DATABASE RESOURCES PRICING ABOUT US

{"id": "APPLE:HT211293", "bulletinFamily": "software", "title": "About the security content of iTunes 12.10.8 for Windows - Apple Support", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iTunes 12.10.8 for Windows\n\nReleased July 30, 2020\n\n**CoreGraphics**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added September 21, 2020, updated December 15, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Windows 7 and later\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n", "published": "2020-12-15T05:45:32", "modified": "2020-12-15T05:45:32", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://support.apple.com/kb/HT211293 ", "reporter": "Apple", "references": [], "cvelist": ["CVE-2020-9871", "CVE-2020-9874", "CVE-2020-11761", "CVE-2020-9862", "CVE-2020-9883", "CVE-2020-9984", "CVE-2020-9894", "CVE-2020-11763", "CVE-2020-11765", "CVE-2020-9876", "CVE-2020-9875", "CVE-2020-9910", "CVE-2020-9925", "CVE-2020-9895", "CVE-2020-9938", "CVE-2020-9916", "CVE-2020-9877", "CVE-2020-9919", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-9879", "CVE-2020-9893", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-9915", "CVE-2020-11762", "CVE-2020-9936", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9937"], "type": "apple", "lastseen": "2020-12-24T20:41:46", "edition": 7, "viewCount": 98, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4451"]}, {"type": "amazon", "idList": ["ALAS2-2020-1499"]}, {"type": "apple", "idList": ["APPLE:0E1C386A7EBAE50F1A16EBD5FB86ED98", "APPLE:2B6F011ECD9EFE0F4D0983E7E6A91A15", "APPLE:362DE2664179C21B7B8FFF788120813E", "APPLE:3D7765FAAA5588336144E1B60D0B775E", "APPLE:47A6F4E1660238E39625B31A34F6CDF1", "APPLE:4CDA87B47F793E07ABCA7B9C9345521B", "APPLE:524576436C5FDCCC5080CD76C6051F20", "APPLE:717EB24E41379638A244FDCE287538E6", "APPLE:76759F30E38205B816379E57C5E5C4C3", "APPLE:7B414D7D6363796AB8F0EB89C5EEC383", "APPLE:914AF8F52D4AB5DC92631271089CEE87", "APPLE:9AAA600C4496E1F352EC9F07A8BDC39B", "APPLE:AA62A80C9E6F6992009BCCB45F9D570E", "APPLE:BF1622028DAB7FB7B0D91852357DB961", "APPLE:HT211288", "APPLE:HT211289", "APPLE:HT211290", "APPLE:HT211291", "APPLE:HT211292", "APPLE:HT211294", "APPLE:HT211295", "APPLE:HT211843", "APPLE:HT211844", "APPLE:HT211850", "APPLE:HT211931", "APPLE:HT211935", "APPLE:HT211952"]}, {"type": "centos", "idList": ["CESA-2020:4039"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:4AEB9642322F59DD0FC7546535E6E115"]}, {"type": "cve", "idList": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-9862", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9879", "CVE-2020-9883", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9910", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9919", "CVE-2020-9925", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9984"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2358-1:F7DB9", "DEBIAN:DSA-4739-1:5AEC6", "DEBIAN:DSA-4739-1:90328", "DEBIAN:DSA-4755-1:22E9E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-11758", "DEBIANCVE:CVE-2020-11759", "DEBIANCVE:CVE-2020-11760", "DEBIANCVE:CVE-2020-11761", "DEBIANCVE:CVE-2020-11762", "DEBIANCVE:CVE-2020-11763", "DEBIANCVE:CVE-2020-11764", "DEBIANCVE:CVE-2020-11765", "DEBIANCVE:CVE-2020-9862", "DEBIANCVE:CVE-2020-9893", "DEBIANCVE:CVE-2020-9894", "DEBIANCVE:CVE-2020-9895", "DEBIANCVE:CVE-2020-9915", "DEBIANCVE:CVE-2020-9925"]}, {"type": "fedora", "idList": ["FEDORA:03034610C904", "FEDORA:9F70F610C901", "FEDORA:A56F0309448D", "FEDORA:CBE8E30B452C"]}, {"type": "gentoo", "idList": ["GLSA-202007-61", "GLSA-202107-27"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:37BA7BA880E3167EF2FF653967274013", "GOOGLEPROJECTZERO:82BC34EA810EB3C377CA67B9E6698CC2", "GOOGLEPROJECTZERO:8D97E6A853D0492A3F60FD23D695FB73", "GOOGLEPROJECTZERO:91800FF4B3B97E581EBEE3342DED86A5"]}, {"type": "kaspersky", "idList": ["KLA11926", "KLA12007"]}, {"type": "mageia", "idList": ["MGASA-2020-0189"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1499.NASL", "ALMA_LINUX_ALSA-2020-4451.NASL", "APPLE_IOS_136_CHECK.NBIN", "CENTOS8_RHSA-2020-4451.NASL", "CENTOS_RHSA-2020-4039.NASL", "DEBIAN_DLA-2358.NASL", "DEBIAN_DSA-4739.NASL", "DEBIAN_DSA-4755.NASL", "EULEROS_SA-2020-2261.NASL", "EULEROS_SA-2021-1335.NASL", "EULEROS_SA-2021-1822.NASL", "FEDORA_2020-24B936A870.NASL", "FEDORA_2020-A496A39B00.NASL", "GENTOO_GLSA-202007-61.NASL", "GENTOO_GLSA-202107-27.NASL", "MACOS_HT211289.NASL", "MACOS_HT211931.NASL", "NEWSTART_CGSL_NS-SA-2021-0031_OPENEXR.NASL", "NEWSTART_CGSL_NS-SA-2021-0059_WEBKIT2GTK3.NASL", "NEWSTART_CGSL_NS-SA-2021-0149_OPENEXR.NASL", "OPENSUSE-2020-1256.NASL", "OPENSUSE-2020-1275.NASL", "OPENSUSE-2020-682.NASL", "ORACLELINUX_ELSA-2020-4039.NASL", "ORACLELINUX_ELSA-2020-4451.NASL", "REDHAT-RHSA-2020-4039.NASL", "REDHAT-RHSA-2020-4451.NASL", "SL_20201001_OPENEXR_ON_SL7_X.NASL", "SUSE_SU-2020-1292-1.NASL", "SUSE_SU-2020-1293-1.NASL", "SUSE_SU-2020-2198-1.NASL", "SUSE_SU-2020-2199-1.NASL", "SUSE_SU-2020-2232-1.NASL", "UBUNTU_USN-4339-1.NASL", "UBUNTU_USN-4444-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844403", "OPENVAS:1361412562310853164", "OPENVAS:1361412562310877847", "OPENVAS:1361412562310877857"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4039", "ELSA-2020-4451"]}, {"type": "osv", "idList": ["OSV:DLA-2358-1", "OSV:DSA-4739-1", "OSV:DSA-4755-1"]}, {"type": "redhat", "idList": ["RHSA-2020:4039", "RHSA-2020:4451", "RHSA-2020:5605", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:0050", "RHSA-2021:0190", "RHSA-2021:0436", "RHSA-2021:0799", "RHSA-2022:0056", "RHSA-2022:5924"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-11758", "RH:CVE-2020-11759", "RH:CVE-2020-11760", "RH:CVE-2020-11761", "RH:CVE-2020-11762", "RH:CVE-2020-11763", "RH:CVE-2020-11764", "RH:CVE-2020-11765", "RH:CVE-2020-9862", "RH:CVE-2020-9893", "RH:CVE-2020-9894", "RH:CVE-2020-9895", "RH:CVE-2020-9915", "RH:CVE-2020-9925"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0682-1", "OPENSUSE-SU-2020:1256-1", "OPENSUSE-SU-2020:1275-1"]}, {"type": "ubuntu", "idList": ["USN-4339-1", "USN-4444-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-11758", "UB:CVE-2020-11759", "UB:CVE-2020-11760", "UB:CVE-2020-11761", "UB:CVE-2020-11762", "UB:CVE-2020-11763", "UB:CVE-2020-11764", "UB:CVE-2020-11765", "UB:CVE-2020-9862", "UB:CVE-2020-9893", "UB:CVE-2020-9894", "UB:CVE-2020-9895", "UB:CVE-2020-9915", "UB:CVE-2020-9925"]}, {"type": "veracode", "idList": ["VERACODE:26086", "VERACODE:26087", "VERACODE:26090", "VERACODE:26097", "VERACODE:26235", "VERACODE:26239", "VERACODE:27290", "VERACODE:27291", "VERACODE:27292", "VERACODE:28450", "VERACODE:28451", "VERACODE:28452", "VERACODE:28453", "VERACODE:28454"]}, {"type": "zdi", "idList": ["ZDI-20-1183", "ZDI-20-1185", "ZDI-20-1238", "ZDI-20-1389", "ZDI-20-907", "ZDI-20-909", "ZDI-20-910", "ZDI-20-938"]}, {"type": "zdt", "idList": ["1337DAY-ID-34832"]}]}, "score": {"value": 0.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4451"]}, {"type": "amazon", "idList": ["ALAS2-2020-1499"]}, {"type": "apple", "idList": ["APPLE:19A63C47EA3BFF8CED013B9043649734", "APPLE:7B414D7D6363796AB8F0EB89C5EEC383", "APPLE:9AAA600C4496E1F352EC9F07A8BDC39B", "APPLE:HT211288", "APPLE:HT211290", "APPLE:HT211291", "APPLE:HT211292", "APPLE:HT211931", "APPLE:HT211952"]}, {"type": "centos", "idList": ["CESA-2020:4039"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:4AEB9642322F59DD0FC7546535E6E115"]}, {"type": "cve", "idList": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4739-1:5AEC6"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-11758", "DEBIANCVE:CVE-2020-11759", "DEBIANCVE:CVE-2020-11760", "DEBIANCVE:CVE-2020-11761", "DEBIANCVE:CVE-2020-11762", "DEBIANCVE:CVE-2020-11763", "DEBIANCVE:CVE-2020-11764", "DEBIANCVE:CVE-2020-11765"]}, {"type": "fedora", "idList": ["FEDORA:03034610C904", "FEDORA:9F70F610C901", "FEDORA:A56F0309448D", "FEDORA:CBE8E30B452C"]}, {"type": "gentoo", "idList": ["GLSA-202007-61"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:37BA7BA880E3167EF2FF653967274013", "GOOGLEPROJECTZERO:82BC34EA810EB3C377CA67B9E6698CC2", "GOOGLEPROJECTZERO:8D97E6A853D0492A3F60FD23D695FB73", "GOOGLEPROJECTZERO:91800FF4B3B97E581EBEE3342DED86A5"]}, {"type": "kaspersky", "idList": ["KLA11926"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/APPLE-ITUNES-CVE-2020-11758/", "MSF:ILITIES/CENTOS_LINUX-CVE-2020-11763/"]}, {"type": "nessus", "idList": ["OPENSUSE-2020-682.NASL", "ORACLELINUX_ELSA-2020-4039.NASL", "ORACLELINUX_ELSA-2020-4451.NASL", "SUSE_SU-2020-1292-1.NASL", "SUSE_SU-2020-1293-1.NASL", "UBUNTU_USN-4339-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844403", "OPENVAS:1361412562310853164", "OPENVAS:1361412562310877847", "OPENVAS:1361412562310877857"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4039", "ELSA-2020-4451"]}, {"type": "redhat", "idList": ["RHSA-2020:4039"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-11758", "RH:CVE-2020-11759", "RH:CVE-2020-11760", "RH:CVE-2020-11761", "RH:CVE-2020-11762", "RH:CVE-2020-11763", "RH:CVE-2020-11764", "RH:CVE-2020-11765", "RH:CVE-2020-9862", "RH:CVE-2020-9893", "RH:CVE-2020-9894", "RH:CVE-2020-9895", "RH:CVE-2020-9915", "RH:CVE-2020-9925"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0682-1"]}, {"type": "ubuntu", "idList": ["USN-4339-1", "USN-4444-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-11758", "UB:CVE-2020-11759", "UB:CVE-2020-11760", "UB:CVE-2020-11761", "UB:CVE-2020-11762", "UB:CVE-2020-11763", "UB:CVE-2020-11764", "UB:CVE-2020-11765", "UB:CVE-2020-9862", "UB:CVE-2020-9893", "UB:CVE-2020-9894", "UB:CVE-2020-9895", "UB:CVE-2020-9915", "UB:CVE-2020-9925"]}, {"type": "zdi", "idList": ["ZDI-20-1238", "ZDI-20-907", "ZDI-20-909", "ZDI-20-910"]}, {"type": "zdt", "idList": ["1337DAY-ID-34832"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "itunes", "version": 12}]}, "epss": [{"cve": "CVE-2020-9871", "epss": "0.001050000", "percentile": "0.411230000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9874", "epss": "0.001050000", "percentile": "0.411230000", "modified": "2023-03-20"}, {"cve": "CVE-2020-11761", "epss": "0.000810000", "percentile": "0.329410000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9862", "epss": "0.001120000", "percentile": "0.428500000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9883", "epss": "0.000950000", "percentile": "0.385370000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9984", "epss": "0.000820000", "percentile": "0.332220000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9894", "epss": "0.003520000", "percentile": "0.674990000", "modified": "2023-03-19"}, {"cve": "CVE-2020-11763", "epss": "0.000810000", "percentile": "0.329410000", "modified": "2023-03-19"}, {"cve": "CVE-2020-11765", "epss": "0.000810000", "percentile": "0.329410000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9876", "epss": "0.001080000", "percentile": "0.420880000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9875", "epss": "0.001130000", "percentile": "0.431270000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9910", "epss": "0.003560000", "percentile": "0.676670000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9925", "epss": "0.002770000", "percentile": "0.632050000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9895", "epss": "0.016420000", "percentile": "0.855930000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9938", "epss": "0.000820000", "percentile": "0.332220000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9916", "epss": "0.001880000", "percentile": "0.545030000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9877", "epss": "0.000820000", "percentile": "0.332220000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9919", "epss": "0.001100000", "percentile": "0.424000000", "modified": "2023-03-20"}, {"cve": "CVE-2020-11758", "epss": "0.000810000", "percentile": "0.329410000", "modified": "2023-03-19"}, {"cve": "CVE-2020-11760", "epss": "0.000810000", "percentile": "0.329410000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9879", "epss": "0.001050000", "percentile": "0.411230000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9893", "epss": "0.008380000", "percentile": "0.794880000", "modified": "2023-03-19"}, {"cve": "CVE-2020-11759", "epss": "0.000860000", "percentile": "0.347170000", "modified": "2023-03-19"}, {"cve": "CVE-2020-11764", "epss": "0.000860000", "percentile": "0.347170000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9915", "epss": "0.002690000", "percentile": "0.627090000", "modified": "2023-03-19"}, {"cve": "CVE-2020-11762", "epss": "0.000810000", "percentile": "0.329410000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9936", "epss": "0.001330000", "percentile": "0.466320000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9872", "epss": "0.001050000", "percentile": "0.411230000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9873", "epss": "0.000820000", "percentile": "0.332220000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9937", "epss": "0.001050000", "percentile": "0.411230000", "modified": "2023-03-20"}], "vulnersScore": 0.6}, "affectedSoftware": [{"name": "itunes", "operator": "lt", "version": "12.10.8"}], "scheme": null, "immutableFields": [], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "_state": {"dependencies": 1659994789, "score": 1698853730, "affected_software_major_version": 1666695388, "epss": 1679323282}, "_internal": {"score_hash": "debb319caec2d570b8e3bf279f198652"}}

{"apple": [{"lastseen": "2020-12-24T20:43:46", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iCloud for Windows 11.3\n\nReleased August 10, 2020\n\n**CoreGraphics**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added September 21, 2020, updated December 15, 2020\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T06:02:19", "title": "About the security content of iCloud for Windows 11.3 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9871", "CVE-2020-9874", "CVE-2020-11761", "CVE-2020-9862", "CVE-2020-9883", "CVE-2020-9984", "CVE-2020-9894", "CVE-2020-11763", "CVE-2020-11765", "CVE-2020-9876", "CVE-2020-9875", "CVE-2020-9910", "CVE-2020-9925", "CVE-2020-9895", "CVE-2020-9938", "CVE-2020-9916", "CVE-2020-9877", "CVE-2020-9919", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-9879", "CVE-2020-9893", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-9915", "CVE-2020-11762", "CVE-2020-9936", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9937"], "modified": "2020-12-15T06:02:19", "id": "APPLE:HT211294", "href": "https://support.apple.com/kb/HT211294 ", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:44:33", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iCloud for Windows 7.20\n\nReleased August 10, 2020\n\n**CoreGraphics**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added September 21, 2020, updated December 15, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Windows 7 and later\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T05:23:14", "title": "About the security content of iCloud for Windows 7.20 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9871", "CVE-2020-9874", "CVE-2020-11761", "CVE-2020-9862", "CVE-2020-9883", "CVE-2020-9984", "CVE-2020-9894", "CVE-2020-11763", "CVE-2020-11765", "CVE-2020-9876", "CVE-2020-9875", "CVE-2020-9910", "CVE-2020-9925", "CVE-2020-9895", "CVE-2020-9938", "CVE-2020-9916", "CVE-2020-9877", "CVE-2020-9919", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-9879", "CVE-2020-9893", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-9915", "CVE-2020-11762", "CVE-2020-9936", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9937"], "modified": "2020-12-15T05:23:14", "id": "APPLE:HT211295", "href": "https://support.apple.com/kb/HT211295", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T22:10:28", "description": "# About the security content of iCloud for Windows 11.3\n\nThis document describes the security content of iCloud for Windows 11.3.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iCloud for Windows 11.3\n\nReleased August 10, 2020\n\n**CoreGraphics**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added September 21, 2020, updated December 15, 2020\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27933: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\n**libxml2**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9926: Found by OSS-Fuzz\n\nEntry added March 16, 2021\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-Financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 02, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-10T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 11.3", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-27933", "CVE-2020-9862", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9879", "CVE-2020-9883", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9910", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9919", "CVE-2020-9925", "CVE-2020-9926", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9984"], "modified": "2020-08-10T00:00:00", "id": "APPLE:524576436C5FDCCC5080CD76C6051F20", "href": "https://support.apple.com/kb/HT211294", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T22:10:30", "description": "# About the security content of iCloud for Windows 7.20\n\nThis document describes the security content of iCloud for Windows 7.20.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iCloud for Windows 7.20\n\nReleased August 10, 2020\n\n**CoreGraphics**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added September 21, 2020, updated December 15, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27933: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9926: Found by OSS-Fuzz\n\nEntry added March 16, 2021\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Windows 7 and later\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-Financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 02, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-10T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 7.20", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-27933", "CVE-2020-9862", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9879", "CVE-2020-9883", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9910", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9919", "CVE-2020-9925", "CVE-2020-9926", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9984"], "modified": "2020-08-10T00:00:00", "id": "APPLE:AA62A80C9E6F6992009BCCB45F9D570E", "href": "https://support.apple.com/kb/HT211295", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T22:10:27", "description": "# About the security content of iTunes 12.10.8 for Windows\n\nThis document describes the security content of iTunes 12.10.8 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iTunes 12.10.8 for Windows\n\nReleased July 30, 2020\n\n**CoreGraphics**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added September 21, 2020, updated December 15, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27933: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9926: Found by OSS-Fuzz\n\nEntry added March 16, 2021\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Windows 7 and later\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-Financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 02, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-30T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.10.8 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-27933", "CVE-2020-9862", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9879", "CVE-2020-9883", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9910", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9919", "CVE-2020-9925", "CVE-2020-9926", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9984"], "modified": "2020-07-30T00:00:00", "id": "APPLE:717EB24E41379638A244FDCE287538E6", "href": "https://support.apple.com/kb/HT211293", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:42:02", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## tvOS 13.4.8\n\nReleased July 15, 2020\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro Zero Day Initiative\n\nCVE-2020-9889: Anonymous working with Trend Micro\u2019s Zero Day Initiative, JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9888: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9890: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9891: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**AVEVideoEncoder**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9907: 08Tc3wBB working with ZecOps\n\nEntry added July 28, 2020, updated August 31, 2020\n\n**CoreGraphics**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added July 28, 2020, updated December 15, 2020\n\n**Crash Reporter**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud\n\n**Crash Reporter**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9900: Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 10, 2020\n\n**FontParser**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added September 21, 2020, updated October 19, 2020\n\n**GeoServices**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to read sensitive location information\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.\n\n**iAP**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2020-9914: Andy Davis of NCC Group\n\nEntry updated July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\nEntry added July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry added July 28, 2020, updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added August 10, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9909: Brandon Azad of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9904: Tielei Wang of Pangu Lab\n\nEntry added July 28, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9863: Xinru Chi of Pangu Lab\n\nEntry updated August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed with improved state management.\n\nCVE-2020-9892: Andy Nguyen of Google\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9905: Raz Mashat (@RazMashat) of ZecOps\n\nEntry added August 31, 2020\n\n**Model I/O**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Model I/O**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9940: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate\n\nDescription: A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation.\n\nCVE-2020-9868: Brian Wolff of Asana\n\nEntry added July 28, 2020\n\n**sysdiagnose**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9901: Tim Michaud (@TimGMichaud) of Leviathan, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 10, 2020, updated August 31, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\nEntry updated July 28, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n**WebRTC**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker in a privileged network position may be able to cause heap corruption via a crafted SCTP stream\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-6514: Natalie Silvanovich of Google Project Zero\n\nEntry added September 21, 2020\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)\n\n\n\n## Additional recognition\n\n**CoreFoundation**\n\nWe would like to acknowledge Bobby Pelletier for their assistance.\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n", "edition": 12, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T05:58:45", "title": "About the security content of tvOS 13.4.8 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9871", "CVE-2020-9884", "CVE-2020-9889", "CVE-2020-9905", "CVE-2020-9868", "CVE-2020-9874", "CVE-2020-9907", "CVE-2020-11761", "CVE-2020-9933", "CVE-2020-9862", "CVE-2020-9883", "CVE-2020-9984", "CVE-2020-9904", "CVE-2020-9894", "CVE-2020-11763", "CVE-2020-9914", "CVE-2020-11765", "CVE-2020-9901", "CVE-2020-9891", "CVE-2020-9876", "CVE-2020-9875", "CVE-2020-9910", "CVE-2020-9925", "CVE-2020-9895", "CVE-2020-9938", "CVE-2020-9940", "CVE-2020-9888", "CVE-2020-9916", "CVE-2019-14899", "CVE-2020-9880", "CVE-2020-9877", "CVE-2020-9919", "CVE-2020-9865", "CVE-2020-11758", "CVE-2020-9863", "CVE-2020-6514", "CVE-2020-11760", "CVE-2020-9900", "CVE-2020-9879", "CVE-2020-9878", "CVE-2020-9893", "CVE-2020-9980", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-9915", "CVE-2020-11762", "CVE-2020-9936", "CVE-2020-9918", "CVE-2020-9902", "CVE-2020-9892", "CVE-2020-9909", "CVE-2020-9890", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9937"], "modified": "2020-12-15T05:58:45", "id": "APPLE:HT211290", "href": "https://support.apple.com/kb/HT211290", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T22:10:32", "description": "# About the security content of tvOS 13.4.8\n\nThis document describes the security content of tvOS 13.4.8.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## tvOS 13.4.8\n\nReleased July 15, 2020\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro Zero Day Initiative\n\nCVE-2020-9889: Anonymous working with Trend Micro\u2019s Zero Day Initiative, JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9888: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9890: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9891: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**AVEVideoEncoder**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9907: 08Tc3wBB working with ZecOps\n\nEntry added July 28, 2020, updated August 31, 2020\n\n**CoreGraphics**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added July 28, 2020, updated December 15, 2020\n\n**Crash Reporter**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud\n\n**Crash Reporter**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9900: Cees Elzinga, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 10, 2020, updated December 17, 2021 \n\n**FontParser**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added September 21, 2020, updated October 19, 2020\n\n**GeoServices**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to read sensitive location information\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.\n\n**iAP**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2020-9914: Andy Davis of NCC Group\n\nEntry updated July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27933: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\nEntry added July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry added July 28, 2020, updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added August 10, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9909: Brandon Azad of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9904: Tielei Wang of Pangu Lab\n\nEntry added July 28, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9863: Xinru Chi of Pangu Lab\n\nEntry updated August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed with improved state management.\n\nCVE-2020-9892: Andy Nguyen of Google\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9905: Raz Mashat (@RazMashat) of ZecOps\n\nEntry added August 31, 2020\n\n**libxml2**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9926: Found by OSS-Fuzz\n\nEntry added March 16, 2021\n\n**Model I/O**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Model I/O**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9940: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate\n\nDescription: A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation.\n\nCVE-2020-9868: Brian Wolff of Asana\n\nEntry added July 28, 2020\n\n**sysdiagnose**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9901: Tim Michaud (@TimGMichaud) of Leviathan, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 10, 2020, updated August 31, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\nEntry updated July 28, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n**WebRTC**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker in a privileged network position may be able to cause heap corruption via a crafted SCTP stream\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-6514: natashenka of Google Project Zero\n\nEntry added September 21, 2020\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)\n\n## Additional recognition\n\n**CoreFoundation**\n\nWe would like to acknowledge Bobby Pelletier for their assistance.