4.9\n\nThis document describes the security content of iOS 12.4.9.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 12.4.9\n\nReleased November 5, 2020\n\n**FaceTime**\n\nAvailable for: iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2 and 3, iPod touch (6th generation)\n\nImpact: A user may send video in Group FaceTime calls without knowing that they have done so\n\nDescription: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management.\n\nCVE-2020-27929: James P (@Jam_Penn)\n\n**FontParser**\n\nAvailable for: iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2 and 3, iPod touch (6th generation)\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27930: Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2 and 3, iPod touch (6th generation)\n\nImpact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2020-27950: Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2 and 3, iPod touch (6th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2020-27932: Google Project Zero\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 05, 2020\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-05T00:00:00", "type": "apple", "title": "About the security content of iOS 12.4.9", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27929", "CVE-2020-27930", "CVE-2020-27932", "CVE-2020-27950"], "modified": "2020-11-05T00:00:00", "id": "APPLE:AE8E099C0BC7303FCBA838425C3EC32B", "href": "https://support.apple.com/kb/HT211940", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:50", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Safari 14.0.1\n\nReleased November 12, 2020\n\n**Safari**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27918: an anonymous researcher\n\n\n\n## Additional recognition\n\n**Safari**\n\nWe would like to acknowledge Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their assistance.\n", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-13T12:59:59", "title": "About the security content of Safari 14.0.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27918", "CVE-2020-9945"], "modified": "2020-11-13T12:59:59", "id": "APPLE:HT211934", "href": "https://support.apple.com/kb/HT211934", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-18T22:02:52", "description": "# About the security content of Safari 14.0.1\n\nThis document describes the security content of Safari 14.0.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Safari 14.0.1\n\nReleased November 12, 2020\n\n**Safari**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2020-9945: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27918: Liu Long of Ant Security Light-Year Lab\n\nEntry updated March 16, 2021\n\n\n\n## Additional recognition\n\n**Safari**\n\nWe would like to acknowledge Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 16, 2021\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-12T00:00:00", "type": "apple", "title": "About the security content of Safari 14.0.1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27918", "CVE-2020-9945"], "modified": "2020-11-12T00:00:00", "id": "APPLE:05670E6C3D9F61F84F0D90D38C0910EC", "href": "https://support.apple.com/kb/HT211934", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:42:26", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iCloud for Windows 7.21\n\nReleased September 24, 2020\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9991\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating SQLite to version 3.32.3.\n\nCVE-2020-15358\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9952: Ryan Pickren (ryanpickren.com)\n", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.7}, "published": "2020-11-12T10:19:34", "title": "About the security content of iCloud for Windows 7.21 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9991", "CVE-2020-9952", "CVE-2020-15358"], "modified": "2020-11-12T10:19:34", "id": "APPLE:HT211847", "href": "https://support.apple.com/kb/HT211847", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-11-02T05:59:19", "description": "# About the security content of iCloud for Windows 7.21\n\nThis document describes the security content of iCloud for Windows 7.21.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iCloud for Windows 7.21\n\nReleased September 24, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-36521: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added May 25, 2022\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9991\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating SQLite to version 3.32.3.\n\nCVE-2020-15358\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9952: Ryan Pickren (ryanpickren.com)\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: May 25, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-24T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 7.21", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15358", "CVE-2020-36521", "CVE-2020-9952", "CVE-2020-9991"], "modified": "2020-09-24T00:00:00", "id": "APPLE:E9C90A2600A9DE3614B923070AEC31B1", "href": "https://support.apple.com/kb/HT211847", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-24T20:44:08", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Safari 14.0\n\nReleased September 16, 2020\n\n**Safari**\n\nAvailable for: macOS Catalina and macOS Mojave, and included in macOS Big Sur\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba, Piotr Duszynski\n\nEntry added November 12, 2020\n\n**Safari**\n\nAvailable for: macOS Catalina and macOS Mojave, and included in macOS Big Sur\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2020-9987: Rafay Baloch (cybercitadel.com) of Cyber Citadel\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-9948: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave, and included in macOS Big Sur\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9950: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos\n\nEntry updated November 12, 2020\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9952: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9983: zhunki\n\n\n\n## Additional recognition\n\n**Safari**\n\nWe would like to acknowledge @PaulosYibelo of Limehats, Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added November 12, 2020\n\n**Safari Reader**\n\nWe would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.\n\nEntry added November 12, 2020\n\n**WebKit**\n\nWe would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.\n\nEntry added November 12, 2020\n", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-12T10:19:34", "title": "About the security content of Safari 14.0 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9951", "CVE-2020-9952", "CVE-2020-9950", "CVE-2020-9983", "CVE-2020-9948", "CVE-2020-9987", "CVE-2020-9947", "CVE-2020-9993"], "modified": "2020-11-12T10:19:34", "id": "APPLE:HT211845", "href": "https://support.apple.com/kb/HT211845", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-18T22:02:45", "description": "# About the security content of Safari 14.0\n\nThis document describes the security content of Safari 14.0.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Safari 14.0\n\nReleased September 16, 2020\n\n**Safari**\n\nAvailable for: macOS Catalina and macOS Mojave, and included in macOS Big Sur\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba, Piotr Duszynski\n\nEntry added November 12, 2020\n\n**Safari**\n\nAvailable for: macOS Catalina and macOS Mojave, and included in macOS Big Sur\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2020-9987: Rafay Baloch (cybercitadel.com) of Cyber Citadel\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-9948: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave, and included in macOS Big Sur\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9950: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos\n\nEntry updated November 12, 2020\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9952: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9983: zhunki\n\n\n\n## Additional recognition\n\n**Safari**\n\nWe would like to acknowledge @PaulosYibelo of Limehats, Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added November 12, 2020\n\n**Safari Reader**\n\nWe would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.\n\nEntry added November 12, 2020\n\n**WebKit**\n\nWe would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.\n\nEntry added November 12, 2020\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 12, 2020\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-09-16T00:00:00", "type": "apple", "title": "About the security content of Safari 14.0", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9947", "CVE-2020-9948", "CVE-2020-9950", "CVE-2020-9951", "CVE-2020-9952", "CVE-2020-9983", "CVE-2020-9987", "CVE-2020-9993"], "modified": "2020-09-16T00:00:00", "id": "APPLE:B61E4B61B5310615293FA7FAB3B993B7", "href": "https://support.apple.com/kb/HT211845", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-02-10T14:53:29", "description": "The remote host is running a version of macOS / Mac OS X that is 11.0.x prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - An out-of-bounds write issue that can lead to unexpected application termination or arbitrary code execution when opening a maliciously crafted PDF file. (CVE-2020-9876)\n\n - An out-of-bounds write caused by insufficient input validation that can lead to arbitrary code execution when processing a maliciously crafted image. (CVE-2020-9883)\n\n - A remote attacker may be able to unexpectedly alter the Mail application date due to insufficient checks.\n (CVE-2020-9941)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-19T00:00:00", "type": "nessus", "title": "macOS 11.0.x < 11.0.1", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14899", "CVE-2019-20838", "CVE-2020-10002", "CVE-2020-10003", "CVE-2020-10004", "CVE-2020-10006", "CVE-2020-10007", "CVE-2020-10008", "CVE-2020-10009", "CVE-2020-10010", "CVE-2020-10012", "CVE-2020-10014", "CVE-2020-10016", "CVE-2020-10017", "CVE-2020-10663", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13524", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-14155", "CVE-2020-15358", "CVE-2020-27894", "CVE-2020-27896", "CVE-2020-27898", "CVE-2020-27899", "CVE-2020-27900", "CVE-2020-27903", "CVE-2020-27904", "CVE-2020-27906", "CVE-2020-27910", "CVE-2020-27911", "CVE-2020-27912", "CVE-2020-27916", "CVE-2020-27917", "CVE-2020-27918", "CVE-2020-27927", "CVE-2020-27930", "CVE-2020-27932", "CVE-2020-27950", "CVE-2020-9849", "CVE-2020-9876", "CVE-2020-9883", "CVE-2020-9941", "CVE-2020-9942", "CVE-2020-9943", "CVE-2020-9944", "CVE-2020-9945", "CVE-2020-9949", "CVE-2020-9955", "CVE-2020-9963", "CVE-2020-9965", "CVE-2020-9966", "CVE-2020-9969", "CVE-2020-9971", "CVE-2020-9974", "CVE-2020-9977", "CVE-2020-9988", "CVE-2020-9989", "CVE-2020-9991", "CVE-2020-9996", "CVE-2020-9999"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT211931.NASL", "href": "https://www.tenable.com/plugins/nessus/143115", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143115);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-14899\",\n \"CVE-2019-20838\",\n \"CVE-2020-9849\",\n \"CVE-2020-9876\",\n \"CVE-2020-9883\",\n \"CVE-2020-9941\",\n \"CVE-2020-9942\",\n \"CVE-2020-9943\",\n \"CVE-2020-9944\",\n \"CVE-2020-9945\",\n \"CVE-2020-9949\",\n \"CVE-2020-9955\",\n \"CVE-2020-9963\",\n \"CVE-2020-9965\",\n \"CVE-2020-9966\",\n \"CVE-2020-9969\",\n \"CVE-2020-9971\",\n \"CVE-2020-9974\",\n \"CVE-2020-9977\",\n \"CVE-2020-9988\",\n \"CVE-2020-9989\",\n \"CVE-2020-9991\",\n \"CVE-2020-9996\",\n \"CVE-2020-9999\",\n \"CVE-2020-10002\",\n \"CVE-2020-10003\",\n \"CVE-2020-10004\",\n \"CVE-2020-10006\",\n \"CVE-2020-10007\",\n \"CVE-2020-10008\",\n \"CVE-2020-10009\",\n \"CVE-2020-10010\",\n \"CVE-2020-10012\",\n \"CVE-2020-10014\",\n \"CVE-2020-10016\",\n \"CVE-2020-10017\",\n \"CVE-2020-10663\",\n \"CVE-2020-13434\",\n \"CVE-2020-13435\",\n \"CVE-2020-13524\",\n \"CVE-2020-13630\",\n \"CVE-2020-13631\",\n \"CVE-2020-14155\",\n \"CVE-2020-15358\",\n \"CVE-2020-27894\",\n \"CVE-2020-27896\",\n \"CVE-2020-27898\",\n \"CVE-2020-27899\",\n \"CVE-2020-27900\",\n \"CVE-2020-27903\",\n \"CVE-2020-27904\",\n \"CVE-2020-27906\",\n \"CVE-2020-27910\",\n \"CVE-2020-27911\",\n \"CVE-2020-27912\",\n \"CVE-2020-27916\",\n \"CVE-2020-27917\",\n \"CVE-2020-27918\",\n \"CVE-2020-27927\",\n \"CVE-2020-27930\",\n \"CVE-2020-27932\",\n \"CVE-2020-27950\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT211931\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2020-11-12\");\n script_xref(name:\"IAVA\", value:\"2020-A-0539-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0576-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"macOS 11.0.x < 11.0.1\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS security update\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 11.0.x prior to 11.0.1. It is, therefore, affected by\nmultiple vulnerabilities, including the following:\n\n - An out-of-bounds write issue that can lead to unexpected application termination or arbitrary code\n execution when opening a maliciously crafted PDF file. (CVE-2020-9876)\n\n - An out-of-bounds write caused by insufficient input validation that can lead to arbitrary code execution\n when processing a maliciously crafted image. (CVE-2020-9883)\n\n - A remote attacker may be able to unexpectedly alter the Mail application date due to insufficient checks.\n (CVE-2020-9941)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT211931\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 11.0.1 or later\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9965\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-27906\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_apple.inc');\n\napp_info = vcf::apple::macos::get_app_info();\n\nconstraints = [\n { 'min_version' : '11.0', 'fixed_version' : '11.0.1', 'fixed_build': '20B29', 'fixed_display' : 'macOS Big Sur 11.0.1' }\n];\n\nvcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-01T14:57:56", "description": "According to its banner, the version of Apple TV on the remote device is prior to 14.2. It is, therefore, affected by multiple vulnerabilities as described in the HT211930 advisory:\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to execute arbitrary code with system privileges.\n (CVE-2020-27905)\n\n - An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution. (CVE-2020-27910)\n\n - An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. (CVE-2020-27911)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-05T00:00:00", "type": "nessus", "title": "Apple TV < 14.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10002", "CVE-2020-10003", "CVE-2020-10010", "CVE-2020-10011", "CVE-2020-10016", "CVE-2020-10017", "CVE-2020-27899", "CVE-2020-27905", "CVE-2020-27909", "CVE-2020-27910", "CVE-2020-27911", "CVE-2020-27912", "CVE-2020-27916", "CVE-2020-27917", "CVE-2020-27918", "CVE-2020-27927", "CVE-2020-27935", "CVE-2020-9974"], "modified": "2021-02-08T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_14_2.NASL", "href": "https://www.tenable.com/plugins/nessus/146215", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146215);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2020-9974\",\n \"CVE-2020-10002\",\n \"CVE-2020-10003\",\n \"CVE-2020-10010\",\n \"CVE-2020-10011\",\n \"CVE-2020-10016\",\n \"CVE-2020-10017\",\n \"CVE-2020-27899\",\n \"CVE-2020-27905\",\n \"CVE-2020-27909\",\n \"CVE-2020-27910\",\n \"CVE-2020-27911\",\n \"CVE-2020-27912\",\n \"CVE-2020-27916\",\n \"CVE-2020-27917\",\n \"CVE-2020-27918\",\n \"CVE-2020-27927\",\n \"CVE-2020-27935\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT211930\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2020-11-05-7\");\n\n script_name(english:\"Apple TV < 14.2 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apple TV device is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apple TV on the remote device is prior to 14.2. It is, therefore, affected by\nmultiple vulnerabilities as described in the HT211930 advisory:\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS\n 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to execute arbitrary code with system privileges.\n (CVE-2020-27905)\n\n - An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1,\n iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary\n code execution. (CVE-2020-27910)\n\n - An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1,\n watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A remote\n attacker may be able to cause unexpected application termination or arbitrary code execution. (CVE-2020-27911)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT211930\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 14.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27905\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude('appletv_func.inc');\n\nurl = get_kb_item_or_exit('AppleTV/URL', msg:'Cannot determine Apple TV URL.');\n\nport = get_kb_item_or_exit('AppleTV/Port', msg:'Cannot determine Apple TV port.');\n\nbuild = get_kb_item_or_exit('AppleTV/Version', msg:'Cannot determine Apple TV version.');\n\nmodel = get_kb_item_or_exit('AppleTV/Model', msg:'Cannot determine Apple TV model.');\n\nfixed_build = '18K57';\ntvos_ver = '14.2';\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : make_list(4, 5),\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_HOLE\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-15T14:53:19", "description": "The version of Apple iOS running on the mobile device is prior to 14.2. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-13T00:00:00", "type": "nessus", "title": "Apple iOS < 14.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10002", "CVE-2020-10003", "CVE-2020-10004", "CVE-2020-10010", "CVE-2020-10011", "CVE-2020-10016", "CVE-2020-10017", "CVE-2020-13524", "CVE-2020-27902", "CVE-2020-27905", "CVE-2020-27909", "CVE-2020-27910", "CVE-2020-27911", "CVE-2020-27912", "CVE-2020-27916", "CVE-2020-27917", "CVE-2020-27918", "CVE-2020-27925", "CVE-2020-27926", "CVE-2020-27927", "CVE-2020-27930", "CVE-2020-27932", "CVE-2020-27950", "CVE-2020-9974"], "modified": "2023-02-13T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_142_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/142881", "sourceData": "Binary data apple_ios_142_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:55:15", "description": "The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.6 Security Update 2020-007 Mojave, 10.15.x prior to 10.15.7 Security Update 2020-001 Catalina, or 11.x prior to 11.1. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - Processing a maliciously crafted audio file may lead to arbitrary code execution. (CVE-2020-9960, CVE-2020-10017, CVE-2020-27908, CVE-2020-27910, CVE-2020-27916, CVE-2020-27948)\n\n - Processing a maliciously crafted image may lead to arbitrary code execution. (CVE-2020-9962, CVE-2020-27912, CVE-2020-27919, CVE-2020-27923, CVE-2020-27924, CVE-2020-29611, CVE-2020-29616, CVE-2020-29618)\n\n - Processing a maliciously crafted font file may lead to arbitrary code execution. (CVE-2020-9956, CVE-2020-27922, CVE-2020-27931, CVE-2020-27943, CVE-2020-27944, CVE-2020-27952)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "macOS 10.14.x < 10.14.6 Security Update 2020-007 / 10.15.x < 10.15.7 Security Update 2020-001 / macOS 11.x < 11.1 (HT212011)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10002", "CVE-2020-10004", "CVE-2020-10007", "CVE-2020-10009", "CVE-2020-10010", "CVE-2020-10012", "CVE-2020-10014", "CVE-2020-10015", "CVE-2020-10016", "CVE-2020-10017", "CVE-2020-13524", "CVE-2020-15969", "CVE-2020-27896", "CVE-2020-27897", "CVE-2020-27898", "CVE-2020-27901", "CVE-2020-27903", "CVE-2020-27906", "CVE-2020-27907", "CVE-2020-27908", "CVE-2020-27910", "CVE-2020-27911", "CVE-2020-27912", "CVE-2020-27914", "CVE-2020-27915", "CVE-2020-27916", "CVE-2020-27919", "CVE-2020-27920", "CVE-2020-27921", "CVE-2020-27922", "CVE-2020-27923", "CVE-2020-27924", "CVE-2020-27926", "CVE-2020-27931", "CVE-2020-27941", "CVE-2020-27943", "CVE-2020-27944", "CVE-2020-27946", "CVE-2020-27947", "CVE-2020-27948", "CVE-2020-27949", "CVE-2020-27952", "CVE-2020-29611", "CVE-2020-29612", "CVE-2020-29616", "CVE-2020-29617", "CVE-2020-29618", "CVE-2020-29619", "CVE-2020-29620", "CVE-2020-29621", "CVE-2020-9943", "CVE-2020-9944", "CVE-2020-9956", "CVE-2020-9960", "CVE-2020-9962", "CVE-2020-9967", "CVE-2020-9974", "CVE-2020-9975", "CVE-2020-9978"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT212011.NASL", "href": "https://www.tenable.com/plugins/nessus/144453", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144453);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-9943\",\n \"CVE-2020-9944\",\n \"CVE-2020-9956\",\n \"CVE-2020-9960\",\n \"CVE-2020-9962\",\n \"CVE-2020-9967\",\n \"CVE-2020-9974\",\n \"CVE-2020-9975\",\n \"CVE-2020-9978\",\n \"CVE-2020-10002\",\n \"CVE-2020-10004\",\n \"CVE-2020-10007\",\n \"CVE-2020-10009\",\n \"CVE-2020-10010\",\n \"CVE-2020-10012\",\n \"CVE-2020-10014\",\n \"CVE-2020-10015\",\n \"CVE-2020-10016\",\n \"CVE-2020-10017\",\n \"CVE-2020-13524\",\n \"CVE-2020-15969\",\n \"CVE-2020-27896\",\n \"CVE-2020-27897\",\n \"CVE-2020-27898\",\n \"CVE-2020-27901\",\n \"CVE-2020-27903\",\n \"CVE-2020-27906\",\n \"CVE-2020-27907\",\n \"CVE-2020-27908\",\n \"CVE-2020-27910\",\n \"CVE-2020-27911\",\n \"CVE-2020-27912\",\n \"CVE-2020-27914\",\n \"CVE-2020-27915\",\n \"CVE-2020-27916\",\n \"CVE-2020-27919\",\n \"CVE-2020-27920\",\n \"CVE-2020-27921\",\n \"CVE-2020-27922\",\n \"CVE-2020-27923\",\n \"CVE-2020-27924\",\n \"CVE-2020-27926\",\n \"CVE-2020-27931\",\n \"CVE-2020-27941\",\n \"CVE-2020-27943\",\n \"CVE-2020-27944\",\n \"CVE-2020-27946\",\n \"CVE-2020-27947\",\n \"CVE-2020-27948\",\n \"CVE-2020-27949\",\n \"CVE-2020-27952\",\n \"CVE-2020-29611\",\n \"CVE-2020-29612\",\n \"CVE-2020-29616\",\n \"CVE-2020-29617\",\n \"CVE-2020-29618\",\n \"CVE-2020-29619\",\n \"CVE-2020-29620\",\n \"CVE-2020-29621\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT212011\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2020-12-14\");\n script_xref(name:\"IAVA\", value:\"2020-A-0576-S\");\n\n script_name(english:\"macOS 10.14.x < 10.14.6 Security Update 2020-007 / 10.15.x < 10.15.7 Security Update 2020-001 / macOS 11.x < 11.1 (HT212011)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.6 Security Update 2020-007\nMojave, 10.15.x prior to 10.15.7 Security Update 2020-001 Catalina, or 11.x prior to 11.1. It is, therefore, affected by\nmultiple vulnerabilities, including the following:\n\n - Processing a maliciously crafted audio file may lead to arbitrary code execution. (CVE-2020-9960,\n CVE-2020-10017, CVE-2020-27908, CVE-2020-27910, CVE-2020-27916, CVE-2020-27948)\n\n - Processing a maliciously crafted image may lead to arbitrary code execution. (CVE-2020-9962,\n CVE-2020-27912, CVE-2020-27919, CVE-2020-27923, CVE-2020-27924, CVE-2020-29611, CVE-2020-29616,\n CVE-2020-29618)\n\n - Processing a maliciously crafted font file may lead to arbitrary code execution. (CVE-2020-9956,\n CVE-2020-27922, CVE-2020-27931, CVE-2020-27943, CVE-2020-27944, CVE-2020-27952)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT212011\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 10.14.6 Security Update 2020-007 / 10.15.7 Security Update 2020-001 / macOS 11.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9975\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-27920\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_apple.inc');\n\napp_info = vcf::apple::macos::get_app_info();\n\nconstraints = [\n { 'max_version' : '10.14.6', 'min_version' : '10.14', 'fixed_build': '18G7016', 'fixed_display' : '10.14.6 Security Update 2020-007 Mojave' },\n { 'max_version' : '10.15.7', 'min_version' : '10.15', 'fixed_build': '19H114', 'fixed_display' : '10.15.7 Security Update 2020-001 Catalina' },\n { 'min_version' : '11.0', 'fixed_version' : '11.1', 'fixed_display' : 'macOS Big Sur 11.1' }\n];\n\nvcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:54:23", "description": "The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2020-006 High Sierra, or 10.14.x prior to 10.14.6 Security Update 2020-006 Mojave. It is, therefore, affected by multiple vulnerabilities :\n\n - Processing a maliciously crafted font may lead to arbitrary code execution. (CVE-2020-27930)\n\n - A malicious application may be able to execute arbitrary code with kernel privileges. (CVE-2020-27932)\n\n - A malicious application may be able to disclose kernel memory. (CVE-2020-27950)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-04T00:00:00", "type": "nessus", "title": "macOS 10.13.x < 10.13.6 Security Update 2020-006 / 10.14.x < 10.14.6 Security Update 2020-006 (HT211946)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27930", "CVE-2020-27932", "CVE-2020-27950"], "modified": "2022-01-21T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT211946.NASL", "href": "https://www.tenable.com/plugins/nessus/143478", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143478);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/21\");\n\n script_cve_id(\"CVE-2020-27930\", \"CVE-2020-27932\", \"CVE-2020-27950\");\n script_xref(name:\"APPLE-SA\", value:\"HT211946\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2020-11-04\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"macOS 10.13.x < 10.13.6 Security Update 2020-006 / 10.14.x < 10.14.6 Security Update 2020-006 (HT211946)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2020-006 High\nSierra, or 10.14.x prior to 10.14.6 Security Update 2020-006 Mojave. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Processing a maliciously crafted font may lead to arbitrary code execution. (CVE-2020-27930)\n\n - A malicious application may be able to execute arbitrary code with kernel privileges. (CVE-2020-27932)\n\n - A malicious application may be able to disclose kernel memory. (CVE-2020-27950)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT211946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 10.13.6 Security Update 2020-006 / 10.14.6 Security Update 2020-006 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27932\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_apple.inc');\n\napp_info = vcf::apple::macos::get_app_info();\n\nconstraints = [\n { 'max_version' : '10.13.6', 'min_version' : '10.13', 'fixed_build': '17G14042', 'fixed_display' : '10.13.6 Security Update 2020-006' },\n { 'max_version' : '10.14.6', 'min_version' : '10.14', 'fixed_build': '18G6042', 'fixed_display' : '10.14.6 Security Update 2020-006' }\n];\nvcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:40:43", "description": "According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.(CVE-2020-15358)\n\n - SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.(CVE-2020-13435)\n\n - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.(CVE-2020-13434)\n\n - ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.(CVE-2020-13632)\n\n - ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.(CVE-2020-13630)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1827)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13632", "CVE-2020-15358"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sqlite", "p-cpe:/a:huawei:euleros:sqlite-devel", "p-cpe:/a:huawei:euleros:sqlite-doc", "p-cpe:/a:huawei:euleros:sqlite-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1827.NASL", "href": "https://www.tenable.com/plugins/nessus/139157", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139157);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2020-13434\",\n \"CVE-2020-13435\",\n \"CVE-2020-13630\",\n \"CVE-2020-13632\",\n \"CVE-2020-15358\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0358-S\");\n\n script_name(english:\"EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1827)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the sqlite packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In SQLite before 3.32.3, select.c mishandles\n query-flattener optimization, leading to a\n multiSelectOrderBy heap overflow because of misuse of\n transitive properties for constant\n propagation.(CVE-2020-15358)\n\n - SQLite through 3.32.0 has a segmentation fault in\n sqlite3ExprCodeTarget in expr.c.(CVE-2020-13435)\n\n - SQLite through 3.32.0 has an integer overflow in\n sqlite3_str_vappendf in printf.c.(CVE-2020-13434)\n\n - ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a\n NULL pointer dereference via a crafted matchinfo()\n query.(CVE-2020-13632)\n\n - ext/fts3/fts3.c in SQLite before 3.32.0 has a\n use-after-free in fts3EvalNextRow, related to the\n snippet feature.(CVE-2020-13630)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1827\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e68d125d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sqlite packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13630\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sqlite-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sqlite-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"sqlite-3.24.0-2.h17.eulerosv2r8\",\n \"sqlite-devel-3.24.0-2.h17.eulerosv2r8\",\n \"sqlite-doc-3.24.0-2.h17.eulerosv2r8\",\n \"sqlite-libs-3.24.0-2.h17.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sqlite\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:39:16", "description": "An update of the sqlite package has been released.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-06T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Sqlite PHSA-2020-2.0-0249", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:sqlite", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0249_SQLITE.NASL", "href": "https://www.tenable.com/plugins/nessus/137193", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0249. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137193);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2020-13434\",\n \"CVE-2020-13435\",\n \"CVE-2020-13630\",\n \"CVE-2020-13631\",\n \"CVE-2020-13632\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0358-S\");\n\n script_name(english:\"Photon OS 2.0: Sqlite PHSA-2020-2.0-0249\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the sqlite package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-249.