\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-Financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-15T00:00:00", "type": "apple", "title": "About the security content of tvOS 13.4.8", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14899", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-27933", "CVE-2020-6514", "CVE-2020-9862", "CVE-2020-9863", "CVE-2020-9865", "CVE-2020-9868", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9878", "CVE-2020-9879", "CVE-2020-9880", "CVE-2020-9883", "CVE-2020-9884", "CVE-2020-9888", "CVE-2020-9889", "CVE-2020-9890", "CVE-2020-9891", "CVE-2020-9892", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9900", "CVE-2020-9901", "CVE-2020-9902", "CVE-2020-9904", "CVE-2020-9905", "CVE-2020-9907", "CVE-2020-9909", "CVE-2020-9910", "CVE-2020-9914", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9918", "CVE-2020-9919", "CVE-2020-9925", "CVE-2020-9926", "CVE-2020-9933", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9940", "CVE-2020-9980", "CVE-2020-9984"], "modified": "2020-07-15T00:00:00", "id": "APPLE:2B6F011ECD9EFE0F4D0983E7E6A91A15", "href": "https://support.apple.com/kb/HT211290", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T22:10:33", "description": "# About the security content of watchOS 6.2.8\n\nThis document describes the security content of watchOS 6.2.8.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## watchOS 6.2.8\n\nReleased July 15, 2020\n\n**Audio**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro Zero Day Initiative\n\nCVE-2020-9889: Anonymous working with Trend Micro\u2019s Zero Day Initiative, JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**Audio**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9888: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9890: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9891: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**CoreGraphics**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added July 28, 2020, updated December 15, 2020\n\n**Crash Reporter**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud\n\n**Crash Reporter**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9900: Cees Elzinga, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 10, 2020, updated December 17, 2021 \n\n**FontParser**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added September 21, 2020, updated October 19, 2020\n\n**GeoServices**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to read sensitive location information\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27933: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\nEntry added July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry added July 28, 2020, updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added August 10, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9923: Proteas\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9909: Brandon Azad of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9904: Tielei Wang of Pangu Lab\n\nEntry added July 28, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9863: Xinru Chi of Pangu Lab\n\nEntry updated August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed with improved state management.\n\nCVE-2020-9892: Andy Nguyen of Google\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9997: Catalin Valeriu Lita of SecurityScorecard\n\nEntry added September 21, 2020\n\n**libxml2**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9926: Found by OSS-Fuzz\n\nEntry added March 16, 2021\n\n**Mail**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious mail server may overwrite arbitrary mail files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9920: YongYue Wang AKA BigChan of Hillstone Networks AF Team\n\nEntry added July 28, 2020\n\n**Messages**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A user that is removed from an iMessage group could rejoin the group\n\nDescription: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification.\n\nCVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha)\n\n**Model I/O**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Model I/O**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9881: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9882: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9985: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Security**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate\n\nDescription: A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation.\n\nCVE-2020-9868: Brian Wolff of Asana\n\nEntry added July 28, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\nEntry updated July 28, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n**WebRTC**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker in a privileged network position may be able to cause heap corruption via a crafted SCTP stream\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-6514: natashenka of Google Project Zero\n\nEntry added September 21, 2020\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9906: Ian Beer of Google Project Zero\n\nEntry added July 28, 2020\n\n## Additional recognition\n\n**CoreFoundation**\n\nWe would like to acknowledge Bobby Pelletier for their assistance.\n\nEntry added September 8, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-15T00:00:00", "type": "apple", "title": "About the security content of watchOS 6.2.8", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-27933", "CVE-2020-6514", "CVE-2020-9862", "CVE-2020-9863", "CVE-2020-9865", "CVE-2020-9868", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9878", "CVE-2020-9879", "CVE-2020-9880", "CVE-2020-9881", "CVE-2020-9882", "CVE-2020-9883", "CVE-2020-9884", "CVE-2020-9885", "CVE-2020-9888", "CVE-2020-9889", "CVE-2020-9890", "CVE-2020-9891", "CVE-2020-9892", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9900", "CVE-2020-9902", "CVE-2020-9904", "CVE-2020-9906", "CVE-2020-9909", "CVE-2020-9910", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9918", "CVE-2020-9919", "CVE-2020-9920", "CVE-2020-9923", "CVE-2020-9925", "CVE-2020-9926", "CVE-2020-9933", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9980", "CVE-2020-9984", "CVE-2020-9985", "CVE-2020-9997"], "modified": "2020-07-15T00:00:00", "id": "APPLE:362DE2664179C21B7B8FFF788120813E", "href": "https://support.apple.com/kb/HT211291", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:44", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 6.2.8\n\nReleased July 15, 2020\n\n**Audio**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro Zero Day Initiative\n\nCVE-2020-9889: Anonymous working with Trend Micro\u2019s Zero Day Initiative, JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**Audio**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9888: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9890: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9891: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**CoreGraphics**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added July 28, 2020, updated December 15, 2020\n\n**Crash Reporter**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud\n\n**Crash Reporter**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9900: Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 10, 2020\n\n**FontParser**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added September 21, 2020, updated October 19, 2020\n\n**GeoServices**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to read sensitive location information\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 10, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\nEntry added July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added July 28, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry added July 28, 2020, updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added August 10, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9923: Proteas\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9909: Brandon Azad of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9904: Tielei Wang of Pangu Lab\n\nEntry added July 28, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9863: Xinru Chi of Pangu Lab\n\nEntry updated August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed with improved state management.\n\nCVE-2020-9892: Andy Nguyen of Google\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab\n\nEntry added August 10, 2020\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9997: Catalin Valeriu Lita of SecurityScorecard\n\nEntry added September 21, 2020\n\n**Mail**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious mail server may overwrite arbitrary mail files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9920: YongYue Wang AKA BigChan of Hillstone Networks AF Team\n\nEntry added July 28, 2020\n\n**Messages**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A user that is removed from an iMessage group could rejoin the group\n\nDescription: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification.\n\nCVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha)\n\n**Model I/O**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Model I/O**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9881: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9882: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9985: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Security**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate\n\nDescription: A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation.\n\nCVE-2020-9868: Brian Wolff of Asana\n\nEntry added July 28, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\nEntry updated July 28, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n**WebRTC**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker in a privileged network position may be able to cause heap corruption via a crafted SCTP stream\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-6514: Natalie Silvanovich of Google Project Zero\n\nEntry added September 21, 2020\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9906: Ian Beer of Google Project Zero\n\nEntry added July 28, 2020\n\n\n\n## Additional recognition\n\n**CoreFoundation**\n\nWe would like to acknowledge Bobby Pelletier for their assistance.\n\nEntry added September 8, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T05:53:50", "title": "About the security content of watchOS 6.2.8 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9871", "CVE-2020-9884", "CVE-2020-9889", "CVE-2020-9868", "CVE-2020-9874", "CVE-2020-11761", "CVE-2020-9933", "CVE-2020-9862", "CVE-2020-9883", "CVE-2020-9885", "CVE-2020-9906", "CVE-2020-9984", "CVE-2020-9904", "CVE-2020-9894", "CVE-2020-11763", "CVE-2020-11765", "CVE-2020-9891", "CVE-2020-9876", "CVE-2020-9875", "CVE-2020-9910", "CVE-2020-9925", "CVE-2020-9895", "CVE-2020-9938", "CVE-2020-9888", "CVE-2020-9916", "CVE-2020-9923", "CVE-2020-9880", "CVE-2020-9877", "CVE-2020-9919", "CVE-2020-9865", "CVE-2020-11758", "CVE-2020-9863", "CVE-2020-6514", "CVE-2020-11760", "CVE-2020-9900", "CVE-2020-9879", "CVE-2020-9878", "CVE-2020-9893", "CVE-2020-9920", "CVE-2020-9985", "CVE-2020-9980", "CVE-2020-11759", "CVE-2020-9882", "CVE-2020-11764", "CVE-2020-9915", "CVE-2020-11762", "CVE-2020-9936", "CVE-2020-9918", "CVE-2020-9902", "CVE-2020-9881", "CVE-2020-9892", "CVE-2020-9997", "CVE-2020-9909", "CVE-2020-9890", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9937"], "modified": "2020-12-15T05:53:50", "id": "APPLE:HT211291", "href": "https://support.apple.com/kb/HT211291", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:34", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Safari 13.1.2\n\nReleased July 15, 2020\n\n**Safari**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2020-9942: an anonymous researcher, Rahul d Kankrale (servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho (@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab\n\nEntry added November 12, 2020\n\n**Safari Downloads**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9912: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**Safari Login AutoFill**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious attacker may cause Safari to suggest a password for the wrong domain\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9903: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**Safari Reader**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9911: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\nEntry updated July 28, 2020\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n**WebRTC**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: An attacker in a privileged network position may be able to cause heap corruption via a crafted SCTP stream\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-6514: Natalie Silvanovich of Google Project Zero\n\nEntry added September 21, 2020\n", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-12T10:19:34", "title": "About the security content of Safari 13.1.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9894", "CVE-2020-9903", "CVE-2020-9910", "CVE-2020-9942", "CVE-2020-9925", "CVE-2020-9895", "CVE-2020-9911", "CVE-2020-9916", "CVE-2020-9912", "CVE-2020-6514", "CVE-2020-9893", "CVE-2020-9915"], "modified": "2020-11-12T10:19:34", "id": "APPLE:HT211292", "href": "https://support.apple.com/kb/HT211292", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T22:10:30", "description": "# About the security content of Safari 13.1.2\n\nThis document describes the security content of Safari 13.1.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## Safari 13.1.2\n\nReleased July 15, 2020\n\n**Safari**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2020-9942: an anonymous researcher, Rahul d Kankrale (servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho (@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab\n\nEntry added November 12, 2020\n\n**Safari Downloads**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9912: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**Safari Login AutoFill**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious attacker may cause Safari to suggest a password for the wrong domain\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9903: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**Safari Reader**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9911: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\nEntry updated July 28, 2020\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n**WebRTC**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: An attacker in a privileged network position may be able to cause heap corruption via a crafted SCTP stream\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-6514: natashenka of Google Project Zero\n\nEntry added September 21, 2020\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-15T00:00:00", "type": "apple", "title": "About the security content of Safari 13.1.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6514", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9903", "CVE-2020-9910", "CVE-2020-9911", "CVE-2020-9912", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9925", "CVE-2020-9942"], "modified": "2020-07-15T00:00:00", "id": "APPLE:0E1C386A7EBAE50F1A16EBD5FB86ED98", "href": "https://support.apple.com/kb/HT211292", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:44:53", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 13.6 and iPadOS 13.6\n\nReleased July 15, 2020\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9888: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9890: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9891: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro Zero Day Initiative\n\nCVE-2020-9889: Anonymous working with Trend Micro\u2019s Zero Day Initiative, JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**AVEVideoEncoder**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9907: 08Tc3wBB working with ZecOps\n\nEntry added July 24, 2020, updated August 31, 2020\n\n**Bluetooth**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may cause an unexpected application termination\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9931: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab\n\n**CoreFoundation**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local user may be able to view sensitive user information\n\nDescription: An issue existed in the handling of environment variables. This issue was addressed with improved validation.\n\nCVE-2020-9934: Matt Shockley (linkedin.com/in/shocktop)\n\nEntry updated August 5, 2020\n\n**CoreGraphics**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added July 24, 2020, updated December 15, 2020\n\n**Crash Reporter**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud\n\n**Crash Reporter**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9900: Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020\n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added September 21, 2020, updated October 19, 2020\n\n**GeoServices**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to read sensitive location information\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.\n\n**iAP**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2020-9914: Andy Davis of NCC Group\n\nEntry updated July 24, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry added July 24, 2020, updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added August 5, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9923: Proteas\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9909: Brandon Azad of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9904: Tielei Wang of Pangu Lab\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9863: Xinru Chi of Pangu Lab\n\nEntry updated August 5, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed with improved state management.\n\nCVE-2020-9892: Andy Nguyen of Google\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9905: Raz Mashat (@RazMashat) of ZecOps\n\nEntry added August 5, 2020\n\n**Mail**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2019-19906\n\nEntry added July 24, 2020, updated September 8, 2020\n\n**Mail**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious mail server may overwrite arbitrary mail files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9920: YongYue Wang AKA BigChan of Hillstone Networks AF Team\n\nEntry added July 24, 2020\n\n**Messages**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A user that is removed from an iMessage group could rejoin the group\n\nDescription: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification.\n\nCVE-2020-9885: an anonymous researcher, Suryansh Mansharamani of WWP High School North (medium.com/@suryanshmansha)\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9881: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9882: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9940: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9985: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry updated September 21, 2020\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Safari Login AutoFill**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious attacker may cause Safari to suggest a password for the wrong domain\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9903: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**Safari Reader**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9911: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**Security**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate\n\nDescription: A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation.\n\nCVE-2020-9868: Brian Wolff of Asana\n\nEntry added July 24, 2020\n\n**sysdiagnose**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9901: Tim Michaud (@TimGMichaud) of Leviathan, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020, updated August 31, 2020\n\n**WebDAV**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2020-9898: Sreejith Krishnan R (@skr0x1C0)\n\nEntry added September 8, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\nEntry updated July 24, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n**WebRTC**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged network position may be able to cause heap corruption via a crafted SCTP stream\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-6514: Natalie Silvanovich of Google Project Zero\n\nEntry added September 21, 2020\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9906: Ian Beer of Google Project Zero\n\nEntry added July 24, 2020\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9917: Pradeep Deokate of Harman, Stefan B\u00f6hrer at Daimler AG, proofnet.de\n\nEntry updated July 24, 2020\n\n\n\n## Additional recognition\n\n**Bluetooth**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**CoreFoundation**\n\nWe would like to acknowledge Bobby Pelletier for their assistance.\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\n**USB Audio**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n", "edition": 12, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T05:18:44", "title": "About the security content of iOS 13.6 and iPadOS 13.6 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9871", "CVE-2019-19906", "CVE-2020-9884", "CVE-2020-9889", "CVE-2020-9905", "CVE-2020-9868", "CVE-2020-9874", "CVE-2020-9907", "CVE-2020-11761", "CVE-2020-9933", "CVE-2020-9862", "CVE-2020-9883", "CVE-2020-9885", "CVE-2020-9906", "CVE-2020-9984", "CVE-2020-9904", "CVE-2020-9894", "CVE-2020-11763", "CVE-2020-9914", "CVE-2020-11765", "CVE-2020-9901", "CVE-2020-9891", "CVE-2020-9876", "CVE-2020-9903", "CVE-2020-9875", "CVE-2020-9910", "CVE-2020-9925", "CVE-2020-9898", "CVE-2020-9895", "CVE-2020-9911", "CVE-2020-9938", "CVE-2020-9940", "CVE-2020-9888", "CVE-2020-9934", "CVE-2020-9916", "CVE-2020-9923", "CVE-2019-14899", "CVE-2020-9880", "CVE-2020-9877", "CVE-2020-9917", "CVE-2020-9919", "CVE-2020-9865", "CVE-2020-11758", "CVE-2020-9863", "CVE-2020-6514", "CVE-2020-11760", "CVE-2020-9931", "CVE-2020-9900", "CVE-2020-9879", "CVE-2020-9878", "CVE-2020-9893", "CVE-2020-9920", "CVE-2020-9985", "CVE-2020-9980", "CVE-2020-11759", "CVE-2020-9882", "CVE-2020-11764", "CVE-2020-9915", "CVE-2020-11762", "CVE-2020-9936", "CVE-2020-9918", "CVE-2020-9902", "CVE-2020-9881", "CVE-2020-9892", "CVE-2020-9909", "CVE-2020-9890", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9937"], "modified": "2020-12-15T05:18:44", "id": "APPLE:HT211288", "href": "https://support.apple.com/kb/HT211288", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T22:10:28", "description": "# About the security content of iOS 13.6 and iPadOS 13.6\n\nThis document describes the security content of iOS 13.6 and iPadOS 13.6.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iOS 13.6 and iPadOS 13.6\n\nReleased July 15, 2020\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9888: JunDong Xie and Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9890: JunDong Xie and Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9891: JunDong Xie and Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro Zero Day Initiative\n\nCVE-2020-9889: Anonymous working with Trend Micro\u2019s Zero Day Initiative, JunDong Xie and Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**AVEVideoEncoder**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9907: 08Tc3wBB working with ZecOps\n\nEntry added July 24, 2020, updated August 31, 2020\n\n**Bluetooth**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may cause an unexpected application termination\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9931: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab\n\n**CoreFoundation**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local user may be able to view sensitive user information\n\nDescription: An issue existed in the handling of environment variables. This issue was addressed with improved validation.\n\nCVE-2020-9934: Matt Shockley (linkedin.com/in/shocktop)\n\nEntry updated August 5, 2020\n\n**CoreGraphics**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added July 24, 2020, updated December 15, 2020\n\n**Crash Reporter**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud\n\n**Crash Reporter**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9900: Cees Elzinga, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020, updated December 17, 2021 \n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added September 21, 2020, updated October 19, 2020\n\n**GeoServices**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to read sensitive location information\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.\n\n**iAP**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2020-9914: Andy Davis of NCC Group\n\nEntry updated July 24, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27933: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry added July 24, 2020, updated September 21, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added August 5, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9923: Proteas\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9909: Brandon Azad of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9904: Tielei Wang of Pangu Lab\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9863: Xinru Chi of Pangu Lab\n\nEntry updated August 5, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed with improved state management.\n\nCVE-2020-9892: Andy Nguyen of Google\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9905: Raz Mashat (@RazMashat) of ZecOps\n\nEntry added August 5, 2020\n\n**libxml2**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9926: Found by OSS-Fuzz\n\nEntry added March 16, 2021\n\n**Mail**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2019-19906\n\nEntry added July 24, 2020, updated September 8, 2020\n\n**Mail**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious mail server may overwrite arbitrary mail files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9920: YongYue Wang AKA BigChan of Hillstone Networks AF Team\n\nEntry added July 24, 2020\n\n**Messages**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A user that is removed from an iMessage group could rejoin the group\n\nDescription: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification.\n\nCVE-2020-9885: an anonymous researcher, Suryansh Mansharamani of WWP High School North (medium.com/@suryanshmansha)\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9881: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9882: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9940: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9985: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry updated September 21, 2020\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added September 21, 2020\n\n**Safari Login AutoFill**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious attacker may cause Safari to suggest a password for the wrong domain\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9903: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**Safari Reader**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9911: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**Security**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate\n\nDescription: A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation.\n\nCVE-2020-9868: Brian Wolff of Asana\n\nEntry added July 24, 2020\n\n**sysdiagnose**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9901: Tim Michaud (@TimGMichaud) of Leviathan, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020, updated August 31, 2020\n\n**WebDAV**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2020-9898: Sreejith Krishnan R (@skr0x1C0)\n\nEntry added September 8, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.\n\nCVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon\n\nEntry updated July 24, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\n\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9925: an anonymous researcher\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious attacker may be able to conceal the destination of a URL\n\nDescription: A URL Unicode encoding issue was addressed with improved state management.\n\nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\n**WebKit Web Inspector**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Copying a URL from Web Inspector may lead to command injection\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.\n\nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\n**WebRTC**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged network position may be able to cause heap corruption via a crafted SCTP stream\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-6514: natashenka of Google Project Zero\n\nEntry added September 21, 2020\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9906: Ian Beer of Google Project Zero\n\nEntry added July 24, 2020\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9917: Pradeep Deokate of Harman, Stefan B\u00f6hrer at Daimler AG, proofnet.de\n\nEntry updated July 24, 2020\n\n## Additional recognition\n\n**Bluetooth**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**CoreFoundation**\n\nWe would like to acknowledge Bobby Pelletier for their assistance.\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-Financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\n**USB Audio**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-15T00:00:00", "type": "apple", "title": "About the security content of iOS 13.6 and iPadOS 13.6", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14899", "CVE-2019-19906", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-27933", "CVE-2020-6514", "CVE-2020-9862", "CVE-2020-9863", "CVE-2020-9865", "CVE-2020-9868", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9878", "CVE-2020-9879", "CVE-2020-9880", "CVE-2020-9881", "CVE-2020-9882", "CVE-2020-9883", "CVE-2020-9884", "CVE-2020-9885", "CVE-2020-9888", "CVE-2020-9889", "CVE-2020-9890", "CVE-2020-9891", "CVE-2020-9892", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9898", "CVE-2020-9900", "CVE-2020-9901", "CVE-2020-9902", "CVE-2020-9903", "CVE-2020-9904", "CVE-2020-9905", "CVE-2020-9906", "CVE-2020-9907", "CVE-2020-9909", "CVE-2020-9910", "CVE-2020-9911", "CVE-2020-9914", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9917", "CVE-2020-9918", "CVE-2020-9919", "CVE-2020-9920", "CVE-2020-9923", "CVE-2020-9925", "CVE-2020-9926", "CVE-2020-9931", "CVE-2020-9933", "CVE-2020-9934", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9940", "CVE-2020-9980", "CVE-2020-9984", "CVE-2020-9985"], "modified": "2020-07-15T00:00:00", "id": "APPLE:76759F30E38205B816379E57C5E5C4C3", "href": "https://support.apple.com/kb/HT211288", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:23", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra\n\nReleased July 15, 2020\n\n**AMD**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9927: Lilang Wu working with TrendMicro\u2019s Zero Day Initiative\n\nEntry updated August 5, 2020\n\n**Audio**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro Zero Day Initiative\n\nCVE-2020-9889: Anonymous working with Trend Micro\u2019s Zero Day Initiative, JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**Audio**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9888: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9890: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9891: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**Bluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2020-9928: Yu Wang of Didi Research America\n\nEntry added August 5, 2020\n\n**Bluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9929: Yu Wang of Didi Research America\n\nEntry added August 5, 2020\n\n**Clang**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Clang may generate machine code that does not correctly enforce pointer authentication codes\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9870: Samuel Gro\u00df of Google Project Zero\n\n**CoreAudio**\n\nAvailable for: macOS High Sierra 10.13.6\n\nImpact: A buffer overflow may result in arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9866: Yu Zhou of \u5c0f\u9e21\u5e2e and Jundong Xie of Ant-financial Light-Year Security Lab\n\n**Core Bluetooth**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may cause an unexpected application termination\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9869: Patrick Wardle of Jamf\n\nEntry added August 5, 2020\n\n**CoreCapture**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9949: Proteas\n\nEntry added November 12, 2020\n\n**CoreFoundation**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local user may be able to view sensitive user information\n\nDescription: An issue existed in the handling of environment variables. This issue was addressed with improved validation.\n\nCVE-2020-9934: Matt Shockley (linkedin.com/in/shocktop)\n\nEntry updated August 5, 2020\n\n**CoreGraphics**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added July 24, 2020, updated November 12, 2020\n\n**Crash Reporter**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud\n\n**Crash Reporter**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9900: Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020\n\n**FontParser**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added September 21, 2020, updated October 19, 2020\n\n**Graphics Drivers**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9799: ABC Research s.r.o.\n\nEntry updated July 24, 2020\n\n**Heimdal**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: This issue was addressed with improved data protection.\n\nCVE-2020-9913: Cody Thomas of SpecterOps\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added August 5, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\nEntry added August 5, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry added September 21, 2020\n\n**Image Processing**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9887: Mickey Jin of Trend Micro\n\nEntry added September 8, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9908: Junzhi Lu(@pwn0rz) working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added July 24, 2020, updated August 31, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2020-9990: ABC Research s.r.l. working with Trend Micro Zero Day Initiative, ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nEntry added September 21, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9921: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9904: Tielei Wang of Pangu Lab\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9924: Matt DeVore of Google\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed with improved state management.\n\nCVE-2020-9892: Andy Nguyen of Google\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9863: Xinru Chi of Pangu Lab\n\nEntry updated August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9905: Raz Mashat (@RazMashat) of ZecOps\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9997: Catalin Valeriu Lita of SecurityScorecard\n\nEntry added September 21, 2020\n\n**libxpc**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9994: Apple\n\nEntry added September 21, 2020\n\n**Login Window**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A user may be unexpectedly logged in to another user\u2019s account\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9935: an anonymous researcher\n\nEntry added September 21, 2020\n\n**Mail**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2019-19906\n\nEntry added July 24, 2020, updated September 8, 2020\n\n**Mail**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious mail server may overwrite arbitrary mail files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9920: YongYue Wang AKA BigChan of Hillstone Networks AF Team\n\nEntry added July 24, 2020\n\n**Mail**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted email may lead to writing arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9922: Mikko Kentt\u00e4l\u00e4 (@Turmio_) of SensorFu\n\nEntry added November 12, 2020\n\n**Messages**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A user that is removed from an iMessage group could rejoin the group\n\nDescription: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification.\n\nCVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha)\n\n**Model I/O**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added July 24, 2020, updated September 21, 2020\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9881: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9882: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9940: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9985: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added July 24, 2020, updated September 21, 2020\n\n**OpenLDAP**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-12243\n\nEntry added September 21, 2020\n\n**rsync**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2014-9512: gaojianfeng\n\nEntry added July 24, 2020\n\n**Sandbox**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9930: Zhiyi Zhang from Codesafe Team of Legendsec at Qi'anxin Group\n\nEntry added December 15, 2020\n\n**Sandbox**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local user may be able to load unsigned kernel extensions\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9939: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added August 5, 2020\n\n**Security**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9864: Alexander Holodny\n\n**Security**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate\n\nDescription: A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation.\n\nCVE-2020-9868: Brian Wolff of Asana\n\nEntry added July 24, 2020\n\n**Security**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9854: Ilias Morad (A2nkF)\n\nEntry added July 24, 2020\n\n**sysdiagnose**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9901: Tim Michaud (@TimGMichaud) of Leviathan, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020, updated August 31, 2020\n\n**Vim**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-20807: Guilherme de Almeida Suckevicz\n\n**WebDAV**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2020-9898: Sreejith Krishnan R (@skr0x1C0)\n\nEntry added September 8, 2020\n\n**Wi-Fi**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)\n\n**Wi-Fi**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9899: Yu Wang of Didi Research America\n\nEntry added July 24, 2020\n\n**Wi-Fi**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9906: Ian Beer of Google Project Zero\n\nEntry added July 24, 2020\n\n\n\n## Additional recognition\n\n**CoreFoundation**\n\nWe would like to acknowledge Bobby Pelletier for their assistance.\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\n**Siri**\n\nWe would like to acknowledge Yuval Ron, Amichai Shulman, and Eli Biham of the Technion - Israel Institute of Technology for their assistance.\n\nEntry added August 5, 2020\n\n**USB Audio**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n", "edition": 14, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T06:08:19", "title": "About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9871", "CVE-2014-9512", "CVE-2019-19906", "CVE-2020-9884", "CVE-2020-9870", "CVE-2020-9889", "CVE-2020-9905", "CVE-2020-9927", "CVE-2020-9868", "CVE-2020-9874", "CVE-2020-9990", "CVE-2020-11761", "CVE-2020-9883", "CVE-2020-9854", "CVE-2020-9885", "CVE-2020-9928", "CVE-2020-9906", "CVE-2020-9939", "CVE-2020-9984", "CVE-2020-9904", "CVE-2020-11763", "CVE-2020-9929", "CVE-2020-11765", "CVE-2020-9901", "CVE-2020-9891", "CVE-2020-9876", "CVE-2020-9875", "CVE-2020-9887", "CVE-2020-9898", "CVE-2020-9866", "CVE-2020-9908", "CVE-2020-9864", "CVE-2020-9938", "CVE-2020-9949", "CVE-2020-9940", "CVE-2020-9888", "CVE-2020-9934", "CVE-2020-9930", "CVE-2019-14899", "CVE-2020-9880", "CVE-2020-9877", "CVE-2020-9919", "CVE-2020-9865", "CVE-2020-11758", "CVE-2020-9863", "CVE-2020-9922", "CVE-2020-11760", "CVE-2020-9924", "CVE-2019-20807", "CVE-2020-9900", "CVE-2020-9879", "CVE-2020-9878", "CVE-2020-9921", "CVE-2020-9920", "CVE-2020-9985", "CVE-2020-9980", "CVE-2020-11759", "CVE-2020-9882", "CVE-2020-11764", "CVE-2020-9935", "CVE-2020-9913", "CVE-2020-11762", "CVE-2020-9899", "CVE-2020-9799", "CVE-2020-9936", "CVE-2020-9918", "CVE-2020-9902", "CVE-2020-9881", "CVE-2020-9869", "CVE-2020-9892", "CVE-2020-12243", "CVE-2020-9997", "CVE-2020-9994", "CVE-2020-9890", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9937"], "modified": "2020-12-15T06:08:19", "id": "APPLE:HT211289", "href": "https://support.apple.com/kb/HT211289", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T22:10:33", "description": "# About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra\n\nThis document describes the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra\n\nReleased July 15, 2020\n\n**AMD**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9927: Lilang Wu working with TrendMicro\u2019s Zero Day Initiative\n\nEntry updated August 5, 2020\n\n**Audio**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro Zero Day Initiative\n\nCVE-2020-9889: Anonymous working with Trend Micro\u2019s Zero Day Initiative, JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**Audio**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9888: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9890: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9891: JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**Bluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2020-9928: Yu Wang of Didi Research America\n\nEntry added August 5, 2020\n\n**Bluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9929: Yu Wang of Didi Research America\n\nEntry added August 5, 2020\n\n**Clang**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Clang may generate machine code that does not correctly enforce pointer authentication codes\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9870: Samuel Gro\u00df of Google Project Zero\n\n**CoreAudio**\n\nAvailable for: macOS High Sierra 10.13.6\n\nImpact: A buffer overflow may result in arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9866: Yu Zhou of \u5c0f\u9e21\u5e2e and Jundong Xie of Ant-Financial Light-Year Security Lab\n\n**Core Bluetooth**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may cause an unexpected application termination\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9869: Patrick Wardle of Jamf\n\nEntry added August 5, 2020\n\n**CoreCapture**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9949: Proteas\n\nEntry added November 12, 2020\n\n**CoreFoundation**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local user may be able to view sensitive user information\n\nDescription: An issue existed in the handling of environment variables. This issue was addressed with improved validation.\n\nCVE-2020-9934: Matt Shockley (linkedin.com/in/shocktop)\n\nEntry updated August 5, 2020\n\n**CoreGraphics**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added July 24, 2020, updated November 12, 2020\n\n**Crash Reporter**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud\n\n**Crash Reporter**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9900: Cees Elzinga, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020, updated December 17, 2021 \n\n**FontParser**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added September 21, 2020, updated October 19, 2020\n\n**Graphics Drivers**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9799: ABC Research s.r.o.\n\nEntry updated July 24, 2020\n\n**Heimdal**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: This issue was addressed with improved data protection.\n\nCVE-2020-9913: Cody Thomas of SpecterOps\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27933: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added March 16, 2021\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry added August 5, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\nEntry added August 5, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry added September 21, 2020\n\n**Image Processing**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9887: Mickey Jin of Trend Micro\n\nEntry added September 8, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9908: Junzhi Lu(@pwn0rz) working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added July 24, 2020, updated August 31, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2020-9990: ABC Research s.r.l. working with Trend Micro Zero Day Initiative, ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nEntry added September 21, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9921: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9904: Tielei Wang of Pangu Lab\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9924: Matt DeVore of Google\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed with improved state management.\n\nCVE-2020-9892: Andy Nguyen of Google\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9863: Xinru Chi of Pangu Lab\n\nEntry updated August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9905: Raz Mashat (@RazMashat) of ZecOps\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9997: Catalin Valeriu Lita of SecurityScorecard\n\nEntry added September 21, 2020\n\n**libxml2**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9926: Found by OSS-Fuzz\n\nEntry added March 16, 2021\n\n**libxpc**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9994: Apple\n\nEntry added September 21, 2020\n\n**Login Window**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A user may be unexpectedly logged in to another user\u2019s account\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9935: an anonymous researcher\n\nEntry added September 21, 2020\n\n**Mail**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2019-19906\n\nEntry added July 24, 2020, updated September 8, 2020\n\n**Mail**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious mail server may overwrite arbitrary mail files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9920: YongYue Wang AKA BigChan of Hillstone Networks AF Team\n\nEntry added July 24, 2020\n\n**Mail**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted email may lead to writing arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9922: Mikko Kentt\u00e4l\u00e4 (@Turmio_) of SensorFu\n\nEntry added November 12, 2020\n\n**Messages**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A user that is removed from an iMessage group could rejoin the group\n\nDescription: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification.\n\nCVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha)\n\n**Model I/O**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added July 24, 2020, updated September 21, 2020\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9881: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9882: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9940: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9985: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added July 24, 2020, updated September 21, 2020\n\n**OpenLDAP**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-12243\n\nEntry added September 21, 2020\n\n**Perl**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: An integer overflow in the Perl regular expression compiler may allow a remote attacker to insert instructions into the compiled form of a regular expression\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-10878: Hugo van der Sanden and Slaven Rezic\n\nEntry added March 16, 2021\n\n**Perl**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-12723: Sergey Aleynikov\n\nEntry added March 16, 2021\n\n**rsync**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2014-9512: gaojianfeng\n\nEntry added July 24, 2020\n\n**Sandbox**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9930: Zhiyi Zhang from Codesafe Team of Legendsec at Qi'anxin Group\n\nEntry added December 15, 2020\n\n**Sandbox**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local user may be able to load unsigned kernel extensions\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9939: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added August 5, 2020\n\n**Security**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9864: Alexander Holodny\n\n**Security**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate\n\nDescription: A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation.\n\nCVE-2020-9868: Brian Wolff of Asana\n\nEntry added July 24, 2020\n\n**Security**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9854: Ilias Morad (A2nkF)\n\nEntry added July 24, 2020\n\n**sysdiagnose**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9901: Tim Michaud (@TimGMichaud) of Leviathan, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020, updated August 31, 2020\n\n**Vim**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-20807: Guilherme de Almeida Suckevicz\n\n**WebDAV**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2020-9898: Sreejith Krishnan R (@skr0x1C0)\n\nEntry added September 8, 2020\n\n**Wi-Fi**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)\n\n**Wi-Fi**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9899: Yu Wang of Didi Research America\n\nEntry added July 24, 2020\n\n**Wi-Fi**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9906: Ian Beer of Google Project Zero\n\nEntry added July 24, 2020\n\n## Additional recognition\n\n**CoreFoundation**\n\nWe would like to acknowledge Bobby Pelletier for their assistance.\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-Financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\n**Siri**\n\nWe would like to acknowledge Yuval Ron, Amichai Shulman, and Eli Biham of the Technion - Israel Institute of Technology for their assistance.\n\nEntry added August 5, 2020\n\n**USB Audio**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-15T00:00:00", "type": "apple", "title": "About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9512", "CVE-2019-14899", "CVE-2019-19906", "CVE-2019-20807", "CVE-2020-10878", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-12243", "CVE-2020-12723", "CVE-2020-27933", "CVE-2020-9799", "CVE-2020-9854", "CVE-2020-9863", "CVE-2020-9864", "CVE-2020-9865", "CVE-2020-9866", "CVE-2020-9868", "CVE-2020-9869", "CVE-2020-9870", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9878", "CVE-2020-9879", "CVE-2020-9880", "CVE-2020-9881", "CVE-2020-9882", "CVE-2020-9883", "CVE-2020-9884", "CVE-2020-9885", "CVE-2020-9887", "CVE-2020-9888", "CVE-2020-9889", "CVE-2020-9890", "CVE-2020-9891", "CVE-2020-9892", "CVE-2020-9898", "CVE-2020-9899", "CVE-2020-9900", "CVE-2020-9901", "CVE-2020-9902", "CVE-2020-9904", "CVE-2020-9905", "CVE-2020-9906", "CVE-2020-9908", "CVE-2020-9913", "CVE-2020-9918", "CVE-2020-9919", "CVE-2020-9920", "CVE-2020-9921", "CVE-2020-9922", "CVE-2020-9924", "CVE-2020-9926", "CVE-2020-9927", "CVE-2020-9928", "CVE-2020-9929", "CVE-2020-9930", "CVE-2020-9934", "CVE-2020-9935", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9939", "CVE-2020-9940", "CVE-2020-9949", "CVE-2020-9980", "CVE-2020-9984", "CVE-2020-9985", "CVE-2020-9990", "CVE-2020-9994", "CVE-2020-9997"], "modified": "2020-07-15T00:00:00", "id": "APPLE:3D7765FAAA5588336144E1B60D0B775E", "href": "https://support.apple.com/kb/HT211289", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-12-03T19:19:33", "description": "### *Detect date*:\n08/10/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code, cause denial of service, perform cross-site scripting attack, spoof user interface.\n\n### *Affected products*:\nApple iCloud earlier than 7.20\n\n### *Solution*:\nUpdate to the latest version \n[Download iCloud](<https://support.apple.com/kb/HT204283>)\n\n### *Original advisories*:\n[About the security content of iCloud for Windows 7.20](<https://support.apple.com/kb/HT211295>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iCloud](<https://threats.kaspersky.com/en/product/Apple-iCloud/>)\n\n### *CVE-IDS*:\n[CVE-2020-9910](<https://vulners.com/cve/CVE-2020-9910>)6.5High \n[CVE-2020-9894](<https://vulners.com/cve/CVE-2020-9894>)4.3Warning \n[CVE-2020-9938](<https://vulners.com/cve/CVE-2020-9938>)6.8High \n[CVE-2020-9877](<https://vulners.com/cve/CVE-2020-9877>)6.8High \n[CVE-2020-9879](<https://vulners.com/cve/CVE-2020-9879>)6.8High \n[CVE-2020-9871](<https://vulners.com/cve/CVE-2020-9871>)6.8High \n[CVE-2020-9919](<https://vulners.com/cve/CVE-2020-9919>)6.8High \n[CVE-2020-9876](<https://vulners.com/cve/CVE-2020-9876>)6.8High \n[CVE-2020-9875](<https://vulners.com/cve/CVE-2020-9875>)6.8High \n[CVE-2020-9895](<https://vulners.com/cve/CVE-2020-9895>)7.5Critical \n[CVE-2020-9874](<https://vulners.com/cve/CVE-2020-9874>)6.8High \n[CVE-2020-9936](<https://vulners.com/cve/CVE-2020-9936>)6.8High \n[CVE-2020-9862](<https://vulners.com/cve/CVE-2020-9862>)6.8High \n[CVE-2020-9872](<https://vulners.com/cve/CVE-2020-9872>)6.8High \n[CVE-2020-9873](<https://vulners.com/cve/CVE-2020-9873>)6.8High \n[CVE-2020-9925](<https://vulners.com/cve/CVE-2020-9925>)4.3Warning \n[CVE-2020-9937](<https://vulners.com/cve/CVE-2020-9937>)6.8High \n[CVE-2020-9916](<https://vulners.com/cve/CVE-2020-9916>)5.0Critical \n[CVE-2020-9915](<https://vulners.com/cve/CVE-2020-9915>)4.3Warning \n[CVE-2020-9893](<https://vulners.com/cve/CVE-2020-9893>)6.8High \n[CVE-2020-11760](<https://vulners.com/cve/CVE-2020-11760>)4.3Warning \n[CVE-2020-11758](<https://vulners.com/cve/CVE-2020-11758>)4.3Warning \n[CVE-2020-11764](<https://vulners.com/cve/CVE-2020-11764>)4.3Warning \n[CVE-2020-11765](<https://vulners.com/cve/CVE-2020-11765>)4.3Warning \n[CVE-2020-11761](<https://vulners.com/cve/CVE-2020-11761>)4.3Warning \n[CVE-2020-11762](<https://vulners.com/cve/CVE-2020-11762>)4.3Warning \n[CVE-2020-11759](<https://vulners.com/cve/CVE-2020-11759>)4.3Warning \n[CVE-2020-11763](<https://vulners.com/cve/CVE-2020-11763>)4.3Warning \n[CVE-2020-9984](<https://vulners.com/cve/CVE-2020-9984>)6.8High \n[CVE-2020-9883](<https://vulners.com/cve/CVE-2020-9883>)6.8High \n[CVE-2020-9926](<https://vulners.com/cve/CVE-2020-9926>)6.8High \n[CVE-2020-27933](<https://vulners.com/cve/CVE-2020-27933>)6.8High", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-10T00:00:00", "type": "kaspersky", "title": "KLA11926 Multiple vulnerabilities in Apple iCloud", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-27933", "CVE-2020-9862", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9879", "CVE-2020-9883", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9910", "CVE-2020-9915", "CVE-2020-9916", "CVE-2020-9919", "CVE-2020-9925", "CVE-2020-9926", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9984"], "modified": "2021-03-24T00:00:00", "id": "KLA11926", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11926/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-12-03T17:33:22", "description": "The updated packages fix security vulnerabilities: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. (CVE-2020-11758) An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. (CVE-2020-11759) An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. (CVE-2020-11760) An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761) An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case. (CVE-2020-11762) An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763) An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. (CVE-2020-11764) An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. (CVE-2020-11765) \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-05-05T15:20:37", "type": "mageia", "title": "Updated openexr packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"], "modified": "2020-05-05T15:20:37", "id": "MGASA-2020-0189", "href": "https://advisories.mageia.org/MGASA-2020-0189.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-05-22T13:24:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-18T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for mingw-OpenEXR (FEDORA-2020-e244f22a51)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11765", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-11762"], "modified": "2020-05-20T00:00:00", "id": "OPENVAS:1361412562310877857", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877857", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877857\");\n script_version(\"2020-05-20T02:28:18+0000\");\n script_cve_id(\"CVE-2020-11765\", \"CVE-2020-11764\", \"CVE-2020-11763\", \"CVE-2020-11762\", \"CVE-2020-11761\", \"CVE-2020-11760\", \"CVE-2020-11759\", \"CVE-2020-11758\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-20 02:28:18 +0000 (Wed, 20 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-18 03:24:19 +0000 (Mon, 18 May 2020)\");\n script_name(\"Fedora: Security Advisory for mingw-OpenEXR (FEDORA-2020-e244f22a51)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-e244f22a51\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-OpenEXR'\n package(s) announced via the FEDORA-2020-e244f22a51 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MinGW Windows OpenEXR library.