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13630\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"sqlite-3.32.1-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"sqlite-devel-3.32.1-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"sqlite-libs-3.32.1-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sqlite\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:39:15", "description": "An update of the sqlite package has been released.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-06T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Sqlite PHSA-2020-3.0-0101", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:sqlite", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0101_SQLITE.NASL", "href": "https://www.tenable.com/plugins/nessus/137188", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0101. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137188);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2020-13434\",\n \"CVE-2020-13435\",\n \"CVE-2020-13630\",\n \"CVE-2020-13631\",\n \"CVE-2020-13632\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0358-S\");\n\n script_name(english:\"Photon OS 3.0: Sqlite PHSA-2020-3.0-0101\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the sqlite package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-101.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13630\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"sqlite-3.32.1-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"sqlite-devel-3.32.1-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"sqlite-libs-3.32.1-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sqlite\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:39:16", "description": "Rebase to version 3.32.1\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-04T00:00:00", "type": "nessus", "title": "Fedora 32 : sqlite (2020-0477f8840e)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:sqlite", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-0477F8840E.NASL", "href": "https://www.tenable.com/plugins/nessus/137102", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-0477f8840e.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137102);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2020-13434\",\n \"CVE-2020-13435\",\n \"CVE-2020-13630\",\n \"CVE-2020-13631\",\n \"CVE-2020-13632\"\n );\n script_xref(name:\"FEDORA\", value:\"2020-0477f8840e\");\n script_xref(name:\"IAVA\", value:\"2020-A-0358-S\");\n\n script_name(english:\"Fedora 32 : sqlite (2020-0477f8840e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Rebase to version 3.32.1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-0477f8840e\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected sqlite package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13630\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/04\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"sqlite-3.32.1-1.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sqlite\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:35:08", "description": "An update of the sqlite package has been released.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-10T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Sqlite PHSA-2020-1.0-0298", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:sqlite", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0298_SQLITE.NASL", "href": "https://www.tenable.com/plugins/nessus/137322", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0298. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137322);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2020-13434\",\n \"CVE-2020-13435\",\n \"CVE-2020-13630\",\n \"CVE-2020-13631\",\n \"CVE-2020-13632\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0358-S\");\n\n script_name(english:\"Photon OS 1.0: Sqlite PHSA-2020-1.0-0298\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the sqlite package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-298.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13630\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"sqlite-autoconf-3.32.1-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sqlite\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-09T15:11:34", "description": "The version of Apple iOS running on the mobile device is prior to 12.4.9. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4.9. A user may send video in Group FaceTime calls without knowing that they have done so. (CVE-2020-27929)\n\n - A memory corruption issue was addressed with improved input validation. Processing a maliciously crafted font may lead to arbitrary code execution. (CVE-2020-27930)\n\n - A malicious application may be able to execute arbitrary code with kernel privileges. (CVE-2020-27932)\n\n - A memory initialization issue was addressed. A malicious application may be able to disclose kernel memory. (CVE-2020-27950)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "Apple iOS < 12.4.9 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27929", "CVE-2020-27930", "CVE-2020-27932", "CVE-2020-27950"], "modified": "2023-03-08T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_1249_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/145550", "sourceData": "Binary data apple_ios_1249_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:39:17", "description": "sqlite3 update :\n\nVarious security issues could be used by an attacker to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\n- CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n\n- CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n\n- CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n\n- CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.\n\n- CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.\n\n- CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-17T00:00:00", "type": "nessus", "title": "FreeBSD : several security issues in sqlite3 (c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11655", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:sqlite3", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_C4AC9C79AB3711EA8B5EB42E99A1B9C3.NASL", "href": "https://www.tenable.com/plugins/nessus/137439", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137439);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2020-11655\",\n \"CVE-2020-13434\",\n \"CVE-2020-13435\",\n \"CVE-2020-13630\",\n \"CVE-2020-13631\",\n \"CVE-2020-13632\"\n );\n script_xref(name:\"FreeBSD\", value:\"SA-20:22.sqlite\");\n script_xref(name:\"IAVA\", value:\"2020-A-0358-S\");\n\n script_name(english:\"FreeBSD : several security issues in sqlite3 (c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"sqlite3 update :\n\nVarious security issues could be used by an attacker to cause SQLite\nto crash, resulting in a denial of service, or possibly execute\narbitrary code.\n\n- CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a\ndenial of service (segmentation fault) via a malformed window-function\nquery because the AggInfo object's initialization is mishandled.\n\n- CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in\nsqlite3_str_vappendf in printf.c.\n\n- CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in\nsqlite3ExprCodeTarget in expr.c.\n\n- CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a\nuse-after-free in fts3EvalNextRow, related to the snippet feature.\n\n- CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be\nrenamed to the name of one of its shadow tables, related to alter.c\nand build.c.\n\n- CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has\na NULL pointer dereference via a crafted matchinfo() query.\"\n );\n # https://vuxml.freebsd.org/freebsd/c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e7d5c63b\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13630\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"sqlite3<3.32.2,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:54:39", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4373 advisory.\n\n - pcre: Buffer over-read in JIT when UTF is disabled and \\X or \\R has fixed quantifier greater than 1 (CVE-2019-20838)\n\n - pcre: Integer overflow when parsing callout numeric arguments (CVE-2020-14155)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : pcre (RHSA-2021:4373)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20838", "CVE-2020-14155"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:pcre", "p-cpe:/a:redhat:enterprise_linux:pcre-cpp", "p-cpe:/a:redhat:enterprise_linux:pcre-devel", "p-cpe:/a:redhat:enterprise_linux:pcre-static", "p-cpe:/a:redhat:enterprise_linux:pcre-utf16", "p-cpe:/a:redhat:enterprise_linux:pcre-utf32"], "id": "REDHAT-RHSA-2021-4373.NASL", "href": "https://www.tenable.com/plugins/nessus/155093", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4373. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155093);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-20838\", \"CVE-2020-14155\");\n script_xref(name:\"RHSA\", value:\"2021:4373\");\n script_xref(name:\"IAVA\", value:\"2021-A-0058\");\n\n script_name(english:\"RHEL 8 : pcre (RHSA-2021:4373)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:4373 advisory.\n\n - pcre: Buffer over-read in JIT when UTF is disabled and \\X or \\R has fixed quantifier greater than 1\n (CVE-2019-20838)\n\n - pcre: Integer overflow when parsing callout numeric arguments (CVE-2020-14155)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1848436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1848444\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14155\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-20838\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(125, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcre-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcre-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcre-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcre-utf16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcre-utf32\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'pcre-8.42-6.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-cpp-8.42-6.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-devel-8.42-6.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-static-8.42-6.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-utf16-8.42-6.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-utf32-8.42-6.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'pcre-8.42-6.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-cpp-8.42-6.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-devel-8.42-6.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-static-8.42-6.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-utf16-8.42-6.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-utf32-8.42-6.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pcre / pcre-cpp / pcre-devel / pcre-static / pcre-utf16 / pcre-utf32');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:53:45", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4373 advisory.\n\n - pcre: Buffer over-read in JIT when UTF is disabled and \\X or \\R has fixed quantifier greater than 1 (CVE-2019-20838)\n\n - pcre: Integer overflow when parsing callout numeric arguments (CVE-2020-14155)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : pcre (CESA-2021:4373)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20838", "CVE-2020-14155"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:pcre", "p-cpe:/a:centos:centos:pcre-cpp", "p-cpe:/a:centos:centos:pcre-devel", "p-cpe:/a:centos:centos:pcre-static", "p-cpe:/a:centos:centos:pcre-utf16", "p-cpe:/a:centos:centos:pcre-utf32"], "id": "CENTOS8_RHSA-2021-4373.NASL", "href": "https://www.tenable.com/plugins/nessus/155050", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4373. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155050);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2019-20838\", \"CVE-2020-14155\");\n script_xref(name:\"RHSA\", value:\"2021:4373\");\n script_xref(name:\"IAVA\", value:\"2021-A-0058\");\n\n script_name(english:\"CentOS 8 : pcre (CESA-2021:4373)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:4373 advisory.\n\n - pcre: Buffer over-read in JIT when UTF is disabled and \\X or \\R has fixed quantifier greater than 1\n (CVE-2019-20838)\n\n - pcre: Integer overflow when parsing callout numeric arguments (CVE-2020-14155)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4373\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14155\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-20838\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pcre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pcre-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pcre-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pcre-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pcre-utf16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pcre-utf32\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'pcre-8.42-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-8.42-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-cpp-8.42-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-cpp-8.42-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-devel-8.42-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-devel-8.42-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-static-8.42-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-static-8.42-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-utf16-8.42-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-utf16-8.42-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-utf32-8.42-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcre-utf32-8.42-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pcre / pcre-cpp / pcre-devel / pcre-static / pcre-utf16 / pcre-utf32');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:38:44", "description": "An update of the pcre package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-07T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Pcre PHSA-2020-3.0-0108", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20838", "CVE-2020-14155"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:pcre", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0108_PCRE.NASL", "href": "https://www.tenable.com/plugins/nessus/138182", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0108. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138182);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2019-20838\", \"CVE-2020-14155\");\n\n script_name(english:\"Photon OS 3.0: Pcre PHSA-2020-3.0-0108\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the pcre package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-108.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14155\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-20838\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:pcre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"pcre-8.44-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"pcre-devel-8.44-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"pcre-libs-8.44-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcre\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-01T14:25:28", "description": "The remote host is affected by the vulnerability described in GLSA-202007-26 (SQLite: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-27T00:00:00", "type": "nessus", "title": "GLSA-202007-26 : SQLite: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20218", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-13871", "CVE-2020-15358"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:sqlite", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202007-26.NASL", "href": "https://www.tenable.com/plugins/nessus/138949", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202007-26.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138949);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-20218\", \"CVE-2020-11655\", \"CVE-2020-11656\", \"CVE-2020-13434\", \"CVE-2020-13435\", \"CVE-2020-13630\", \"CVE-2020-13631\", \"CVE-2020-13632\", \"CVE-2020-13871\", \"CVE-2020-15358\");\n script_xref(name:\"GLSA\", value:\"202007-26\");\n script_xref(name:\"IAVA\", value:\"2020-A-0358-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"GLSA-202007-26 : SQLite: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202007-26\n(SQLite: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in SQLite. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202007-26\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All SQLite users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/sqlite-3.32.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11656\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/sqlite\", unaffected:make_list(\"ge 3.32.3\"), vulnerable:make_list(\"lt 3.32.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SQLite\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:42:35", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1581 advisory.\n\n - sqlite: integer overflow in sqlite3_str_vappendf function in printf.c (CVE-2020-13434)\n\n - sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c (CVE-2020-15358)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "CentOS 8 : sqlite (CESA-2021:1581)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13434", "CVE-2020-15358"], "modified": "2021-06-02T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:lemon", "p-cpe:/a:centos:centos:sqlite", "p-cpe:/a:centos:centos:sqlite-devel", "p-cpe:/a:centos:centos:sqlite-doc", "p-cpe:/a:centos:centos:sqlite-libs"], "id": "CENTOS8_RHSA-2021-1581.NASL", "href": "https://www.tenable.com/plugins/nessus/149732", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:1581. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149732);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/02\");\n\n script_cve_id(\"CVE-2020-13434\", \"CVE-2020-15358\");\n script_xref(name:\"RHSA\", value:\"2021:1581\");\n\n script_name(english:\"CentOS 8 : sqlite (CESA-2021:1581)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:1581 advisory.\n\n - sqlite: integer overflow in sqlite3_str_vappendf function in printf.c (CVE-2020-13434)\n\n - sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener\n optimization in select.c (CVE-2020-15358)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1581\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15358\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sqlite-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sqlite-libs\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'lemon-3.26.0-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lemon-3.26.0-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-doc-3.26.0-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-doc-3.26.0-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lemon / sqlite / sqlite-devel / sqlite-doc / sqlite-libs');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:41:37", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1581 advisory.\n\n - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. (CVE-2020-13434)\n\n - In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. (CVE-2020-15358)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-26T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : sqlite (ELSA-2021-1581)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13434", "CVE-2020-15358"], "modified": "2021-05-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:lemon", "p-cpe:/a:oracle:linux:sqlite", "p-cpe:/a:oracle:linux:sqlite-devel", "p-cpe:/a:oracle:linux:sqlite-doc", "p-cpe:/a:oracle:linux:sqlite-libs"], "id": "ORACLELINUX_ELSA-2021-1581.NASL", "href": "https://www.tenable.com/plugins/nessus/149928", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-1581.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149928);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/26\");\n\n script_cve_id(\"CVE-2020-13434\", \"CVE-2020-15358\");\n\n script_name(english:\"Oracle Linux 8 : sqlite (ELSA-2021-1581)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-1581 advisory.\n\n - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. (CVE-2020-13434)\n\n - In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy\n heap overflow because of misuse of transitive properties for constant propagation. (CVE-2020-15358)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-1581.