\");\n\n script_tag(name:\"affected\", value:\"'mingw-OpenEXR' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mingw-OpenEXR\", rpm:\"mingw-OpenEXR~2.4.1~1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-28T13:22:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-23T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for openexr (openSUSE-SU-2020:0682-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11765", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11764", "CVE-2020-11762"], "modified": "2020-05-27T00:00:00", "id": "OPENVAS:1361412562310853164", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853164", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853164\");\n script_version(\"2020-05-27T04:05:03+0000\");\n script_cve_id(\"CVE-2020-11758\", \"CVE-2020-11760\", \"CVE-2020-11761\", \"CVE-2020-11762\", \"CVE-2020-11763\", \"CVE-2020-11764\", \"CVE-2020-11765\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-27 04:05:03 +0000 (Wed, 27 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-23 03:00:42 +0000 (Sat, 23 May 2020)\");\n script_name(\"openSUSE: Security Advisory for openexr (openSUSE-SU-2020:0682-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0682-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openexr'\n package(s) announced via the openSUSE-SU-2020:0682-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openexr provides the following fix:\n\n Security issues fixed:\n\n - CVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read\n function by DwaCompressor:Classifier:Classifier (bsc#1169575).\n\n - CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp (bsc#1169574).\n\n - CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated\n by ImfTileOffsets.cpp (bsc#1169576).\n\n - CVE-2020-11762: Fixed an out-of-bounds read and write in\n DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the\n UNKNOWN compression case (bsc#1169549).\n\n - CVE-2020-11761: Fixed an out-of-bounds read during Huffman\n uncompression, as demonstrated by FastHufDecoder:refill in\n ImfFastHuf.cpp (bsc#1169578).\n\n - CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in\n rleUncompress in ImfRle.cpp (bsc#1169580).\n\n - CVE-2020-11758: Fixed an out-of-bounds read in\n ImfOptimizedPixelReading.h (bsc#1169573).\n\n Non-security issue fixed:\n\n - Enable tests when building the package on x86_64. (bsc#1146648)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-682=1\");\n\n script_tag(name:\"affected\", value:\"'openexr' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libIlmImf-2_2-23\", rpm:\"libIlmImf-2_2-23~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libIlmImf-2_2-23-debuginfo\", rpm:\"libIlmImf-2_2-23-debuginfo~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libIlmImfUtil-2_2-23\", rpm:\"libIlmImfUtil-2_2-23~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libIlmImfUtil-2_2-23-debuginfo\", rpm:\"libIlmImfUtil-2_2-23-debuginfo~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openexr\", rpm:\"openexr~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openexr-debuginfo\", rpm:\"openexr-debuginfo~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openexr-debugsource\", rpm:\"openexr-debugsource~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openexr-devel\", rpm:\"openexr-devel~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openexr-doc\", rpm:\"openexr-doc~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libIlmImf-2_2-23-32bit\", rpm:\"libIlmImf-2_2-23-32bit~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libIlmImf-2_2-23-32bit-debuginfo\", rpm:\"libIlmImf-2_2-23-32bit-debuginfo~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libIlmImfUtil-2_2-23-32bit\", rpm:\"libIlmImfUtil-2_2-23-32bit~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libIlmImfUtil-2_2-23-32bit-debuginfo\", rpm:\"libIlmImfUtil-2_2-23-32bit-debuginfo~2.2.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-22T13:26:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-18T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for mingw-ilmbase (FEDORA-2020-e244f22a51)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11765", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-11762"], "modified": "2020-05-20T00:00:00", "id": "OPENVAS:1361412562310877847", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877847", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877847\");\n script_version(\"2020-05-20T02:28:18+0000\");\n script_cve_id(\"CVE-2020-11765\", \"CVE-2020-11764\", \"CVE-2020-11763\", \"CVE-2020-11762\", \"CVE-2020-11761\", \"CVE-2020-11760\", \"CVE-2020-11759\", \"CVE-2020-11758\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-20 02:28:18 +0000 (Wed, 20 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-18 03:24:01 +0000 (Mon, 18 May 2020)\");\n script_name(\"Fedora: Security Advisory for mingw-ilmbase (FEDORA-2020-e244f22a51)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-e244f22a51\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23DHUGWLZZKNI7KCIMYAEI3JJS3TMI6X\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-ilmbase'\n package(s) announced via the FEDORA-2020-e244f22a51 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MinGW Windows ilmbase library.\");\n\n script_tag(name:\"affected\", value:\"'mingw-ilmbase' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mingw-ilmbase\", rpm:\"mingw-ilmbase~2.4.1~1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-06T01:15:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-04-28T00:00:00", "type": "openvas", "title": "Ubuntu: Security Advisory for openexr (USN-4339-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9111", "CVE-2017-9113", "CVE-2020-11761", "CVE-2017-9115", "CVE-2020-11763", "CVE-2020-11765", "CVE-2018-18444", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-11762"], "modified": "2020-04-30T00:00:00", "id": "OPENVAS:1361412562310844403", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844403", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844403\");\n script_version(\"2020-04-30T08:51:29+0000\");\n script_cve_id(\"CVE-2017-9111\", \"CVE-2017-9113\", \"CVE-2017-9115\", \"CVE-2018-18444\", \"CVE-2020-11758\", \"CVE-2020-11759\", \"CVE-2020-11760\", \"CVE-2020-11761\", \"CVE-2020-11762\", \"CVE-2020-11763\", \"CVE-2020-11764\", \"CVE-2020-11765\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-30 08:51:29 +0000 (Thu, 30 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-28 03:00:15 +0000 (Tue, 28 Apr 2020)\");\n script_name(\"Ubuntu: Security Advisory for openexr (USN-4339-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU19\\.10|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4339-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-April/005402.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openexr'\n package(s) announced via the USN-4339-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Brandon Perry discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service, or possibly\nexecute arbitrary code. This issue only applied to Ubuntu 20.04 LTS.\n(CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)\n\nTan Jie discovered that OpenEXR incorrectly handled certain malformed EXR\nimage files. If a user were tricked into opening a crafted EXR image file,\na remote attacker could cause a denial of service, or possibly execute\narbitrary code. This issue only applied to Ubuntu 20.04 LTS.\n(CVE-2018-18444)\n\nSamuel Gro\u00df discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service, or possibly\nexecute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760,\nCVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)\n\nIt was discovered that OpenEXR incorrectly handled certain malformed EXR\nimage files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service. (CVE-2020-11765)\");\n\n script_tag(name:\"affected\", value:\"'openexr' package(s) on Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libopenexr23\", ver:\"2.2.1-4.1ubuntu1.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openexr\", ver:\"2.2.1-4.1ubuntu1.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libopenexr22\", ver:\"2.2.0-11.1ubuntu1.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openexr\", ver:\"2.2.0-11.1ubuntu1.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libopenexr22\", ver:\"2.2.0-10ubuntu2.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openexr\", ver:\"2.2.0-10ubuntu2.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2023-05-15T16:52:50", "description": "MinGW Windows ilmbase library. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-05-16T03:40:00", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: mingw-ilmbase-2.4.1-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"], "modified": "2020-05-16T03:40:00", "id": "FEDORA:9F70F610C901", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/23DHUGWLZZKNI7KCIMYAEI3JJS3TMI6X/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-15T16:52:50", "description": "MinGW Windows OpenEXR library. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-05-16T03:40:01", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: mingw-OpenEXR-2.4.1-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"], "modified": "2020-05-16T03:40:01", "id": "FEDORA:03034610C904", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T15:26:38", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-04T01:21:10", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: webkit2gtk3-2.28.4-3.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-08-04T01:21:10", "id": "FEDORA:A56F0309448D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SJH3GWTEC5YTRI3G5YELXZAFZQ66ZYOZ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T15:26:38", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-07T01:09:26", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: webkit2gtk3-2.28.4-3.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-08-07T01:09:26", "id": "FEDORA:CBE8E30B452C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OUWSIKTH7SSMIRIJAIUN53IAW2P5BMTP/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:06:54", "description": "This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-12T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:2198-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2198-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139535", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2198-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139535);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:2198-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893,\n CVE-2020-9894, CVE-2020-9895, CVE-2020-9915,\n CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9862/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9893/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9894/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9925/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202198-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?349b993e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2198=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-2198=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2198=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2198=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2198=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2198=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-debugsource-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-devel-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwebkit2gtk-4_0-37-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk3-debugsource-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk3-devel-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-debugsource-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-devel-2.28.4-3.60.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:32:42", "description": "A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-04T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK vulnerabilities (USN-4444-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2023-10-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0"], "id": "UBUNTU_USN-4444-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139311", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4444-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139311);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/21\");\n\n script_cve_id(\n \"CVE-2020-9862\",\n \"CVE-2020-9893\",\n \"CVE-2020-9894\",\n \"CVE-2020-9895\",\n \"CVE-2020-9915\",\n \"CVE-2020-9925\"\n );\n script_xref(name:\"USN\", value:\"4444-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK vulnerabilities (USN-4444-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"A large number of security issues were discovered in the WebKitGTK Web\nand JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4444-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.28.4-0ubuntu0.20.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:49", "description": "The following vulnerabilities have been discovered in the webkit2gtk web engine :\n\n - CVE-2020-9862 Ophir Lojkine discovered that copying a URL from the Web Inspector may lead to command injection.\n\n - CVE-2020-9893 0011 discovered that a remote attacker may be able to cause unexpected application termination or arbitrary code execution.\n\n - CVE-2020-9894 0011 discovered that a remote attacker may be able to cause unexpected application termination or arbitrary code execution.\n\n - CVE-2020-9895 Wen Xu discovered that a remote attacker may be able to cause unexpected application termination or arbitrary code execution.\n\n - CVE-2020-9915 Ayoub Ait Elmokhtar discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced.\n\n - CVE-2020-9925 An anonymous researcher discovered that processing maliciously crafted web content may lead to universal cross site scripting.", "cvss3": {}, "published": "2020-08-04T00:00:00", "type": "nessus", "title": "Debian DSA-4739-1 : webkit2gtk - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:webkit2gtk", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4739.NASL", "href": "https://www.tenable.com/plugins/nessus/139298", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4739. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139298);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n script_xref(name:\"DSA\", value:\"4739\");\n\n script_name(english:\"Debian DSA-4739-1 : webkit2gtk - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The following vulnerabilities have been discovered in the webkit2gtk\nweb engine :\n\n - CVE-2020-9862\n Ophir Lojkine discovered that copying a URL from the Web\n Inspector may lead to command injection.\n\n - CVE-2020-9893\n 0011 discovered that a remote attacker may be able to\n cause unexpected application termination or arbitrary\n code execution.\n\n - CVE-2020-9894\n 0011 discovered that a remote attacker may be able to\n cause unexpected application termination or arbitrary\n code execution.\n\n - CVE-2020-9895\n Wen Xu discovered that a remote attacker may be able to\n cause unexpected application termination or arbitrary\n code execution.\n\n - CVE-2020-9915\n Ayoub Ait Elmokhtar discovered that processing\n maliciously crafted web content may prevent Content\n Security Policy from being enforced.\n\n - CVE-2020-9925\n An anonymous researcher discovered that processing\n maliciously crafted web content may lead to universal\n cross site scripting.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4739\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the webkit2gtk packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.28.4-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-javascriptcoregtk-4.0\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-webkit2-4.0\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-18\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-bin\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-dev\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37-gtk2\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-dev\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-doc\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"webkit2gtk-driver\", reference:\"2.28.4-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:09:07", "description": "This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2020-08-28T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1275)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1275.NASL", "href": "https://www.tenable.com/plugins/nessus/140023", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1275.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140023);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1275)\");\n script_summary(english:\"Check for the openSUSE-2020-1275 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893,\n CVE-2020-9894, CVE-2020-9895, CVE-2020-9915,\n CVE-2020-9925.\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174662\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwebkit2gtk3-lang-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit-jsc-4-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit-jsc-4-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-debugsource-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-devel-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:19", "description": "This update for openexr provides the following fix :\n\nSecurity issues fixed :\n\n - CVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier (bsc#1169575).\n\n - CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574).\n\n - CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576).\n\n - CVE-2020-11762: Fixed an out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case (bsc#1169549).\n\n - CVE-2020-11761: Fixed an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578).\n\n - CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580).\n\n - CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573).\n\nNon-security issue fixed :\n\n - Enable tests when building the package on x86_64.\n (bsc#1146648)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-05-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openexr (openSUSE-2020-682)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"], "modified": "2020-05-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libilmimf-2_2-23", "p-cpe:/a:novell:opensuse:libilmimf-2_2-23-32bit", "p-cpe:/a:novell:opensuse:libilmimf-2_2-23-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libilmimf-2_2-23-debuginfo", "p-cpe:/a:novell:opensuse:libilmimfutil-2_2-23", "p-cpe:/a:novell:opensuse:libilmimfutil-2_2-23-32bit", "p-cpe:/a:novell:opensuse:libilmimfutil-2_2-23-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libilmimfutil-2_2-23-debuginfo", "p-cpe:/a:novell:opensuse:openexr", "p-cpe:/a:novell:opensuse:openexr-debuginfo", "p-cpe:/a:novell:opensuse:openexr-debugsource", "p-cpe:/a:novell:opensuse:openexr-devel", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-682.NASL", "href": "https://www.tenable.com/plugins/nessus/136880", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-682.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136880);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/28\");\n\n script_cve_id(\"CVE-2020-11758\", \"CVE-2020-11760\", \"CVE-2020-11761\", \"CVE-2020-11762\", \"CVE-2020-11763\", \"CVE-2020-11764\", \"CVE-2020-11765\");\n\n script_name(english:\"openSUSE Security Update : openexr (openSUSE-2020-682)\");\n script_summary(english:\"Check for the openSUSE-2020-682 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openexr provides the following fix :\n\nSecurity issues fixed :\n\n - CVE-2020-11765: Fixed an off-by-one error in use of the\n ImfXdr.h read function by\n DwaCompressor:Classifier:Classifier (bsc#1169575).\n\n - CVE-2020-11764: Fixed an out-of-bounds write in\n copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574).\n\n - CVE-2020-11763: Fixed an out-of-bounds read and write,\n as demonstrated by ImfTileOffsets.cpp (bsc#1169576).\n\n - CVE-2020-11762: Fixed an out-of-bounds read and write in\n DwaCompressor:uncompress in ImfDwaCompressor.cpp when\n handling the UNKNOWN compression case (bsc#1169549).\n\n - CVE-2020-11761: Fixed an out-of-bounds read during\n Huffman uncompression, as demonstrated by\n FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578).\n\n - CVE-2020-11760: Fixed an out-of-bounds read during RLE\n uncompression in rleUncompress in ImfRle.cpp\n (bsc#1169580).\n\n - CVE-2020-11758: Fixed an out-of-bounds read in\n ImfOptimizedPixelReading.h (bsc#1169573).\n\nNon-security issue fixed :\n\n - Enable tests when building the package on x86_64.\n (bsc#1146648)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169580\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected openexr packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libIlmImf-2_2-23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libIlmImf-2_2-23-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libIlmImf-2_2-23-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libIlmImf-2_2-23-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libIlmImfUtil-2_2-23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libIlmImfUtil-2_2-23-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libIlmImfUtil-2_2-23-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libIlmImfUtil-2_2-23-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openexr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openexr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openexr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libIlmImf-2_2-23-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libIlmImf-2_2-23-debuginfo-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libIlmImfUtil-2_2-23-debuginfo-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"openexr-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"openexr-debuginfo-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"openexr-debugsource-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"openexr-devel-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libIlmImf-2_2-23-32bit-debuginfo-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libIlmImfUtil-2_2-23-32bit-debuginfo-2.2.1-lp151.4.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libIlmImf-2_2-23 / libIlmImf-2_2-23-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:44", "description": "This update for openexr provides the following fix :\n\nSecurity issues fixed :\n\nCVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier (bsc#1169575).\n\nCVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574).\n\nCVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576).\n\nCVE-2020-11762: Fixed an out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case (bsc#1169549).\n\nCVE-2020-11761: Fixed an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578).\n\nCVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580).\n\nCVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573).\n\nNon-security issue fixed :\n\nEnable tests when building the package on x86_64. (bsc#1146648)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-05-22T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : openexr (SUSE-SU-2020:1293-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libilmimf-2_2", "p-cpe:/a:novell:suse_linux:libilmimf-2_2-23", "p-cpe:/a:novell:suse_linux:libilmimf-2_2-23-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libilmimf-2_2-23-debuginfo", "p-cpe:/a:novell:suse_linux:libilmimfutil-2_2", "p-cpe:/a:novell:suse_linux:libilmimfutil-2_2-23", "p-cpe:/a:novell:suse_linux:libilmimfutil-2_2-23-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libilmimfutil-2_2-23-debuginfo", "p-cpe:/a:novell:suse_linux:openexr", "p-cpe:/a:novell:suse_linux:openexr-debuginfo", "p-cpe:/a:novell:suse_linux:openexr-debugsource", "p-cpe:/a:novell:suse_linux:openexr-devel", "p-cpe:/a:novell:suse_linux:openexr-doc", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1293-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136787", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1293-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136787);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-11758\", \"CVE-2020-11760\", \"CVE-2020-11761\", \"CVE-2020-11762\", \"CVE-2020-11763\", \"CVE-2020-11764\", \"CVE-2020-11765\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : openexr (SUSE-SU-2020:1293-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openexr provides the following fix :\n\nSecurity issues fixed :\n\nCVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read\nfunction by DwaCompressor:Classifier:Classifier (bsc#1169575).\n\nCVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in\nImfMisc.cpp (bsc#1169574).\n\nCVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated\nby ImfTileOffsets.cpp (bsc#1169576).\n\nCVE-2020-11762: Fixed an out-of-bounds read and write in\nDwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the\nUNKNOWN compression case (bsc#1169549).\n\nCVE-2020-11761: Fixed an out-of-bounds read during Huffman\nuncompression, as demonstrated by FastHufDecoder:refill in\nImfFastHuf.cpp (bsc#1169578).\n\nCVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression\nin rleUncompress in ImfRle.cpp (bsc#1169580).\n\nCVE-2020-11758: Fixed an out-of-bounds read in\nImfOptimizedPixelReading.h (bsc#1169573).\n\nNon-security issue fixed :\n\nEnable tests when building the package on x86_64. (bsc#1146648)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11758/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11760/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11761/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11762/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11763/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11764/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11765/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201293-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cee210de\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1293=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1293=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11765\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImf-2_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImf-2_2-23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImf-2_2-23-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImf-2_2-23-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImfUtil-2_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImfUtil-2_2-23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImfUtil-2_2-23-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImfUtil-2_2-23-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openexr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openexr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openexr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openexr-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libIlmImf-2_2-23-32bit-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libIlmImf-2_2-23-32bit-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libIlmImfUtil-2_2-23-32bit-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libIlmImfUtil-2_2-23-32bit-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libIlmImf-2_2-23-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libIlmImf-2_2-23-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libIlmImfUtil-2_2-23-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openexr-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openexr-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openexr-debugsource-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openexr-devel-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openexr-doc-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libIlmImf-2_2-23-32bit-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libIlmImf-2_2-23-32bit-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libIlmImfUtil-2_2-23-32bit-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libIlmImfUtil-2_2-23-32bit-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libIlmImf-2_2-23-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libIlmImf-2_2-23-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libIlmImfUtil-2_2-23-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"openexr-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"openexr-debuginfo-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"openexr-debugsource-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"openexr-devel-2.2.1-3.