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15358\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sqlite-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sqlite-libs\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'lemon-3.26.0-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lemon-3.26.0-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-13.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-13.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-doc-3.26.0-13.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-13.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lemon / sqlite / sqlite-devel / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:39:10", "description": "According to the versions of the sqlite packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.(CVE-2020-13434)\n\n - In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.(CVE-2020-15358)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-28T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1908)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13434", "CVE-2020-15358"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sqlite", "p-cpe:/a:huawei:euleros:sqlite-libs", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-1908.NASL", "href": "https://www.tenable.com/plugins/nessus/140011", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140011);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2020-13434\", \"CVE-2020-15358\");\n script_xref(name:\"IAVA\", value:\"2020-A-0358-S\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1908)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the sqlite packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - SQLite through 3.32.0 has an integer overflow in\n sqlite3_str_vappendf in printf.c.(CVE-2020-13434)\n\n - In SQLite before 3.32.3, select.c mishandles\n query-flattener optimization, leading to a\n multiSelectOrderBy heap overflow because of misuse of\n transitive properties for constant\n propagation.(CVE-2020-15358)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1908\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f30c71e1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sqlite packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sqlite-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"sqlite-3.24.0-2.h17.eulerosv2r8\",\n \"sqlite-libs-3.24.0-2.h17.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sqlite\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:41:55", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1581 advisory.\n\n - sqlite: integer overflow in sqlite3_str_vappendf function in printf.c (CVE-2020-13434)\n\n - sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c (CVE-2020-15358)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "RHEL 8 : sqlite (RHSA-2021:1581)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13434", "CVE-2020-15358"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:lemon", "p-cpe:/a:redhat:enterprise_linux:sqlite", "p-cpe:/a:redhat:enterprise_linux:sqlite-devel", "p-cpe:/a:redhat:enterprise_linux:sqlite-doc", "p-cpe:/a:redhat:enterprise_linux:sqlite-libs"], "id": "REDHAT-RHSA-2021-1581.NASL", "href": "https://www.tenable.com/plugins/nessus/149677", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1581. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149677);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-13434\", \"CVE-2020-15358\");\n script_xref(name:\"RHSA\", value:\"2021:1581\");\n\n script_name(english:\"RHEL 8 : sqlite (RHSA-2021:1581)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1581 advisory.\n\n - sqlite: integer overflow in sqlite3_str_vappendf function in printf.c (CVE-2020-13434)\n\n - sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener\n optimization in select.c (CVE-2020-15358)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1841223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1851957\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15358\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sqlite-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sqlite-libs\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'lemon-3.26.0-13.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-13.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-13.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-doc-3.26.0-13.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-13.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'lemon-3.26.0-13.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-13.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-13.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-doc-3.26.0-13.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-13.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'lemon-3.26.0-13.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-13.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-13.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-doc-3.26.0-13.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-13.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lemon / sqlite / sqlite-devel / sqlite-doc / sqlite-libs');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T00:31:05", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has sqlite packages installed that are affected by multiple vulnerabilities:\n\n - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. (CVE-2020-13434)\n\n - In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. (CVE-2020-15358)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : sqlite Multiple Vulnerabilities (NS-SA-2022-0052)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13434", "CVE-2020-15358"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:lemon", "p-cpe:/a:zte:cgsl_main:lemon-debuginfo", "p-cpe:/a:zte:cgsl_main:sqlite", "p-cpe:/a:zte:cgsl_main:sqlite-analyzer", "p-cpe:/a:zte:cgsl_main:sqlite-analyzer-debuginfo", "p-cpe:/a:zte:cgsl_main:sqlite-debuginfo", "p-cpe:/a:zte:cgsl_main:sqlite-debugsource", "p-cpe:/a:zte:cgsl_main:sqlite-devel", "p-cpe:/a:zte:cgsl_main:sqlite-doc", "p-cpe:/a:zte:cgsl_main:sqlite-libs", "p-cpe:/a:zte:cgsl_main:sqlite-libs-debuginfo", "p-cpe:/a:zte:cgsl_main:sqlite-tcl", "p-cpe:/a:zte:cgsl_main:sqlite-tcl-debuginfo", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0052_SQLITE.NASL", "href": "https://www.tenable.com/plugins/nessus/160749", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0052. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160749);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2020-13434\", \"CVE-2020-15358\");\n script_xref(name:\"IAVA\", value:\"2020-A-0358-S\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : sqlite Multiple Vulnerabilities (NS-SA-2022-0052)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has sqlite packages installed that are affected by multiple\nvulnerabilities:\n\n - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. (CVE-2020-13434)\n\n - In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy\n heap overflow because of misuse of transitive properties for constant propagation. (CVE-2020-15358)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0052\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-13434\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-15358\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL sqlite packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15358\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:lemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:sqlite-analyzer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:sqlite-analyzer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:sqlite-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:sqlite-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:sqlite-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:sqlite-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:sqlite-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:sqlite-tcl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'lemon-3.26.0-13.el8',\n 'lemon-debuginfo-3.26.0-13.el8',\n 'sqlite-3.26.0-13.el8',\n 'sqlite-analyzer-3.26.0-13.el8',\n 'sqlite-analyzer-debuginfo-3.26.0-13.el8',\n 'sqlite-debuginfo-3.26.0-13.el8',\n 'sqlite-debugsource-3.26.0-13.el8',\n 'sqlite-devel-3.26.0-13.el8',\n 'sqlite-doc-3.26.0-13.el8',\n 'sqlite-libs-3.26.0-13.el8',\n 'sqlite-libs-debuginfo-3.26.0-13.el8',\n 'sqlite-tcl-3.26.0-13.el8',\n 'sqlite-tcl-debuginfo-3.26.0-13.el8'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'sqlite');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T04:39:37", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1581 advisory.\n\n - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. (CVE-2020-13434)\n\n - In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. (CVE-2020-15358)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : sqlite (ALSA-2021:1581)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13434", "CVE-2020-15358"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:sqlite", "p-cpe:/a:alma:linux:sqlite-devel", "p-cpe:/a:alma:linux:sqlite-doc", "p-cpe:/a:alma:linux:sqlite-libs", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-1581.NASL", "href": "https://www.tenable.com/plugins/nessus/157651", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:1581.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157651);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2020-13434\", \"CVE-2020-15358\");\n script_xref(name:\"ALSA\", value:\"2021:1581\");\n script_xref(name:\"IAVA\", value:\"2020-A-0358-S\");\n\n script_name(english:\"AlmaLinux 8 : sqlite (ALSA-2021:1581)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:1581 advisory.\n\n - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. (CVE-2020-13434)\n\n - In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy\n heap overflow because of misuse of transitive properties for constant propagation. (CVE-2020-15358)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-1581.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15358\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:sqlite-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:sqlite-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'sqlite-3.26.0-13.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-13.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-doc-3.26.0-13.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-13.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'sqlite / sqlite-devel / sqlite-doc / sqlite-libs');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:52:14", "description": "According to the versions of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.(CVE-2020-13435)\n\n - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.(CVE-2020-13434)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : sqlite (EulerOS-SA-2020-2453)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13434", "CVE-2020-13435"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sqlite", "p-cpe:/a:huawei:euleros:sqlite-devel", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2020-2453.NASL", "href": "https://www.tenable.com/plugins/nessus/142554", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142554);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-13434\",\n \"CVE-2020-13435\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : sqlite (EulerOS-SA-2020-2453)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the sqlite packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - SQLite through 3.32.0 has a segmentation fault in\n sqlite3ExprCodeTarget in expr.c.(CVE-2020-13435)\n\n - SQLite through 3.32.0 has an integer overflow in\n sqlite3_str_vappendf in printf.c.(CVE-2020-13434)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2453\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9fd20f71\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sqlite packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"sqlite-3.7.17-8.h10.eulerosv2r7\",\n \"sqlite-devel-3.7.17-8.h10.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sqlite\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-30T14:53:55", "description": "According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.(CVE-2020-13435)\n\n - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.(CVE-2020-13434)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : sqlite (EulerOS-SA-2020-1930)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13434", "CVE-2020-13435"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sqlite", "p-cpe:/a:huawei:euleros:sqlite-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1930.NASL", "href": "https://www.tenable.com/plugins/nessus/140151", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140151);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-13434\",\n \"CVE-2020-13435\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : sqlite (EulerOS-SA-2020-1930)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the sqlite packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - SQLite through 3.32.0 has a segmentation fault in\n sqlite3ExprCodeTarget in expr.c.(CVE-2020-13435)\n\n - SQLite through 3.32.0 has an integer overflow in\n sqlite3_str_vappendf in printf.c.(CVE-2020-13434)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1930\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5c205dec\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sqlite packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"sqlite-3.7.17-8.h10.eulerosv2r7\",\n \"sqlite-devel-3.7.17-8.h10.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sqlite\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:49:41", "description": "According to the versions of the sqlite package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - A NULL pointer dereference flaw was found in SQLite when rewriting select statements for window functions.\n This flaw allows an attacker who can execute SQL statements, to crash the application, resulting in a denial of service.(CVE-2020-13435)\n\n - An integer overflow flaw was found in the SQLite implementation of the printf() function. This flaw allows an attacker who can control the precision of floating-point conversions, to crash the application, resulting in a denial of service.(CVE-2020-13434)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-08T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : sqlite (EulerOS-SA-2020-1987)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13434", "CVE-2020-13435"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sqlite", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1987.NASL", "href": "https://www.tenable.com/plugins/nessus/140357", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140357);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-13434\",\n \"CVE-2020-13435\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : sqlite (EulerOS-SA-2020-1987)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the sqlite package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - A NULL pointer dereference flaw was found in SQLite\n when rewriting select statements for window functions.\n This flaw allows an attacker who can execute SQL\n statements, to crash the application, resulting in a\n denial of service.(CVE-2020-13435)\n\n - An integer overflow flaw was found in the SQLite\n implementation of the printf() function. This flaw\n allows an attacker who can control the precision of\n floating-point conversions, to crash the application,\n resulting in a denial of service.(CVE-2020-13434)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1987\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ac0781bb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sqlite packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"sqlite-3.7.17-8.h10\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sqlite\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T14:43:54", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1968 advisory.\n\n - sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c (CVE-2019-16168)\n\n - sqlite: integer overflow in sqlite3_str_vappendf function in printf.c (CVE-2020-13434)\n\n - sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c (CVE-2020-13630)\n\n - sqlite: Virtual table can be renamed into the name of one of its shadow tables (CVE-2020-13631)\n\n - sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query (CVE-2020-13632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "CentOS 8 : mingw packages (CESA-2021:1968)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16168", "CVE-2020-13434", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632"], "modified": "2021-06-02T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:mingw-binutils-generic", "p-cpe:/a:centos:centos:mingw-filesystem-base", "p-cpe:/a:centos:centos:mingw32-binutils", "p-cpe:/a:centos:centos:mingw32-bzip2", "p-cpe:/a:centos:centos:mingw32-bzip2-static", "p-cpe:/a:centos:centos:mingw32-filesystem", "p-cpe:/a:centos:centos:mingw32-sqlite", "p-cpe:/a:centos:centos:mingw32-sqlite-static", "p-cpe:/a:centos:centos:mingw64-binutils", "p-cpe:/a:centos:centos:mingw64-bzip2", "p-cpe:/a:centos:centos:mingw64-bzip2-static", "p-cpe:/a:centos:centos:mingw64-filesystem", "p-cpe:/a:centos:centos:mingw64-sqlite", "p-cpe:/a:centos:centos:mingw64-sqlite-static"], "id": "CENTOS8_RHSA-2021-1968.NASL", "href": "https://www.tenable.com/plugins/nessus/149744", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:1968. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149744);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/02\");\n\n script_cve_id(\n \"CVE-2019-16168\",\n \"CVE-2020-13434\",\n \"CVE-2020-13630\",\n \"CVE-2020-13631\",\n \"CVE-2020-13632\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1968\");\n\n script_name(english:\"CentOS 8 : mingw packages (CESA-2021:1968)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:1968 advisory.\n\n - sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c (CVE-2019-16168)\n\n - sqlite: integer overflow in sqlite3_str_vappendf function in printf.c (CVE-2020-13434)\n\n - sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c (CVE-2020-13630)\n\n - sqlite: Virtual table can be renamed into the name of one of its shadow tables (CVE-2020-13631)\n\n - sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query\n (CVE-2020-13632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1968\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13630\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mingw-binutils-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mingw-filesystem-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mingw32-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mingw32-bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mingw32-bzip2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mingw32-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mingw32-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mingw32-sqlite-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mingw64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mingw64-bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mingw64-bzip2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mingw64-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mingw64-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mingw64-sqlite-static\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'mingw-binutils-generic-2.30-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw-binutils-generic-2.30-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw-filesystem-base-104-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw-filesystem-base-104-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-binutils-2.30-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-binutils-2.30-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-bzip2-1.0.6-14.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-bzip2-1.0.6-14.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-bzip2-static-1.0.6-14.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-bzip2-static-1.0.6-14.