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"openexr-doc-2.2.1-3.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openexr\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:28", "description": "Update to 2.28.4. Also, drop xdg-desktop-portal-gtk and geoclue2 from Requires to Recommends.\n\nFixes CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-04T00:00:00", "type": "nessus", "title": "Fedora 32 : webkit2gtk3 (2020-24b936a870)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkit2gtk3", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-24B936A870.NASL", "href": "https://www.tenable.com/plugins/nessus/139299", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-24b936a870.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139299);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n script_xref(name:\"FEDORA\", value:\"2020-24b936a870\");\n\n script_name(english:\"Fedora 32 : webkit2gtk3 (2020-24b936a870)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 2.28.4. Also, drop xdg-desktop-portal-gtk and geoclue2 from\nRequires to Recommends.\n\nFixes CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895,\nCVE-2020-9915, CVE-2020-9925\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-24b936a870\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"webkit2gtk3-2.28.4-3.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:46", "description": "This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-08-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1256)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1256.NASL", "href": "https://www.tenable.com/plugins/nessus/139896", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1256.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139896);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1256)\");\n script_summary(english:\"Check for the openSUSE-2020-1256 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893,\n CVE-2020-9894, CVE-2020-9895, CVE-2020-9915,\n CVE-2020-9925.\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174662\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk3-lang-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit-jsc-4-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit-jsc-4-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-debugsource-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-devel-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:39", "description": "This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-12T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:2199-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2199-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139536", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2199-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139536);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:2199-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893,\n CVE-2020-9894, CVE-2020-9895, CVE-2020-9915,\n CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9862/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9893/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9894/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9925/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202199-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ac74cd8\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2199=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2199=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk3-devel-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk3-devel-2.28.4-3.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:45", "description": "This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:2232-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2232-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139593", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2232-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139593);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n\n script_name(english:\"SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:2232-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893,\n CVE-2020-9894, CVE-2020-9895, CVE-2020-9915,\n CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9862/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9893/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9894/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9925/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202232-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?af6babc9\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2232=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2232=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-2232=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-2232=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-2232=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2232=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2232=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2232=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2232=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-2232=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-2232=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk3-debugsource-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-devel-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebkit2gtk-4_0-37-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk3-debugsource-2.28.4-2.59.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:25", "description": "Update to 2.28.4. Also, drop xdg-desktop-portal-gtk and geoclue2 from Requires to Recommends.\n\nFixes CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-07T00:00:00", "type": "nessus", "title": "Fedora 31 : webkit2gtk3 (2020-a496a39b00)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkit2gtk3", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-A496A39B00.NASL", "href": "https://www.tenable.com/plugins/nessus/139391", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-a496a39b00.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139391);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n script_xref(name:\"FEDORA\", value:\"2020-a496a39b00\");\n\n script_name(english:\"Fedora 31 : webkit2gtk3 (2020-a496a39b00)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 2.28.4. Also, drop xdg-desktop-portal-gtk and geoclue2 from\nRequires to Recommends.\n\nFixes CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895,\nCVE-2020-9915, CVE-2020-9925\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-a496a39b00\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"webkit2gtk3-2.28.4-3.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:22", "description": "The remote host is affected by the vulnerability described in GLSA-202007-61 (WebKitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2020-08-03T00:00:00", "type": "nessus", "title": "GLSA-202007-61 : WebKitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202007-61.NASL", "href": "https://www.tenable.com/plugins/nessus/139269", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202007-61.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139269);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n script_xref(name:\"GLSA\", value:\"202007-61\");\n\n script_name(english:\"GLSA-202007-61 : WebKitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202007-61\n(WebKitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202007-61\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All WebKitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.28.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.28.4\"), vulnerable:make_list(\"lt 2.28.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebKitGTK+\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:06", "description": "This update for openexr provides the following fix :\n\nSecurity issues fixed :\n\nCVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574).\n\nCVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576).\n\nCVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573).\n\nCVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580).\n\nNon-security issue fixed :\n\nEnable tests when building the package on x86_64. (bsc#1146648)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-05-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : openexr (SUSE-SU-2020:1292-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2020-05-26T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libilmimf-imf_2_1", "p-cpe:/a:novell:suse_linux:libilmimf-imf_2_1-21-debuginfo", "p-cpe:/a:novell:suse_linux:openexr", "p-cpe:/a:novell:suse_linux:openexr-debuginfo", "p-cpe:/a:novell:suse_linux:openexr-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1292-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136786", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1292-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136786);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/26\");\n\n script_cve_id(\"CVE-2020-11758\", \"CVE-2020-11760\", \"CVE-2020-11763\", \"CVE-2020-11764\");\n\n script_name(english:\"SUSE SLES12 Security Update : openexr (SUSE-SU-2020:1292-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openexr provides the following fix :\n\nSecurity issues fixed :\n\nCVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in\nImfMisc.cpp (bsc#1169574).\n\nCVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated\nby ImfTileOffsets.cpp (bsc#1169576).\n\nCVE-2020-11758: Fixed an out-of-bounds read in\nImfOptimizedPixelReading.h (bsc#1169573).\n\nCVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression\nin rleUncompress in ImfRle.cpp (bsc#1169580).\n\nNon-security issue fixed :\n\nEnable tests when building the package on x86_64. (bsc#1146648)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11758/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11760/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11763/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11764/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201292-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74db7ae0\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2020-1292=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP4 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP4-2020-1292=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1292=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP4-2020-1292=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1292=1\n\nSUSE Linux Enterprise Server 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1292=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImf-Imf_2_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libIlmImf-Imf_2_1-21-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openexr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openexr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libIlmImf-Imf_2_1-21-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"openexr-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"openexr-debuginfo-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"openexr-debugsource-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libIlmImf-Imf_2_1-21-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"openexr-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"openexr-debuginfo-2.1.0-6.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"openexr-debugsource-2.1.0-6.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openexr\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:25:05", "description": "Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)\n\nTan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2018-18444)\n\nSamuel Gross discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)\n\nIt was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service.\n(CVE-2020-11765).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-04-28T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : OpenEXR vulnerabilities (USN-4339-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9111", "CVE-2017-9113", "CVE-2017-9115", "CVE-2018-18444", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libopenexr22", "p-cpe:/a:canonical:ubuntu_linux:libopenexr24", "p-cpe:/a:canonical:ubuntu_linux:openexr", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libopenexr-dev"], "id": "UBUNTU_USN-4339-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136028", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4339-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136028);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2017-9111\",\n \"CVE-2017-9113\",\n \"CVE-2017-9115\",\n \"CVE-2018-18444\",\n \"CVE-2020-11758\",\n \"CVE-2020-11759\",\n \"CVE-2020-11760\",\n \"CVE-2020-11761\",\n \"CVE-2020-11762\",\n \"CVE-2020-11763\",\n \"CVE-2020-11764\",\n \"CVE-2020-11765\"\n );\n script_xref(name:\"USN\", value:\"4339-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : OpenEXR vulnerabilities (USN-4339-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Brandon Perry discovered that OpenEXR incorrectly handled certain\nmalformed EXR image files. If a user were tricked into opening a\ncrafted EXR image file, a remote attacker could cause a denial of\nservice, or possibly execute arbitrary code. This issue only applied\nto Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)\n\nTan Jie discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR\nimage file, a remote attacker could cause a denial of service, or\npossibly execute arbitrary code. This issue only applied to Ubuntu\n20.04 LTS. (CVE-2018-18444)\n\nSamuel Gross discovered that OpenEXR incorrectly handled certain\nmalformed EXR image files. If a user were tricked into opening a\ncrafted EXR image file, a remote attacker could cause a denial of\nservice, or possibly execute arbitrary code. (CVE-2020-11758,\nCVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762,\nCVE-2020-11763, CVE-2020-11764)\n\nIt was discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR\nimage file, a remote attacker could cause a denial of service.\n(CVE-2020-11765).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4339-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-18444\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenexr22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenexr24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenexr-dev\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'libopenexr-dev', 'pkgver': '2.2.0-10ubuntu2.2'},\n {'osver': '16.04', 'pkgname': 'libopenexr22', 'pkgver': '2.2.0-10ubuntu2.2'},\n {'osver': '16.04', 'pkgname': 'openexr', 'pkgver': '2.2.0-10ubuntu2.2'},\n {'osver': '18.04', 'pkgname': 'libopenexr-dev', 'pkgver': '2.2.0-11.1ubuntu1.2'},\n {'osver': '18.04', 'pkgname': 'libopenexr22', 'pkgver': '2.2.0-11.1ubuntu1.2'},\n {'osver': '18.04', 'pkgname': 'openexr', 'pkgver': '2.2.0-11.1ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'libopenexr-dev', 'pkgver': '2.3.0-6ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libopenexr24', 'pkgver': '2.3.0-6ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'openexr', 'pkgver': '2.3.0-6ubuntu0.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libopenexr-dev / libopenexr22 / libopenexr24 / openexr');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:27", "description": "Security Fix(es) :\n\n - OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)\n\n - OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763)\n\n - OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp (CVE-2020-11764)", "cvss3": {}, "published": "2020-10-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : OpenEXR on SL7.x x86_64 (20201001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openexr", "p-cpe:/a:fermilab:scientific_linux:openexr-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openexr-devel", "p-cpe:/a:fermilab:scientific_linux:openexr-libs", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20201001_OPENEXR_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/141748", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141748);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-11761\", \"CVE-2020-11763\", \"CVE-2020-11764\");\n\n script_name(english:\"Scientific Linux Security Update : OpenEXR on SL7.x x86_64 (20201001)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - OpenEXR: out-of-bounds read during Huffman uncompression\n (CVE-2020-11761)\n\n - OpenEXR: std::vector out-of-bounds read and write in\n ImfTileOffsets.cpp (CVE-2020-11763)\n\n - OpenEXR: out-of-bounds write in copyIntoFrameBuffer\n function in ImfMisc.cpp (CVE-2020-11764)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2010&L=SCIENTIFIC-LINUX-ERRATA&P=18310\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b8350a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:OpenEXR-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"OpenEXR-1.7.1-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"OpenEXR-debuginfo-1.7.1-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"OpenEXR-devel-1.7.1-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"OpenEXR-libs-1.7.1-8.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR / OpenEXR-debuginfo / OpenEXR-devel / OpenEXR-libs\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:24", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4039 advisory.\n\n - OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)\n\n - OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763)\n\n - OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp (CVE-2020-11764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "CentOS 7 : OpenEXR (CESA-2020:4039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2020-11-30T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openexr", "p-cpe:/a:centos:centos:openexr-devel", "p-cpe:/a:centos:centos:openexr-libs", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-4039.NASL", "href": "https://www.tenable.com/plugins/nessus/141592", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4039 and\n# CentOS Errata and Security Advisory 2020:4039 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141592);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2020-11761\", \"CVE-2020-11763\", \"CVE-2020-11764\");\n script_xref(name:\"RHSA\", value:\"2020:4039\");\n\n script_name(english:\"CentOS 7 : OpenEXR (CESA-2020:4039)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:4039 advisory.\n\n - OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)\n\n - OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763)\n\n - OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp (CVE-2020-11764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-October/012790.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?731d1534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/22.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected OpenEXR, OpenEXR-devel and / or OpenEXR-libs packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11764\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(22, 125, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'OpenEXR-1.7.1-8.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'OpenEXR-devel-1.7.1-8.el7', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'OpenEXR-devel-1.7.1-8.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'OpenEXR-libs-1.7.1-8.el7', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'OpenEXR-libs-1.7.1-8.el7', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'OpenEXR / OpenEXR-devel / OpenEXR-libs');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T19:36:41", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has OpenEXR packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. (CVE-2020-11764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : OpenEXR Multiple Vulnerabilities (NS-SA-2021-0149)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2023-11-27T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:openexr", "p-cpe:/a:zte:cgsl_core:openexr-devel", "p-cpe:/a:zte:cgsl_core:openexr-libs", "p-cpe:/a:zte:cgsl_main:openexr", "p-cpe:/a:zte:cgsl_main:openexr-devel", "p-cpe:/a:zte:cgsl_main:openexr-libs", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0149_OPENEXR.NASL", "href": "https://www.tenable.com/plugins/nessus/154562", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0149. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154562);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\"CVE-2020-11761\", \"CVE-2020-11763\", \"CVE-2020-11764\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : OpenEXR Multiple Vulnerabilities (NS-SA-2021-0149)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has OpenEXR packages installed that are affected\nby multiple vulnerabilities:\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman\n uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as\n demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp. (CVE-2020-11764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0149\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-11761\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-11763\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-11764\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL OpenEXR packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11764\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'OpenEXR-1.7.1-8.el7',\n 'OpenEXR-devel-1.7.1-8.el7',\n 'OpenEXR-libs-1.7.1-8.el7'\n ],\n 'CGSL MAIN 5.05': [\n 'OpenEXR-1.7.1-8.el7',\n 'OpenEXR-devel-1.7.1-8.el7',\n 'OpenEXR-libs-1.7.1-8.el7'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'OpenEXR');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:17", "description": "Multiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files.", "cvss3": {}, "published": "2020-08-31T00:00:00", "type": "nessus", "title": "Debian DSA-4755-1 : openexr - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9111", "CVE-2017-9113", "CVE-2017-9114", "CVE-2017-9115", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-15305", "CVE-2020-15306"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openexr", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4755.NASL", "href": "https://www.tenable.com/plugins/nessus/140061", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4755. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140061);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/02\");\n\n script_cve_id(\"CVE-2017-9111\", \"CVE-2017-9113\", \"CVE-2017-9114\", \"CVE-2017-9115\", \"CVE-2020-11758\", \"CVE-2020-11759\", \"CVE-2020-11760\", \"CVE-2020-11761\", \"CVE-2020-11762\", \"CVE-2020-11763\", \"CVE-2020-11764\", \"CVE-2020-11765\", \"CVE-2020-15305\", \"CVE-2020-15306\");\n script_xref(name:\"DSA\", value:\"4755\");\n\n script_name(english:\"Debian DSA-4755-1 : openexr - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were found in the OpenEXR image library,\nwhich could result in denial of service and potentially the execution\nof arbitrary code when processing malformed EXR image files.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openexr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/openexr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4755\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the openexr packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.2.1-4.1+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"libopenexr-dev\", reference:\"2.2.1-4.1+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libopenexr23\", reference:\"2.2.1-4.1+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openexr\", reference:\"2.2.1-4.1+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openexr-doc\", reference:\"2.2.1-4.1+deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:05", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4039 advisory.\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. (CVE-2020-11764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : OpenEXR (ELSA-2020-4039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2020-10-09T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:openexr", "p-cpe:/a:oracle:linux:openexr-devel", "p-cpe:/a:oracle:linux:openexr-libs"], "id": "ORACLELINUX_ELSA-2020-4039.NASL", "href": "https://www.tenable.com/plugins/nessus/141224", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4039.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141224);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\"CVE-2020-11761\", \"CVE-2020-11763\", \"CVE-2020-11764\");\n\n script_name(english:\"Oracle Linux 7 : OpenEXR (ELSA-2020-4039)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-4039 advisory.\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman\n uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as\n demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp. (CVE-2020-11764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://linux.oracle.com/errata/ELSA-2020-4039.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected OpenEXR, OpenEXR-devel and / or OpenEXR-libs packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11764\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:OpenEXR-libs\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'OpenEXR-1.7.1-8.el7', 'cpu':'aarch64', 'release':'7'},\n {'reference':'OpenEXR-1.7.1-8.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'OpenEXR-devel-1.7.1-8.el7', 'cpu':'aarch64', 'release':'7'},\n {'reference':'OpenEXR-devel-1.7.1-8.el7', 'cpu':'i686', 'release':'7'},\n {'reference':'OpenEXR-devel-1.7.1-8.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'OpenEXR-libs-1.7.1-8.el7', 'cpu':'aarch64', 'release':'7'},\n {'reference':'OpenEXR-libs-1.7.1-8.el7', 'cpu':'i686', 'release':'7'},\n {'reference':'OpenEXR-libs-1.7.1-8.el7', 'cpu':'x86_64', 'release':'7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'OpenEXR / OpenEXR-devel / OpenEXR-libs');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:29", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has OpenEXR packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. (CVE-2020-11764)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : OpenEXR Multiple Vulnerabilities (NS-SA-2021-0031)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2021-03-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0031_OPENEXR.NASL", "href": "https://www.tenable.com/plugins/nessus/147238", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0031. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147238);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2020-11761\", \"CVE-2020-11763\", \"CVE-2020-11764\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : OpenEXR Multiple Vulnerabilities (NS-SA-2021-0031)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has OpenEXR packages installed that are affected\nby multiple vulnerabilities:\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as\n demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp. (CVE-2020-11764)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman\n uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0031\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL OpenEXR packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11764\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'OpenEXR-1.7.1-8.el7',\n 'OpenEXR-devel-1.7.1-8.el7',\n 'OpenEXR-libs-1.7.1-8.el7'\n ],\n 'CGSL MAIN 5.04': [\n 'OpenEXR-1.7.1-8.el7',\n 'OpenEXR-devel-1.7.1-8.el7',\n 'OpenEXR-libs-1.7.1-8.