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-filesystem-104-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-filesystem-104-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-sqlite-3.26.0.0-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-sqlite-3.26.0.0-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-sqlite-static-3.26.0.0-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-sqlite-static-3.26.0.0-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-binutils-2.30-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-binutils-2.30-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-bzip2-1.0.6-14.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-bzip2-1.0.6-14.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-bzip2-static-1.0.6-14.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-bzip2-static-1.0.6-14.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-filesystem-104-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-filesystem-104-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-sqlite-3.26.0.0-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-sqlite-3.26.0.0-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-sqlite-static-3.26.0.0-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-sqlite-static-3.26.0.0-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mingw-binutils-generic / mingw-filesystem-base / mingw32-binutils / etc');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T18:37:29", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1968 advisory.\n\n - In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a severe division by zero in the query planner. (CVE-2019-16168)\n\n - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. (CVE-2020-13434)\n\n - ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. (CVE-2020-13630)\n\n - SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. (CVE-2020-13631)\n\n - ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. (CVE-2020-13632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : mingw packages (ALSA-2021:1968)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16168", "CVE-2020-13434", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:mingw-binutils-generic", "p-cpe:/a:alma:linux:mingw-filesystem-base", "p-cpe:/a:alma:linux:mingw32-binutils", "p-cpe:/a:alma:linux:mingw32-bzip2", "p-cpe:/a:alma:linux:mingw32-bzip2-static", "p-cpe:/a:alma:linux:mingw32-filesystem", "p-cpe:/a:alma:linux:mingw32-sqlite", "p-cpe:/a:alma:linux:mingw32-sqlite-static", "p-cpe:/a:alma:linux:mingw64-binutils", "p-cpe:/a:alma:linux:mingw64-bzip2", "p-cpe:/a:alma:linux:mingw64-bzip2-static", "p-cpe:/a:alma:linux:mingw64-filesystem", "p-cpe:/a:alma:linux:mingw64-sqlite", "p-cpe:/a:alma:linux:mingw64-sqlite-static", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-1968.NASL", "href": "https://www.tenable.com/plugins/nessus/157470", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:1968.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157470);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\n \"CVE-2019-16168\",\n \"CVE-2020-13434\",\n \"CVE-2020-13630\",\n \"CVE-2020-13631\",\n \"CVE-2020-13632\"\n );\n script_xref(name:\"ALSA\", value:\"2021:1968\");\n script_xref(name:\"IAVA\", value:\"2020-A-0021-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0358-S\");\n\n script_name(english:\"AlmaLinux 8 : mingw packages (ALSA-2021:1968)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:1968 advisory.\n\n - In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application\n because of missing validation of a sqlite_stat1 sz field, aka a severe division by zero in the query\n planner. (CVE-2019-16168)\n\n - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. (CVE-2020-13434)\n\n - ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet\n feature. (CVE-2020-13630)\n\n - SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related\n to alter.c and build.c. (CVE-2020-13631)\n\n - ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo()\n query. (CVE-2020-13632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-1968.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13630\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mingw-binutils-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mingw-filesystem-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mingw32-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mingw32-bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mingw32-bzip2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mingw32-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mingw32-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mingw32-sqlite-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mingw64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mingw64-bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mingw64-bzip2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mingw64-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mingw64-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mingw64-sqlite-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'mingw-binutils-generic-2.30-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw-filesystem-base-104-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-binutils-2.30-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-bzip2-1.0.6-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-bzip2-static-1.0.6-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-filesystem-104-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-sqlite-3.26.0.0-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-sqlite-static-3.26.0.0-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-binutils-2.30-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-bzip2-1.0.6-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-bzip2-static-1.0.6-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-filesystem-104-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-sqlite-3.26.0.0-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-sqlite-static-3.26.0.0-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mingw-binutils-generic / mingw-filesystem-base / mingw32-binutils / etc');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:43:36", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1968 advisory.\n\n - sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c (CVE-2019-16168)\n\n - sqlite: integer overflow in sqlite3_str_vappendf function in printf.c (CVE-2020-13434)\n\n - sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c (CVE-2020-13630)\n\n - sqlite: Virtual table can be renamed into the name of one of its shadow tables (CVE-2020-13631)\n\n - sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query (CVE-2020-13632)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "RHEL 8 : mingw packages (RHSA-2021:1968)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16168", "CVE-2020-13434", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:mingw-binutils-generic", "p-cpe:/a:redhat:enterprise_linux:mingw-filesystem-base", "p-cpe:/a:redhat:enterprise_linux:mingw32-binutils", "p-cpe:/a:redhat:enterprise_linux:mingw32-bzip2", "p-cpe:/a:redhat:enterprise_linux:mingw32-bzip2-static", "p-cpe:/a:redhat:enterprise_linux:mingw32-filesystem", "p-cpe:/a:redhat:enterprise_linux:mingw32-sqlite", "p-cpe:/a:redhat:enterprise_linux:mingw32-sqlite-static", "p-cpe:/a:redhat:enterprise_linux:mingw64-binutils", "p-cpe:/a:redhat:enterprise_linux:mingw64-bzip2", "p-cpe:/a:redhat:enterprise_linux:mingw64-bzip2-static", "p-cpe:/a:redhat:enterprise_linux:mingw64-filesystem", "p-cpe:/a:redhat:enterprise_linux:mingw64-sqlite", "p-cpe:/a:redhat:enterprise_linux:mingw64-sqlite-static"], "id": "REDHAT-RHSA-2021-1968.NASL", "href": "https://www.tenable.com/plugins/nessus/149666", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1968. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149666);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-16168\",\n \"CVE-2020-13434\",\n \"CVE-2020-13630\",\n \"CVE-2020-13631\",\n \"CVE-2020-13632\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1968\");\n script_xref(name:\"IAVA\", value:\"2020-A-0021-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0358-S\");\n\n script_name(english:\"RHEL 8 : mingw packages (RHSA-2021:1968)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1968 advisory.\n\n - sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c (CVE-2019-16168)\n\n - sqlite: integer overflow in sqlite3_str_vappendf function in printf.c (CVE-2020-13434)\n\n - sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c (CVE-2020-13630)\n\n - sqlite: Virtual table can be renamed into the name of one of its shadow tables (CVE-2020-13631)\n\n - sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query\n (CVE-2020-13632)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1768986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1841223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1841562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1841568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1841574\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13630\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 121, 190, 369, 416, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mingw-binutils-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mingw-filesystem-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mingw32-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mingw32-bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mingw32-bzip2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mingw32-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mingw32-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mingw32-sqlite-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mingw64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mingw64-bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mingw64-bzip2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mingw64-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mingw64-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mingw64-sqlite-static\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_c