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'OpenEXR');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:07", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1499 advisory.\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. (CVE-2020-11764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : OpenEXR (ALAS-2020-1499)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2020-10-29T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openexr", "p-cpe:/a:amazon:linux:openexr-debuginfo", "p-cpe:/a:amazon:linux:openexr-devel", "p-cpe:/a:amazon:linux:openexr-libs", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1499.NASL", "href": "https://www.tenable.com/plugins/nessus/141952", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1499.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141952);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/29\");\n\n script_cve_id(\"CVE-2020-11761\", \"CVE-2020-11763\", \"CVE-2020-11764\");\n script_xref(name:\"ALAS\", value:\"2020-1499\");\n\n script_name(english:\"Amazon Linux 2 : OpenEXR (ALAS-2020-1499)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1499 advisory.\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman\n uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as\n demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp. (CVE-2020-11764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1499.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11764\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update OpenEXR' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11764\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:OpenEXR-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'OpenEXR-1.7.1-8.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'OpenEXR-1.7.1-8.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'OpenEXR-1.7.1-8.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'OpenEXR-debuginfo-1.7.1-8.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'OpenEXR-debuginfo-1.7.1-8.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'OpenEXR-debuginfo-1.7.1-8.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'OpenEXR-devel-1.7.1-8.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'OpenEXR-devel-1.7.1-8.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'OpenEXR-devel-1.7.1-8.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'OpenEXR-libs-1.7.1-8.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'OpenEXR-libs-1.7.1-8.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'OpenEXR-libs-1.7.1-8.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR / OpenEXR-debuginfo / OpenEXR-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T14:24:17", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4039 advisory.\n\n - OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)\n\n - OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763)\n\n - OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp (CVE-2020-11764)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-29T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenEXR (RHSA-2020:4039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:openexr", "p-cpe:/a:redhat:enterprise_linux:openexr-devel", "p-cpe:/a:redhat:enterprise_linux:openexr-libs"], "id": "REDHAT-RHSA-2020-4039.NASL", "href": "https://www.tenable.com/plugins/nessus/141030", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4039. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141030);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2020-11761\", \"CVE-2020-11763\", \"CVE-2020-11764\");\n script_xref(name:\"RHSA\", value:\"2020:4039\");\n\n script_name(english:\"RHEL 7 : OpenEXR (RHSA-2020:4039)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4039 advisory.\n\n - OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)\n\n - OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763)\n\n - OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp (CVE-2020-11764)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1828990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1828995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1829002\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected OpenEXR, OpenEXR-devel and / or OpenEXR-libs packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11764\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 125, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:OpenEXR-libs\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'OpenEXR-1.7.1-8.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-1.7.1-8.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-1.7.1-8.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-1.7.1-8.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-devel-1.7.1-8.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-libs-1.7.1-8.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'OpenEXR / OpenEXR-devel / OpenEXR-libs');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:07:03", "description": "Multiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files.\n\nFor Debian 9 stretch, these problems have been fixed in version 2.2.0-11+deb9u1.\n\nWe recommend that you upgrade your openexr packages.\n\nFor the detailed security status of openexr please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-31T00:00:00", "type": "nessus", "title": "Debian DLA-2358-1 : openexr security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12596", "CVE-2017-9110", "CVE-2017-9111", "CVE-2017-9112", "CVE-2017-9113", "CVE-2017-9114", "CVE-2017-9115", "CVE-2017-9116", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-15305", "CVE-2020-15306"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libopenexr-dev", "p-cpe:/a:debian:debian_linux:libopenexr22", "p-cpe:/a:debian:debian_linux:openexr", "p-cpe:/a:debian:debian_linux:openexr-doc", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2358.NASL", "href": "https://www.tenable.com/plugins/nessus/140057", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2358-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140057);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/02\");\n\n script_cve_id(\"CVE-2017-12596\", \"CVE-2017-9110\", \"CVE-2017-9111\", \"CVE-2017-9112\", \"CVE-2017-9113\", \"CVE-2017-9114\", \"CVE-2017-9115\", \"CVE-2017-9116\", \"CVE-2020-11758\", \"CVE-2020-11759\", \"CVE-2020-11760\", \"CVE-2020-11761\", \"CVE-2020-11762\", \"CVE-2020-11763\", \"CVE-2020-11764\", \"CVE-2020-11765\", \"CVE-2020-15305\", \"CVE-2020-15306\");\n\n script_name(english:\"Debian DLA-2358-1 : openexr security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were found in the OpenEXR image library,\nwhich could result in denial of service and potentially the execution\nof arbitrary code when processing malformed EXR image files.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.2.0-11+deb9u1.\n\nWe recommend that you upgrade your openexr packages.\n\nFor the detailed security status of openexr please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/openexr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openexr\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenexr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenexr22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openexr-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libopenexr-dev\", reference:\"2.2.0-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenexr22\", reference:\"2.2.0-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openexr\", reference:\"2.2.0-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openexr-doc\", reference:\"2.2.0-11+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:09", "description": "According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.(CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.(CVE-2020-11764)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : OpenEXR (EulerOS-SA-2020-2261)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11763", "CVE-2020-11764"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openexr-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2261.NASL", "href": "https://www.tenable.com/plugins/nessus/142127", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142127);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-11763\",\n \"CVE-2020-11764\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : OpenEXR (EulerOS-SA-2020-2261)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the OpenEXR package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in OpenEXR before 2.4.1. There\n is an std::vector out-of-bounds read and write, as\n demonstrated by ImfTileOffsets.cpp.(CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There\n is an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp.(CVE-2020-11764)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2261\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?34fbf91a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected OpenEXR packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"OpenEXR-libs-1.7.1-7.h2.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-22T15:09:07", "description": "The remote host is affected by the vulnerability described in GLSA-202107-27 (OpenEXR: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2022-01-24T00:00:00", "type": "nessus", "title": "GLSA-202107-27 : OpenEXR: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-15304", "CVE-2020-15305", "CVE-2020-15306", "CVE-2021-20296", "CVE-2021-3474", "CVE-2021-3475", "CVE-2021-3476", "CVE-2021-3477", "CVE-2021-3478", "CVE-2021-3479"], "modified": "2023-11-20T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openexr", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202107-27.NASL", "href": "https://www.tenable.com/plugins/nessus/157033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202107-27.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157033);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/20\");\n\n script_cve_id(\n \"CVE-2020-11758\",\n \"CVE-2020-11759\",\n \"CVE-2020-11760\",\n \"CVE-2020-11761\",\n \"CVE-2020-11762\",\n \"CVE-2020-11763\",\n \"CVE-2020-11764\",\n \"CVE-2020-11765\",\n \"CVE-2020-15304\",\n \"CVE-2020-15305\",\n \"CVE-2020-15306\",\n \"CVE-2021-20296\",\n \"CVE-2021-3474\",\n \"CVE-2021-3475\",\n \"CVE-2021-3476\",\n \"CVE-2021-3477\",\n \"CVE-2021-3478\",\n \"CVE-2021-3479\"\n );\n script_xref(name:\"GLSA\", value:\"202107-27\");\n\n script_name(english:\"GLSA-202107-27 : OpenEXR: Multiple vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202107-27\n(OpenEXR: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenEXR. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202107-27\");\n script_set_attribute(attribute:\"solution\", value:\n\"All OpenEXR users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/openexr-2.5.6'\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3476\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3479\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/openexr\", unaffected:make_list(\"ge 2.5.6\"), vulnerable:make_list(\"lt 2.5.6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:07:30", "description": "According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.(CVE-2020-11764)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.(CVE-2020-11763)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : OpenEXR (EulerOS-SA-2021-1822)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11763", "CVE-2020-11764"], "modified": "2021-05-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openexr-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1822.NASL", "href": "https://www.tenable.com/plugins/nessus/149143", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149143);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/04\");\n\n script_cve_id(\n \"CVE-2020-11763\",\n \"CVE-2020-11764\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : OpenEXR (EulerOS-SA-2021-1822)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the OpenEXR package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in OpenEXR before 2.4.1. There\n is an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp.(CVE-2020-11764)\n\n - An issue was discovered in OpenEXR before 2.4.1. There\n is an std::vector out-of-bounds read and write, as\n demonstrated by ImfTileOffsets.cpp.(CVE-2020-11763)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1822\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a2acfe3c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected OpenEXR packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"OpenEXR-libs-1.7.1-7.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T15:09:04", "description": "According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. (CVE-2020-11758)\n\n - An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. (CVE-2020-11759)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. (CVE-2020-11760)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.\n (CVE-2020-11762)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. (CVE-2020-11764)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. (CVE-2020-11765)\n\n - An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. (CVE-2020-15305)\n\n - An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. (CVE-2020-15306)\n\n - A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20296)\n\n - An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.\n (CVE-2021-23215)\n\n - An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215. (CVE-2021-26260)\n\n - There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability. (CVE-2021-3474)\n\n - There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability. (CVE-2021-3475)\n\n - A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. (CVE-2021-3476)\n\n - There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability. (CVE-2021-3477)\n\n - There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability. (CVE-2021-3478)\n\n - There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. (CVE-2021-3479)\n\n - There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. (CVE-2021-3598)\n\n - There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. (CVE-2021-3605)\n\n - An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits.\n This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. (CVE-2021-3933)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-10-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : OpenEXR (EulerOS-SA-2022-2475)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-15305", "CVE-2020-15306", "CVE-2021-20296", "CVE-2021-23215", "CVE-2021-26260", "CVE-2021-3474", "CVE-2021-3475", "CVE-2021-3476", "CVE-2021-3477", "CVE-2021-3478", "CVE-2021-3479", "CVE-2021-3598", "CVE-2021-3605", "CVE-2021-3933"], "modified": "2023-10-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openexr-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2475.NASL", "href": "https://www.tenable.com/plugins/nessus/165850", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165850);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/10\");\n\n script_cve_id(\n \"CVE-2020-11758\",\n \"CVE-2020-11759\",\n \"CVE-2020-11760\",\n \"CVE-2020-11761\",\n \"CVE-2020-11762\",\n \"CVE-2020-11763\",\n \"CVE-2020-11764\",\n \"CVE-2020-11765\",\n \"CVE-2020-15305\",\n \"CVE-2020-15306\",\n \"CVE-2021-3474\",\n \"CVE-2021-3475\",\n \"CVE-2021-3476\",\n \"CVE-2021-3477\",\n \"CVE-2021-3478\",\n \"CVE-2021-3479\",\n \"CVE-2021-3598\",\n \"CVE-2021-3605\",\n \"CVE-2021-3933\",\n \"CVE-2021-20296\",\n \"CVE-2021-23215\",\n \"CVE-2021-26260\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : OpenEXR (EulerOS-SA-2022-2475)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in\n ImfOptimizedPixelReading.h. (CVE-2020-11758)\n\n - An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in\n CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write\n to an out-of-bounds pointer. (CVE-2020-11759)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression\n in rleUncompress in ImfRle.cpp. (CVE-2020-11760)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman\n uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in\n DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.\n (CVE-2020-11762)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as\n demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp. (CVE-2020-11764)\n\n - An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read\n function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. (CVE-2020-11765)\n\n - An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in\n DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. (CVE-2020-15305)\n\n - An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer\n overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. (CVE-2020-15306)\n\n - A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker,\n that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL\n pointer dereference. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20296)\n\n - An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in\n versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.\n (CVE-2021-23215)\n\n - An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in\n versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This\n is a different flaw from CVE-2021-23215. (CVE-2021-26260)\n\n - There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR\n could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application\n availability. (CVE-2021-3474)\n\n - There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be\n processed by OpenEXR could cause an integer overflow, potentially leading to problems with application\n availability. (CVE-2021-3475)\n\n - A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker\n who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting\n application availability. (CVE-2021-3476)\n\n - There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker\n who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow,\n subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application\n availability. (CVE-2021-3477)\n\n - There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker\n able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The\n greatest impact of this flaw is to system availability. (CVE-2021-3478)\n\n - There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is\n able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory,\n resulting in an impact to system availability. (CVE-2021-3479)\n\n - There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker\n who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds\n read. The greatest risk from this flaw is to application availability. (CVE-2021-3598)\n\n - There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is\n able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The\n greatest risk from this flaw is to application availability. (CVE-2021-3605)\n\n - An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits.\n This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with\n application stability or lead to other attack paths. (CVE-2021-3933)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2475\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?35e2d207\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected OpenEXR packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3476\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3933\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"OpenEXR-libs-2.2.0-15.h3.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T15:52:56", "description": "The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2020-004, 10.14.x prior to 10.14.6 Security Update 2020-004, or 10.15.x prior to 10.15.6. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. (CVE-2019-14899)\n\n - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. (CVE-2019-19906)\n\n - In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). (CVE-2019-20807)\n\n - rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. (CVE-2014-9512)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2020-10-01T00:00:00", "type": "nessus", "title": "macOS 10.15.x < 10.15.6 / 10.14.x < 10.14.6 Security Update 2020-004 / 10.13.x < 10.13.6 Security Update 2020-004", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9512", "CVE-2019-14899", "CVE-2019-19906", "CVE-2019-20807", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-12243", "CVE-2020-9799", "CVE-2020-9854", "CVE-2020-9863", "CVE-2020-9864", "CVE-2020-9865", "CVE-2020-9866", "CVE-2020-9868", "CVE-2020-9869", "CVE-2020-9870", "CVE-2020-9871", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9874", "CVE-2020-9875", "CVE-2020-9876", "CVE-2020-9877", "CVE-2020-9878", "CVE-2020-9879", "CVE-2020-9880", "CVE-2020-9881", "CVE-2020-9882", "CVE-2020-9883", "CVE-2020-9884", "CVE-2020-9885", "CVE-2020-9887", "CVE-2020-9888", "CVE-2020-9889", "CVE-2020-9890", "CVE-2020-9891", "CVE-2020-9892", "CVE-2020-9898", "CVE-2020-9899", "CVE-2020-9900", "CVE-2020-9901", "CVE-2020-9902", "CVE-2020-9904", "CVE-2020-9905", "CVE-2020-9906", "CVE-2020-9908", "CVE-2020-9913", "CVE-2020-9918", "CVE-2020-9919", "CVE-2020-9920", "CVE-2020-9921", "CVE-2020-9924", "CVE-2020-9927", "CVE-2020-9928", "CVE-2020-9929", "CVE-2020-9934", "CVE-2020-9935", "CVE-2020-9936", "CVE-2020-9937", "CVE-2020-9938", "CVE-2020-9939", "CVE-2020-9940", "CVE-2020-9980", "CVE-2020-9984", "CVE-2020-9985", "CVE-2020-9990", "CVE-2020-9994", "CVE-2020-9997"], "modified": "2022-11-21T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT211289.NASL", "href": "https://www.tenable.com/plugins/nessus/141100", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141100);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/21\");\n\n script_cve_id(\n \"CVE-2014-9512\",\n \"CVE-2019-14899\",\n \"CVE-2019-19906\",\n \"CVE-2019-20807\",\n \"CVE-2020-9799\",\n \"CVE-2020-9854\",\n \"CVE-2020-9863\",\n \"CVE-2020-9864\",\n \"CVE-2020-9865\",\n \"CVE-2020-9866\",\n \"CVE-2020-9868\",\n \"CVE-2020-9869\",\n \"CVE-2020-9870\",\n \"CVE-2020-9871\",\n \"CVE-2020-9872\",\n \"CVE-2020-9873\",\n \"CVE-2020-9874\",\n \"CVE-2020-9875\",\n \"CVE-2020-9876\",\n \"CVE-2020-9877\",\n \"CVE-2020-9878\",\n \"CVE-2020-9879\",\n \"CVE-2020-9880\",\n \"CVE-2020-9881\",\n \"CVE-2020-9882\",\n \"CVE-2020-9883\",\n \"CVE-2020-9884\",\n \"CVE-2020-9885\",\n \"CVE-2020-9887\",\n \"CVE-2020-9888\",\n \"CVE-2020-9889\",\n \"CVE-2020-9890\",\n \"CVE-2020-9891\",\n \"CVE-2020-9892\",\n \"CVE-2020-9898\",\n \"CVE-2020-9899\",\n \"CVE-2020-9900\",\n \"CVE-2020-9901\",\n \"CVE-2020-9902\",\n \"CVE-2020-9904\",\n \"CVE-2020-9905\",\n \"CVE-2020-9906\",\n \"CVE-2020-9908\",\n \"CVE-2020-9913\",\n \"CVE-2020-9918\",\n \"CVE-2020-9919\",\n \"CVE-2020-9920\",\n \"CVE-2020-9921\",\n \"CVE-2020-9924\",\n \"CVE-2020-9927\",\n \"CVE-2020-9928\",\n \"CVE-2020-9929\",\n \"CVE-2020-9934\",\n \"CVE-2020-9935\",\n \"CVE-2020-9936\",\n \"CVE-2020-9937\",\n \"CVE-2020-9938\",\n \"CVE-2020-9939\",\n \"CVE-2020-9940\",\n \"CVE-2020-9980\",\n \"CVE-2020-9984\",\n \"CVE-2020-9985\",\n \"CVE-2020-9990\",\n \"CVE-2020-9994\",\n \"CVE-2020-9997\",\n \"CVE-2020-11758\",\n \"CVE-2020-11759\",\n \"CVE-2020-11760\",\n \"CVE-2020-11761\",\n \"CVE-2020-11762\",\n \"CVE-2020-11763\",\n \"CVE-2020-11764\",\n \"CVE-2020-11765\",\n \"CVE-2020-12243\"\n );\n script_xref(name:\"IAVB\", value:\"2020-B-0053-S\");\n script_xref(name:\"APPLE-SA\", value:\"HT211289\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2020-07-15\");\n script_xref(name:\"IAVA\", value:\"2020-A-0539-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n\n script_name(english:\"macOS 10.15.x < 10.15.6 / 10.14.x < 10.14.6 Security Update 2020-004 / 10.13.x < 10.13.6 Security Update 2020-004\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS security update\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2020-004,\n10.14.x prior to 10.14.6 Security Update 2020-004, or 10.15.x prior to 10.15.6. It is, therefore, affected by multiple\nvulnerabilities, including the following:\n\n - A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious\n access point, or an adjacent user, to determine if a connected user is using a VPN, make positive\n inferences about the websites they are visiting, and determine the correct sequence and acknowledgement\n numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that\n is needed for an attacker to hijack active connections inside the VPN tunnel. (CVE-2019-14899)\n\n - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote\n denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an\n off-by-one error in _sasl_add_string in common.c in cyrus-sasl. (CVE-2019-19906)\n\n - In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands\n via scripting interfaces (e.g., Python, Ruby, or Lua). (CVE-2019-20807)\n\n - rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the\n synchronization path. (CVE-2014-9512)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT211289\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macos 10.13.6 Security Update 2020-004 / 10.14.6 Security Update 2020-004 / 10.15.6 or later\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_apple.inc');\n\napp_info = vcf::apple::macos::get_app_info();\n\nconstraints = [\n { 'max_version' : '10.15.5', 'min_version' : '10.15', 'fixed_build': '19G73', 'fixed_display' : 'macOS Catalina 10.15.6' },\n { 'max_version' : '10.13.6', 'min_version' : '10.13', 'fixed_build': '17G14019', 'fixed_display' : '10.13.6 Security Update 2020-004' },\n { 'max_version' : '10.14.6', 'min_version' : '10.14', 'fixed_build': '18G6020', 'fixed_display' : '10.14.6 Security Update 2020-004' }\n];\n\nvcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2022-11-10T08:10:53", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for webkit2gtk3 fixes the following issues:\n\n - Update to version 2.28.4 (bsc#1174662):\n + Fix several crashes and rendering issues.\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894,\n CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-1256=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-25T00:00:00", "type": "suse", "title": "Security update for webkit2gtk3 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-08-25T00:00:00", "id": "OPENSUSE-SU-2020:1256-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DHP5PSRB6P6HQHCNMY75J76LLTLPQEB2/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-10T08:11:05", "description": "An update that solves 7 vulnerabilities and has one errata\n is now available.\n\nDescription:\n\n This update for openexr provides the following fix:\n\n Security issues fixed:\n\n - CVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read\n function by DwaCompressor:Classifier:Classifier (bsc#1169575).\n - CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in\n ImfMisc.cpp (bsc#1169574).\n - CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated\n by ImfTileOffsets.cpp (bsc#1169576).\n - CVE-2020-11762: Fixed an out-of-bounds read and write in\n DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the\n UNKNOWN compression case (bsc#1169549).\n - CVE-2020-11761: Fixed an out-of-bounds read during Huffman\n uncompression, as demonstrated by FastHufDecoder:refill in\n ImfFastHuf.cpp (bsc#1169578).\n - CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in\n rleUncompress in ImfRle.cpp (bsc#1169580).\n - CVE-2020-11758: Fixed an out-of-bounds read in\n ImfOptimizedPixelReading.h (bsc#1169573).\n\n Non-security issue fixed:\n\n - Enable tests when building the package on x86_64. (bsc#1146648)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-682=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-05-23T00:00:00", "type": "suse", "title": "Security update for openexr (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"], "modified": "2020-05-23T00:00:00", "id": "OPENSUSE-SU-2020:0682-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UPIMHT3QWHTJ2S55J25KV3UTF3KXVI46/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-10T08:10:53", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for webkit2gtk3 fixes the following issues:\n\n - Update to version 2.28.4 (bsc#1174662):\n + Fix several crashes and rendering issues.\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894,\n CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-1275=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-28T00:00:00", "type": "suse", "title": "Security update for webkit2gtk3 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-08-28T00:00:00", "id": "OPENSUSE-SU-2020:1275-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HSYHJSOAT52BOF2K6K3RLYFHUAZSWXXJ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-12-03T17:34:57", "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. \n\n### Description\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.28.4\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-31T00:00:00", "type": "gentoo", "title": "WebKitGTK+: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-07-31T00:00:00", "id": "GLSA-202007-61", "href": "https://security.gentoo.org/glsa/202007-61", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:34:32", "description": "### Background\n\nOpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light &amp; Magic for use in computer imaging applications. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenEXR users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/openexr-2.5.6\"", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-07-11T00:00:00", "type": "gentoo", "title": "OpenEXR: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-15304", "CVE-2020-15305", "CVE-2020-15306", "CVE-2021-20296", "CVE-2021-3474", "CVE-2021-3475", "CVE-2021-3476", "CVE-2021-3477", "CVE-2021-3478", "CVE-2021-3479"], "modified": "2021-07-11T00:00:00", "id": "GLSA-202107-27", "href": "https://security.gentoo.org/glsa/202107-27", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2023-12-03T10:49:12", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4739-1 security@debian.org\nhttps://www.debian.org/security/ Alberto Garcia\nAugust 03, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : webkit2gtk\nCVE ID : CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895\n CVE-2020-9915 CVE-2020-9925\n\nThe following vulnerabilities have been discovered in the webkit2gtk\nweb engine:\n\nCVE-2020-9862\n\n Ophir Lojkine discovered that copying a URL from the Web Inspector\n may lead to command injection.\n\nCVE-2020-9893\n\n 0011 discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n\nCVE-2020-9894\n\n 0011 discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n\nCVE-2020-9895\n\n Wen Xu discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n\nCVE-2020-9915\n\n Ayoub Ait Elmokhtar discovered that processing maliciously crafted\n web content may prevent Content Security Policy from being\n enforced.\n\nCVE-2020-9925\n\n An anonymous researcher discovered that processing maliciously\n crafted web content may lead to universal cross site scripting.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.28.4-1~deb10u1.\n\nWe recommend that you upgrade your webkit2gtk packages.\n\nFor the detailed security status of webkit2gtk please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/webkit2gtk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-03T15:08:52", "type": "debian", "title": "[SECURITY] [DSA 4739-1] webkit2gtk security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-08-03T15:08:52", "id": "DEBIAN:DSA-4739-1:5AEC6", "href": "https://lists.debian.org/debian-security-announce/2020/msg00147.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T21:39:33", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4739-1 security@debian.org\nhttps://www.debian.org/security/ Alberto Garcia\nAugust 03, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : webkit2gtk\nCVE ID : CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895\n CVE-2020-9915 CVE-2020-9925\n\nThe following vulnerabilities have been discovered in the webkit2gtk\nweb engine:\n\nCVE-2020-9862\n\n Ophir Lojkine discovered that copying a URL from the Web Inspector\n may lead to command injection.\n\nCVE-2020-9893\n\n 0011 discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n\nCVE-2020-9894\n\n 0011 discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n\nCVE-2020-9895\n\n Wen Xu discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n\nCVE-2020-9915\n\n Ayoub Ait Elmokhtar discovered that processing maliciously crafted\n web content may prevent Content Security Policy from being\n enforced.\n\nCVE-2020-9925\n\n An anonymous researcher discovered that processing maliciously\n crafted web content may lead to universal cross site scripting.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.28.4-1~deb10u1.\n\nWe recommend that you upgrade your webkit2gtk packages.\n\nFor the detailed security status of webkit2gtk please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/webkit2gtk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-08-03T15:08:52", "type": "debian", "title": "[SECURITY] [DSA 4739-1] webkit2gtk security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-08-03T15:08:52", "id": "DEBIAN:DSA-4739-1:90328", "href": "https://lists.debian.org/debian-security-announce/2020/msg00147.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T10:48:34", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4755-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nAugust 29, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openexr\nCVE ID : CVE-2017-9111 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 \n CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 \n CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765 \n CVE-2020-15305 CVE-2020-15306\n\nMultiple security issues were found in the OpenEXR image library, which\ncould result in denial of service and potentially the execution of\narbitrary code when processing malformed EXR image files.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.2.1-4.1+deb10u1.\n\nWe recommend that you upgrade your openexr packages.\n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-29T17:35:55", "type": "debian", "title": "[SECURITY] [DSA 4755-1] openexr security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9111", "CVE-2017-9113", "CVE-2017-9114", "CVE-2017-9115", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-15305", "CVE-2020-15306"], "modified": "2020-08-29T17:35:55", "id": "DEBIAN:DSA-4755-1:22E9E", "href": "https://lists.debian.org/debian-security-announce/2020/msg00162.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:45:59", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2358-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ \nAugust 30, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : openexr\nVersion : 2.2.0-11+deb9u1\nCVE ID : CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 \n CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2017-12596 \n CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 \n CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765 \n CVE-2020-15305 CVE-2020-15306\n\nMultiple security issues were found in the OpenEXR image library, which \ncould result in denial of service and potentially the execution of \narbitrary code when processing malformed EXR image files.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.2.0-11+deb9u1.\n\nWe recommend that you upgrade your openexr packages.\n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-30T19:36:12", "type": "debian", "title": "[SECURITY] [DLA 2358-1] openexr security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12596", "CVE-2017-9110", "CVE-2017-9111", "CVE-2017-9112", "CVE-2017-9113", "CVE-2017-9114", "CVE-2017-9115", "CVE-2017-9116", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-15305", "CVE-2020-15306"], "modified": "2020-08-30T19:36:12", "id": "DEBIAN:DLA-2358-1:F7DB9", "href": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-12-03T20:18:55", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * webkit2gtk \\- Web content engine library for GTK+\n\nA large number of security issues were discovered in the WebKitGTK Web and \nJavaScript engines. If a user were tricked into viewing a malicious \nwebsite, a remote attacker could exploit a variety of issues related to web \nbrowser security, including cross-site scripting attacks, denial of service \nattacks, and arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-03T00:00:00", "type": "ubuntu", "title": "WebKitGTK vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-08-03T00:00:00", "id": "USN-4444-1", "href": "https://ubuntu.com/security/notices/USN-4444-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T20:50:00", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 19.10 \n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * openexr \\- tools for the OpenEXR image format\n\nBrandon Perry discovered that OpenEXR incorrectly handled certain malformed \nEXR image files. If a user were tricked into opening a crafted EXR image \nfile, a remote attacker could cause a denial of service, or possibly \nexecute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. \n(CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)\n\nTan Jie discovered that OpenEXR incorrectly handled certain malformed EXR \nimage files. If a user were tricked into opening a crafted EXR image file, \na remote attacker could cause a denial of service, or possibly execute \narbitrary code. This issue only applied to Ubuntu 20.04 LTS. \n(CVE-2018-18444)\n\nSamuel Gro\u00df discovered that OpenEXR incorrectly handled certain malformed \nEXR image files. If a user were tricked into opening a crafted EXR image \nfile, a remote attacker could cause a denial of service, or possibly \nexecute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, \nCVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)\n\nIt was discovered that OpenEXR incorrectly handled certain malformed EXR \nimage files. If a user were tricked into opening a crafted EXR image \nfile, a remote attacker could cause a denial of service. (CVE-2020-11765)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-27T00:00:00", "type": "ubuntu", "title": "OpenEXR vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9111", "CVE-2017-9113", "CVE-2017-9115", "CVE-2018-18444", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"], "modified": "2020-04-27T00:00:00", "id": "USN-4339-1", "href": "https://ubuntu.com/security/notices/USN-4339-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:19:11", "description": "\nThe following vulnerabilities have been discovered in the webkit2gtk\nweb engine:\n\n\n* [CVE-2020-9862](https://security-tracker.debian.org/tracker/CVE-2020-9862)\nOphir Lojkine discovered that copying a URL from the Web Inspector\n may lead to command injection.\n* [CVE-2020-9893](https://security-tracker.debian.org/tracker/CVE-2020-9893)\n0011 discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n* [CVE-2020-9894](https://security-tracker.debian.org/tracker/CVE-2020-9894)\n0011 discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n* [CVE-2020-9895](https://security-tracker.debian.org/tracker/CVE-2020-9895)\nWen Xu discovered that a remote attacker may be able to cause\n unexpected application termination or arbitrary code execution.\n* [CVE-2020-9915](https://security-tracker.debian.org/tracker/CVE-2020-9915)\nAyoub Ait Elmokhtar discovered that processing maliciously crafted\n web content may prevent Content Security Policy from being\n enforced.\n* [CVE-2020-9925](https://security-tracker.debian.org/tracker/CVE-2020-9925)\nAn anonymous researcher discovered that processing maliciously\n crafted web content may lead to universal cross site scripting.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.28.4-1~deb10u1.\n\n\nWe recommend that you upgrade your webkit2gtk packages.\n\n\nFor the detailed security status of webkit2gtk please refer to its\nsecurity tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/webkit2gtk](https://security-tracker.debian.org/tracker/webkit2gtk)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-08-03T00:00:00", "type": "osv", "title": "webkit2gtk - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862", "CVE-2020-9952", "CVE-2020-9894", "CVE-2020-9925", "CVE-2020-9895", "CVE-2020-9893", "CVE-2020-9915"], "modified": "2022-08-10T07:19:05", "id": "OSV:DSA-4739-1", "href": "https://osv.dev/vulnerability/DSA-4739-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:07:07", "description": "\nMultiple security issues were found in the OpenEXR image library, which\ncould result in denial of service and potentially the execution of\narbitrary code when processing malformed EXR image files.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.2.1-4.1+deb10u1.\n\n\nWe recommend that you upgrade your openexr packages.\n\n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/openexr](https://security-tracker.debian.org/tracker/openexr)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-08-29T00:00:00", "type": "osv", "title": "openexr - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9111", "CVE-2017-9113", "CVE-2020-11761", "CVE-2017-9115", "CVE-2020-11763", "CVE-2020-11765", "CVE-2018-18444", "CVE-2020-15305", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-11762", "CVE-2020-15306"], "modified": "2022-08-10T07:07:03", "id": "OSV:DSA-4755-1", "href": "https://osv.dev/vulnerability/DSA-4755-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:18:55", "description": "\nMultiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.2.0-11+deb9u1.\n\n\nWe recommend that you upgrade your openexr packages.\n\n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/openexr>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-08-30T00:00:00", "type": "osv", "title": "openexr - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9111", "CVE-2017-9112", "CVE-2017-9113", "CVE-2020-11761", "CVE-2017-9110", "CVE-2017-12596", "CVE-2017-9115", "CVE-2020-11763", "CVE-2020-11765", "CVE-2018-18444", "CVE-2020-15305", "CVE-2020-11758", "CVE-2020-11760", "CVE-2020-11759", "CVE-2020-11764", "CVE-2020-11762", "CVE-2017-9114", "CVE-2017-9116", "CVE-2020-15306"], "modified": "2022-08-05T05:18:52", "id": "OSV:DLA-2358-1", "href": "https://osv.dev/vulnerability/DLA-2358-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2023-12-03T17:16:55", "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nBrandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)\n\nTan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2018-18444)\n\nSamuel Gro\u00df discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)\n\nIt was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service. (CVE-2020-11765)\n\nCVEs contained in this USN include: CVE-2017-9111, CVE-2017-9113, CVE-2017-9115, CVE-2018-18444, CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764, CVE-2020-11765.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.177.0\n * CF Deployment \n * All versions prior to v13.0.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3 \n * Upgrade All versions to 0.177.0 or greater\n * CF Deployment \n * Upgrade All versions to v13.0.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4339-1/>)\n * [CVE-2017-9111](<https://vulners.com/cve/CVE-2017-9111>)\n * [CVE-2017-9113](<https://vulners.com/cve/CVE-2017-9113>)\n * [CVE-2017-9115](<https://vulners.com/cve/CVE-2017-9115>)\n * [CVE-2018-18444](<https://vulners.com/cve/CVE-2018-18444>)\n * [CVE-2020-11758](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11758>)\n * [CVE-2020-11759](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11759>)\n * [CVE-2020-11760](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11760>)\n * [CVE-2020-11761](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11761>)\n * [CVE-2020-11762](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11762>)\n * [CVE-2020-11763](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11763>)\n * [CVE-2020-11764](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11764>)\n * [CVE-2020-11765](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11765>)\n\n## History\n\n2020-04-27: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-14T00:00:00", "type": "cloudfoundry", "title": "USN-4339-1: OpenEXR vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9111", "CVE-2017-9113", "CVE-2017-9115", "CVE-2018-18444", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765"], "modified": "2020-05-14T00:00:00", "id": "CFOUNDRY:4AEB9642322F59DD0FC7546535E6E115", "href": "https://www.cloudfoundry.org/blog/usn-4339-1/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "googleprojectzero": [{"lastseen": "2023-12-04T02:04:36", "description": "**Posted by Samuel Gro\u00df, Project Zero**\n\n** \n**\n\nThis blog post discusses an old type of issue, vulnerabilities in image format parsers, in a new(er) context: on interactionless code paths in popular messenger apps. This research was focused on the Apple ecosystem and the image parsing API provided by it: the ImageIO framework. Multiple vulnerabilities in image parsing code were found, reported to Apple or the respective open source image library maintainers, and subsequently fixed. During this research, a lightweight and low-overhead guided fuzzing approach for closed source binaries was implemented and is released alongside this blogpost.\n\n** \n**\n\nTo reiterate an important point, the vulnerabilities described throughout this blog are reachable through popular messengers but are not part of their codebase. It is thus not the responsibility of the messenger vendors to fix them. \n\n## Introduction\n\n** \n**\n\nWhile reverse engineering popular messenger apps, I came across the following code (manually decompiled into ObjC and slightly simplified) on a code path reachable without user interaction:\n\n** \n**\n\nNSData* payload = [handler decryptData:encryptedDataFromSender, ...];\n\nif (isImagePayload) {\n\nUIImage* img = [UIImage imageWithData:payload];\n\n...;\n\n}\n\n** \n**\n\nThis code decrypts binary data received as part of an incoming message from the sender and instantiates a [UIImage](<https://developer.apple.com/documentation/uikit/uiimage?language=objc>) instance from it. The UIImage constructor will then try to determine the image format automatically. Afterwards, the received image is passed to the following code:\n\n** \n**\n\nCGImageRef cgImage = [image CGImage];\n\nCGColorSpaceRef colorSpace = CGColorSpaceCreateDeviceRGB();\n\nCGContextRef cgContext = CGBitmapContextCreate(0, thumbnailWidth, thumbnailHeight, ...);\n\nCGContextDrawImage(cgContext, cgImage, ...);\n\nCGImageRef outImage = CGBitmapContextCreateImage(cgContext);\n\nUIImage* thumbnail = [UIImage imageWithCGImage:outImage];\n\n** \n** \n\n\nThe purpose of this code is to render a smaller sized version of the input image for use as a thumbnail in a notification for the user. Unsurprisingly, similar code can be found in other messenger apps as well. In essence, code like the one shown above turns Apple\u2019s UIImage image parsing and CoreGraphics image rendering code into 0click attack surface.\n\n** \n**\n\nOne of the insights gained from [developing an exploit for an iMessage vulnerability](<https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html>) was that a memory corruption vulnerability could likely be exploited using the described techniques if the following preconditions are met:\n\n** \n**\n\n 1. A form of automatic delivery receipt sent from the same process handling the messages\n\n 2. Per-boot ASLR of at least some memory mappings\n\n 3. Automatically restarting services\n\n** \n**\n\nIn that case, the vulnerability could for example be used to corrupt a pointer to an ObjC object (or something similar), then construct a crash oracle to bypass ASLR, then gain code execution afterwards.\n\n** \n**\n\nAll preconditions are satisfied in the current attack scenario, thus prompting some research into the robustness of the exposed image parsing code. Looking into the [documentation of UImage](<https://developer.apple.com/documentation/uikit/uiimage?language=objc>), the following sentence can be found: \u201cYou use image objects to represent image data of all kinds, and the UIImage class is capable of managing data for all image formats supported by the underlying platform\u201d. As such, the next step was determining exactly what image formats were supported by the underlying platform.\n\n** \n**\n\n## An Introduction to ImageIO.framework\n\n** \n**\n\nParsing of image data passed to UIImage is implemented in the ImageIO framework. As such, the supported image formats can be enumerated by reverse engineering the ImageIO library (/System/Library/Frameworks/ImageIO.framework/Versions/A/ImageIO on macOS or part of the dyld_shared_cache on iOS).\n\n** \n**\n\nIn the ImageIO framework, every supported image format has a dedicated IIO_Reader subclass for it. Each IIO_Reader subclass is expected to implement a testHeader function which, when given a chunk of bytes, should decide whether these bytes represent an image in the format supported by the reader. An example implementation of the testHeader implementation for the LibJPEG reader is shown below. It simply tests a few bytes of the input to detect the JPEG header magic.\n\n** \n**\n\nbool IIO_Reader_LibJPEG::testHeader(IIO_Reader_LibJPEG *this, const unsigned __int8 *a2, unsigned __int64 a3, const __CFString *a4)\n\n{\n\nreturn *a2 == 0xFF &amp;&amp; a2[1] == 0xD8 &amp;&amp; a2[2] == 0xFF;\n\n}\n\n** \n**\n\nBy listing the different testHeader implementations, it thus becomes possible to compile a list of file formats supported by the ImageIO library. The list is as follows:\n\n** \n**\n\nIIORawCamera_Reader::testHeader\n\nIIO_Reader_AI::testHeader\n\nIIO_Reader_ASTC::testHeader\n\nIIO_Reader_ATX::testHeader\n\nIIO_Reader_AppleJPEG::testHeader\n\nIIO_Reader_BC::testHeader\n\nIIO_Reader_BMP::testHeader\n\nIIO_Reader_CUR::testHeader\n\nIIO_Reader_GIF::testHeader\n\nIIO_Reader_HEIF::testHeader\n\nIIO_Reader_ICNS::testHeader\n\nIIO_Reader_ICO::testHeader\n\nIIO_Reader_JP2::testHeader\n\nIIO_Reader_KTX::testHeader\n\nIIO_Reader_LibJPEG::testHeader\n\nIIO_Reader_MPO::testHeader\n\nIIO_Reader_OpenEXR::testHeader\n\nIIO_Reader_PBM::testHeader\n\nIIO_Reader_PDF::testHeader\n\nIIO_Reader_PICT::testHeader (macOS only)\n\nIIO_Reader_PNG::testHeader\n\nIIO_Reader_PSD::testHeader\n\nIIO_Reader_PVR::testHeader\n\nIIO_Reader_RAD::testHeader\n\nIIO_Reader_SGI::testHeader (macOS only)\n\nIIO_Reader_TGA::testHeader\n\nIIO_Reader_TIFF::testHeader\n\n** \n**\n\nWhile this list contains many familiar formats (JPEG, PNG, GIF, \u2026) there are numerous rather exotic ones as well (KTX and ASTC, apparently used for textures or AI: Adobe Illustrator Artwork) and some that appear to be specific to the Apple ecosystem (ICNS for icons, ATX likely for Animojis)\n\n** \n**\n\nSupport for the different formats also varies. Some formats appear fully supported and are often implemented using what appear to be the open source parsing library which can be found in /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources on macOS: libGIF.dylib, libJP2.dylib, libJPEG.dylib, libOpenEXR.dylib, libPng.dylib, libRadiance.dylib, and libTIFF.dylib. Other formats seem to have only rudimentary support for handling the most common cases.\n\n** \n**\n\nFinally, some formats (e.g. PSD), also appear to support out-of-process decoding (on macOS this is handled by /System/Library/Frameworks/ImageIO.framework/Versions/A/XPCServices/ImageIOXPCService.xpc) which can help sandbox vulnerabilities in the parsers. It does not, however, seem to be possible to specify whether parsing should be performed in-process or out-of-process in the public APIs, and no attempt was made to change the default behaviour.\n\n** \n**\n\n## Fuzzing Closed Source Image Parsers\n\n** \n**\n\nGiven the wide range of available image formats and the fact that no source code is available for the majority of the code, fuzzing seemed like the obvious choice. \n\n** \n**\n\nThe choice of which fuzzer and fuzzing approach to use was not so obvious. Since the majority of the target code was not open source, many standard tools were not directly applicable. Further, I had decided to limit fuzzing to a single Mac Mini for simplicity. Thus, the fuzzer should:\n\n 1. Run with as little overhead as possible to fully utilize the available compute resources, and\n\n 2. Make use some kind of code coverage guidance\n\nIn the end I decided to implement something myself on top of [Honggfuzz](<https://github.com/google/honggfuzz>). The idea for the fuzzing approach is loosely based on the paper: [Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing ](<https://arxiv.org/abs/1812.11875>)\n\nand achieves lightweight, low-overhead coverage guided fuzzing for closed source code by: \n\n** \n**\n\n 1. Enumerating the start offset of every basic block in the program/library. This is done with a simple IDAPython script\n\n 2. At runtime, in the fuzzed process, replacing the first byte of every undiscovered basic block with a breakpoint instruction (int3 on Intel). The original byte and the corresponding offset in the coverage bitmap are stored in a dedicated shadow memory mapping whose address can be computed from the address of the modified library, and\n\n 3. Installing a SIGTRAP handler that will:\n\n 1. Retrieve the faulting address and compute the offset in the library as well as the address of the corresponding entry in the shadow memory\n\n 2. Mark the basic block as found in the global coverage bitmap\n\n 3. Replace the breakpoint with the original byte\n\n 4. Resume execution\n\n** \n**\n\nAs only undiscovered basic blocks are instrumented and since every breakpoint is only triggered once, the runtime overhead quickly approaches zero. It should, however, be noted that this approach only achieves basic block coverage and not edge coverage as used for example by [AFL](<https://lcamtuf.coredump.cx/afl/>) and which, for closed source targets, can be achieved through [dynamic](<https://project.inria.fr/FranceJapanICST/files/2019/04/19-Kyoto-Fuzzing_Binaries_using_Dynamic_Instrumentation.pdf>) [binary](<https://github.com/googleprojectzero/winafl/blob/master/readme_dr.md>) [instrumentation](<https://youtu.be/fTNzylTMYks>) albeit with some performance overhead. It will thus be more \u201ccoarse grained\u201d and for example treat different transitions to the same basic block as equal whereas AFL would not. As such, this approach will likely find fewer vulnerabilities given the same number of iterations. I deemed this acceptable as the goal of this research was not to perform thorough discovery of all vulnerabilities but rather to quickly test the robustness of the image parsing code and highlight the attack vector. Thorough fuzzing, in any case, is always best performed by the maintainers with source code access.\n\n** \n**\n\nThe described approach was fairly easy to implement by patching honggfuzz\u2019s client instrumentation code and writing an IDAPython script to enumerate the basic block offsets. Both patch and IDAPython script can be found [here](<https://github.com/googleprojectzero/p0tools/tree/master/TrapFuzz>). \n\n** \n**\n\nThe fuzzer then started from a small corpus of around 700 seed images covering the supported image formats and ran for multiple weeks. In the end, the following vulnerabilities were identified:\n\n** \n**\n\n[P0 Issue 1952](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1952>)\n\nA bug in the usage of libTiff by ImageIO which caused controlled data to be written past the end of a memory buffer. No CVE was assigned for this issue likely because it had already been discovered internally by Apple before we reported it.\n\n** \n**\n\n[CVE-2020-3826/P0 Issue 1953](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1953>)\n\nAn out-of-bounds read on the heap when processing DDS images with invalid size parameters.\n\n** \n**\n\n[CVE-2020-3827/P0 Issue 1956](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1956>)\n\nAn out-of-bounds write on the heap when processing JPEG images with an optimized parser. \n\n** \n**\n\n[CVE-2020-3878/P0 Issue 1974](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1974>)\n\nPossibly an off-by-one error in the PVR decoding logic leading to an additional row of pixel data being written out-of-bounds past the end of the output buffer.\n\n** \n**\n\n[CVE-2020-3878/P0 Issue 1984](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1984>)\n\nA related bug in the PVR decoder leading to an out-of-bounds read which likely had the same root cause as P0 Issue 1974 and thus was assigned the same CVE number.\n\n** \n**\n\n[CVE-2020-3880/P0 Issue 1988](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1988>)\n\nAn out-of-bounds read during handling of OpenEXR images.\n\n** \n**\n\nThe last issue was somewhat special as it occurred in 3rd party code bundled with ImageIO, namely that of the [OpenEXR library](<https://github.com/AcademySoftwareFoundation/openexr>). As that library is open source, I decided to fuzz it separately as well. \n\n** \n**\n\n## OpenEXR\n\n** \n**\n\n[OpenEXR](<https://www.openexr.com/>) is \u201ca high dynamic-range (HDR) image file format [...] for use in computer imaging applications\u201d. The parser is implemented in C and C++ and can be found on [github](<https://github.com/AcademySoftwareFoundation/openexr>).\n\nAs described above, the OpenEXR library is exposed through Apple\u2019s ImageIO framework and therefore is exposed as a 0click attack surface through various popular messenger apps on Apple devices. It is likely that the attack surface is not limited to messaging apps, though I haven't conducted additional research to support that claim.\n\n** \n**\n\nAs the library is open source, \u201cconventional\u201d guided fuzzing is much easier to perform. I used a Google internal, coverage-guided fuzzer running on roughly 500 cores for around two weeks. The fuzzer was guided by edge coverage using llvm\u2019s [SanitizerCoverage](<https://clang.llvm.org/docs/SanitizerCoverage.html>) and generated new inputs by mutating existing ones using common binary mutation strategies and starting from a set of roughly 80 existing OpenEXR images as seeds. \n\n** \n**\n\nEight likely unique vulnerabilities were identified and reported as [P0 issue 1987](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1987>) to the OpenEXR maintainers, then fixed in the [2.4.1 release](<https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1>). They are briefly summarized next:\n\n** \n**\n\nCVE-2020-11764\n\nAn out-of-bounds write (of presumably image pixels) on the heap in the copyIntoFrameBuffer function.\n\n** \n**\n\nCVE-2020-11763\n\nA bug that caused a std::vector to be read out-ouf-bounds. Afterwards, the calling code would write into an element slot of this vector, thus likely corrupting memory.\n\n** \n**\n\nCVE-2020-11762\n\nAn out-of-bounds memcpy that was reading data out-of-bounds and afterwards potentially writing it out-of-bounds as well.\n\n** \n**\n\nCVE-2020-11760, CVE-2020-11761, CVE-2020-11758\n\nVarious out-of-bounds reads of pixel data and other data structures.\n\n** \n**\n\nCVE-2020-11765\n\nAn out-of-bounds read on the stack, likely due to an off-by-one error previously overwriting a string null terminator on the stack.\n\n** \n**\n\nCVE-2020-11759\n\nLikely an integer overflow issue leading to a write to a wild pointer.\n\n** \n**\n\nInterestingly, the crash initially found by the ImageIO fuzzer ([issue 1988](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1988>)) did not appear to be reproducible in the upstream OpenEXR library and was thus reported directly to Apple. A possible explanation is that Apple was shipping an outdated version of the OpenEXR library and the bug had been fixed upstream in the meantime.\n\n** \n**\n\n## Recommendations\n\n** \n**\n\nMedia format parsing remains an important issue. This was also demonstrated by other researchers and vendor advisories, with the two following coming immediately to mind:\n\n * [https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/](<https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/>)\n\n * [https://www.facebook.com/security/advisories/cve-2019-11931](<https://www.facebook.com/security/advisories/cve-2019-11931>)\n\n** \n**\n\nThis of course suggests that continuous fuzz-testing of input parsers should occur on the vendor/code maintainer side. Further, allowing clients of a library like ImageIO to restrict the allowed input formats and potentially to opt-in to out-of-process decoding can help prevent exploitation.\n\n** \n**\n\nOn the messenger side, one recommendation is to reduce the attack surface by restricting the receiver to a small number of supported image formats (at least for message previews that don\u2019t require interaction). In that case, the sender would then re-encode any unsupported image format prior to sending it to the receiver. In the case of ImageIO, that would reduce the attack surface from around 25 image formats down to just a handful or less.\n\n** \n**\n\n## Conclusion\n\nThis blog post described how image parsing code, as part of the operating system or third party libraries, end up being exposed to 0click attack surface through popular messengers. Fuzzing of the exposed code turned up numerous new vulnerabilities which have since been fixed. It is likely that, given enough effort (and exploit attempts granted due to automatically restarting services), some of the found vulnerabilities can be exploited for RCE in a 0click attack scenario. Unfortunately it is also likely that other bugs remain or will be introduced in the future. As such, continuous fuzz-testing of this and similar media format parsing code as well as aggressive attack-surface reduction, both in operating system libraries (in this case ImageIO) as well as messenger apps (by restricting the number of accepted image formats on the receiver) are recommended.\n\n \n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-28T00:00:00", "type": "googleprojectzero", "title": "\nFuzzing ImageIO\n", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11931", "CVE-2020-11758", "CVE-2020-11759", "CVE-2020-11760", "CVE-2020-11761", "CVE-2020-11762", "CVE-2020-11763", "CVE-2020-11764", "CVE-2020-11765", "CVE-2020-3826", "CVE-2020-3827", "CVE-2020-3878", "CVE-2020-3880"], "modified": "2020-04-28T00:00:00", "id": "GOOGLEPROJECTZERO:8D97E6A853D0492A3F60FD23D695FB73", "href": "https://googleprojectzero.blogspot.com/2020/04/fuzzing-imageio.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2023-12-03T19:56:07", "description": "**CentOS Errata and Security Advisory** CESA-2020:4039\n\n\nOpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications. This package contains libraries and sample applications for handling the format. \n\nSecurity Fix(es):\n\n* OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)\n\n* OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763)\n\n* OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp (CVE-2020-11764)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2020-October/032860.html\n\n**Affected packages:**\nOpenEXR\nOpenEXR-devel\nOpenEXR-libs\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2020:4039", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-20T18:35:31", "type": "centos", "title": "OpenEXR security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2020-10-20T18:35:31", "id": "CESA-2020:4039", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2020-October/032860.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2023-12-02T22:41:23", "description": "OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications. This package contains libraries and sample applications for handling the format. \n\nSecurity Fix(es):\n\n* OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)\n\n* OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763)\n\n* OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp (CVE-2020-11764)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-09-29T07:53:49", "type": "redhat", "title": "(RHSA-2020:4039) Moderate: OpenEXR security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2020-09-29T09:41:34", "id": "RHSA-2020:4039", "href": "https://access.redhat.com/errata/RHSA-2020:4039", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2023-12-03T19:14:27", "description": "**Issue Overview:**\n\nAn issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)\n\nAn issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. (CVE-2020-11763)\n\nAn issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. (CVE-2020-11764)\n\n \n**Affected Packages:** \n\n\nOpenEXR\n\n \n**Note:**\n\nThis advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this [FAQ section](<../../faqs.html#clarify-al2-advisories>) for the difference between AL2 Core and AL2 Extras advisories. \n\n \n**Issue Correction:** \nRun _yum update OpenEXR_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 OpenEXR-1.7.1-8.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 OpenEXR-devel-1.7.1-8.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 OpenEXR-libs-1.7.1-8.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 OpenEXR-debuginfo-1.7.1-8.amzn2.0.1.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 OpenEXR-1.7.1-8.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 OpenEXR-devel-1.7.1-8.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 OpenEXR-libs-1.7.1-8.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 OpenEXR-debuginfo-1.7.1-8.amzn2.0.1.i686 \n \n src: \n \u00a0\u00a0\u00a0 OpenEXR-1.7.1-8.amzn2.0.1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 OpenEXR-1.7.1-8.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 OpenEXR-devel-1.7.1-8.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 OpenEXR-libs-1.7.1-8.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 OpenEXR-debuginfo-1.7.1-8.amzn2.0.1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2020-11761](<https://access.redhat.com/security/cve/CVE-2020-11761>), [CVE-2020-11763](<https://access.redhat.com/security/cve/CVE-2020-11763>), [CVE-2020-11764](<https://access.redhat.com/security/cve/CVE-2020-11764>)\n\nMitre: [CVE-2020-11761](<https://vulners.com/cve/CVE-2020-11761>), [CVE-2020-11763](<https://vulners.com/cve/CVE-2020-11763>), [CVE-2020-11764](<https://vulners.com/cve/CVE-2020-11764>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-22T17:15:00", "type": "amazon", "title": "Medium: OpenEXR", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2020-10-22T22:43:00", "id": "ALAS2-2020-1499", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1499.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:25:00", "description": "[1.7.1-8]\n- fix CVE-2020-11764 (#1833552)\n- fix CVE-2020-11763 (#1833566)\n- fix CVE-2020-11761 (#1834461)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-10-06T00:00:00", "type": "oraclelinux", "title": "OpenEXR security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11761", "CVE-2020-11763", "CVE-2020-11764"], "modified": "2020-10-06T00:00:00", "id": "ELSA-2020-4039", "href": "http://linux.oracle.com/errata/ELSA-2020-4039.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-03T14:06:09", "description": "An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one\nerror in use of the ImfXdr.h read function by\nDwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | possibly same commits as CVE-2020-11762, need to check\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-14T00:00:00", "type": "ubuntucve", "title": "CVE-2020-11765", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11762", "CVE-2020-11765"], "modified": "2020-04-14T00:00:00", "id": "UB:CVE-2020-11765", "href": "https://ubuntu.com/security/CVE-2020-11765", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:02:55", "description": "A logic issue was addressed with improved state management. This issue is\nfixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari\n13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for\nWindows 7.20. Processing maliciously crafted web content may lead to\nuniversal cross site scripting.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-07-29T00:00:00", "type": "ubuntucve", "title": "CVE-2020-9925", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9925"], "modified": "2020-07-29T00:00:00", "id": "UB:CVE-2020-9925", "href": "https://ubuntu.com/security/CVE-2020-9925", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-03T14:02:56", "description": "An access issue existed in Content Security Policy. This issue was\naddressed with improved access restrictions. This issue is fixed in iOS\n13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes\n12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20.\nProcessing maliciously crafted web content may prevent Content Security\nPolicy from being enforced.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-07-29T00:00:00", "type": "ubuntucve", "title": "CVE-2020-9915", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9915"], "modified": "2020-07-29T00:00:00", "id": "UB:CVE-2020-9915", "href": "https://ubuntu.com/security/CVE-2020-9915", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-03T14:02:55", "description": "An out-of-bounds read was addressed with improved input validation. This\nissue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8,\nSafari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud\nfor Windows 7.20. A remote attacker may be able to cause unexpected\napplication termination or arbitrary code execution.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-07-29T00:00:00", "type": "ubuntucve", "title": "CVE-2020-9894", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9894"], "modified": "2020-07-29T00:00:00", "id": "UB:CVE-2020-9894", "href": "https://ubuntu.com/security/CVE-2020-9894", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-03T14:02:56", "description": "A command injection issue existed in Web Inspector. This issue was\naddressed with improved escaping. This issue is fixed in iOS 13.6 and\niPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for\nWindows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL\nfrom Web Inspector may lead to command injection.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-29T00:00:00", "type": "ubuntucve", "title": "CVE-2020-9862", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862"], "modified": "2020-07-29T00:00:00", "id": "UB:CVE-2020-9862", "href": "https://ubuntu.com/security/CVE-2020-9862", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T14:06:10", "description": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds\nread during RLE uncompression in rleUncompress in ImfRle.cpp.\n\n#### Bugs\n\n * <https://bugs.chromium.org/p/project-zero/issues/detail?id=1987>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-14T00:00:00", "type": "ubuntucve", "title": "CVE-2020-11760", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11760"], "modified": "2020-04-14T00:00:00", "id": "UB:CVE-2020-11760", "href": "https://ubuntu.com/security/CVE-2020-11760", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:06:10", "description": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds\nread in ImfOptimizedPixelReading.h.\n\n#### Bugs\n\n * <https://bugs.chromium.org/p/project-zero/issues/detail?id=1987>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-14T00:00:00", "type": "ubuntucve", "title": "CVE-2020-11758", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758"], "modified": "2020-04-14T00:00:00", "id": "UB:CVE-2020-11758", "href": "https://ubuntu.com/security/CVE-2020-11758", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:06:14", "description": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds\nread and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when\nhandling the UNKNOWN compression case.\n\n#### Bugs\n\n * <https://bugs.chromium.org/p/project-zero/issues/detail?id=1987>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | need to check if commits are the right ones\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-14T00:00:00", "type": "ubuntucve", "title": "CVE-2020-11762", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11762"], "modified": "2020-04-14T00:00:00", "id": "UB:CVE-2020-11762", "href": "https://ubuntu.com/security/CVE-2020-11762", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:02:57", "description": "A use after free issue was addressed with improved memory management. This\nissue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8,\nSafari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud\nfor Windows 7.20. A remote attacker may be able to cause unexpected\napplication termination or arbitrary code execution.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-29T00:00:00", "type": "ubuntucve", "title": "CVE-2020-9893", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9893"], "modified": "2020-07-29T00:00:00", "id": "UB:CVE-2020-9893", "href": "https://ubuntu.com/security/CVE-2020-9893", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T14:02:55", "description": "A use after free issue was addressed with improved memory management. This\nissue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8,\nSafari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud\nfor Windows 7.20. A remote attacker may be able to cause unexpected\napplication termination or arbitrary code execution.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-29T00:00:00", "type": "ubuntucve", "title": "CVE-2020-9895", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9895"], "modified": "2020-07-29T00:00:00", "id": "UB:CVE-2020-9895", "href": "https://ubuntu.com/security/CVE-2020-9895", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T14:06:11", "description": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds\nread during Huffman uncompression, as demonstrated by\nFastHufDecoder::refill in ImfFastHuf.cpp.\n\n#### Bugs\n\n * <https://bugs.chromium.org/p/project-zero/issues/detail?id=1987>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | need to check if commit is the right one\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-14T00:00:00", "type": "ubuntucve", "title": "CVE-2020-11761", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11761"], "modified": "2020-04-14T00:00:00", "id": "UB:CVE-2020-11761", "href": "https://ubuntu.com/security/CVE-2020-11761", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-12-02T17:39:56", "description": "A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-09-16T14:16:55", "type": "redhatcve", "title": "CVE-2020-9925", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9925"], "modified": "2023-04-06T07:45:21", "id": "RH:CVE-2020-9925", "href": "https://access.redhat.com/security/cve/cve-2020-9925", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-02T17:39:56", "description": "An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-09-16T14:17:36", "type": "redhatcve", "title": "CVE-2020-9915", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9915"], "modified": "2023-04-06T07:45:15", "id": "RH:CVE-2020-9915", "href": "https://access.redhat.com/security/cve/cve-2020-9915", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-02T17:39:56", "description": "A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-09-16T14:16:48", "type": "redhatcve", "title": "CVE-2020-9862", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862"], "modified": "2023-04-06T07:44:20", "id": "RH:CVE-2020-9862", "href": "https://access.redhat.com/security/cve/cve-2020-9862", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T17:39:55", "description": "An out-of-bounds read flaw was found in webkitgtk that affected WebKitGTK versions before 2.28.4 and WPE WebKit versions before 2.28.4. This flaw allows a remote attacker to cause unexpected application termination or arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-09-16T14:16:49", "type": "redhatcve", "title": "CVE-2020-9894", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9894"], "modified": "2023-04-06T07:44:45", "id": "RH:CVE-2020-9894", "href": "https://access.redhat.com/security/cve/cve-2020-9894", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-02T17:41:18", "description": "An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.\n#### Mitigation\n\nMitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. \n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-28T17:10:54", "type": "redhatcve", "title": "CVE-2020-11765", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11765"], "modified": "2023-04-06T07:46:37", "id": "RH:CVE-2020-11765", "href": "https://access.redhat.com/security/cve/cve-2020-11765", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-02T17:41:18", "description": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-29T15:10:02", "type": "redhatcve", "title": "CVE-2020-11758", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758"], "modified": "2023-04-06T07:42:55", "id": "RH:CVE-2020-11758", "href": "https://access.redhat.com/security/cve/cve-2020-11758", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-02T17:41:19", "description": "An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-28T17:39:52", "type": "redhatcve", "title": "CVE-2020-11759", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11759"], "modified": "2023-04-06T07:43:05", "id": "RH:CVE-2020-11759", "href": "https://access.redhat.com/security/cve/cve-2020-11759", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-02T17:41:18", "description": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-28T17:39:59", "type": "redhatcve", "title": "CVE-2020-11760", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11760"], "modified": "2023-04-06T07:43:15", "id": "RH:CVE-2020-11760", "href": "https://access.redhat.com/security/cve/cve-2020-11760", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-02T17:41:18", "description": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-28T17:40:00", "type": "redhatcve", "title": "CVE-2020-11761", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11761"], "modified": "2023-04-06T07:43:35", "id": "RH:CVE-2020-11761", "href": "https://access.redhat.com/security/cve/cve-2020-11761", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-02T17:41:18", "description": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.\n#### Mitigation\n\nMitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. \n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-28T17:40:09", "type": "redhatcve", "title": "CVE-2020-11764", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11764"], "modified": "2023-04-06T07:44:27", "id": "RH:CVE-2020-11764", "href": "https://access.redhat.com/security/cve/cve-2020-11764", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-02T17:39:56", "description": "A flaw was found in webkitgtk in versions prior to 2.28.4 and in WPE WebKit in versions prior to 2.28.4. A use-after-free issue was found allowing a remote attacker to cause unexpected application termination or arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-16T14:16:54", "type": "redhatcve", "title": "CVE-2020-9895", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9895"], "modified": "2023-04-06T07:45:05", "id": "RH:CVE-2020-9895", "href": "https://access.redhat.com/security/cve/cve-2020-9895", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T17:41:18", "description": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.\n#### Mitigation\n\nMitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. \n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-28T17:40:07", "type": "redhatcve", "title": "CVE-2020-11762", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11762"], "modified": "2023-04-06T07:43:46", "id": "RH:CVE-2020-11762", "href": "https://access.redhat.com/security/cve/cve-2020-11762", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-02T17:39:56", "description": "A use-after-free issue was found in webkitgtk that affected WebKitGTK versions before 2.28.4 and WPE WebKit versions before 2.28.4. This flaw allows a remote attacker to cause unexpected application termination or arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-09-16T14:17:26", "type": "redhatcve", "title": "CVE-2020-9893", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9893"], "modified": "2023-04-06T07:44:51", "id": "RH:CVE-2020-9893", "href": "https://access.redhat.com/security/cve/cve-2020-9893", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-12-03T16:40:09", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-22T18:15:00", "type": "cve", "title": "CVE-2020-9874", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9874"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9874", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9874", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T16:40:07", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-22T18:15:00", "type": "cve", "title": "CVE-2020-9871", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9871"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9871", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9871", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T16:40:25", "description": "Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-16T17:15:00", "type": "cve", "title": "CVE-2020-9910", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9910"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9910", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9910", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T16:40:12", "description": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-22T18:15:00", "type": "cve", "title": "CVE-2020-9883", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9883"], "modified": "2023-01-09T16:41:00", "cpe": ["cpe:/o:apple:mac_os_x:10.13.6", "cpe:/o:apple:macos:11.0.1", "cpe:/o:apple:mac_os_x:10.14.6"], "id": "CVE-2020-9883", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9883", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:11.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T16:40:24", "description": "A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-10-16T17:15:00", "type": "cve", "title": "CVE-2020-9916", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9916"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9916", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9916", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2023-12-03T16:40:08", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-22T18:15:00", "type": "cve", "title": "CVE-2020-9872", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9872"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9872", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9872", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T16:40:10", "description": "An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-22T18:15:00", "type": "cve", "title": "CVE-2020-9875", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9875"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9875", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9875", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T16:40:25", "description": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-22T19:15:00", "type": "cve", "title": "CVE-2020-9919", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9919"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9919", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9919", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T16:40:25", "description": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-22T18:15:00", "type": "cve", "title": "CVE-2020-9873", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9873"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9873", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9873", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T16:40:51", "description": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-22T19:15:00", "type": "cve", "title": "CVE-2020-9984", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9984"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9984", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9984", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T16:40:11", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-22T18:15:00", "type": "cve", "title": "CVE-2020-9879", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9879"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9879", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9879", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T16:40:11", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-22T18:15:00", "type": "cve", "title": "CVE-2020-9876", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9876"], "modified": "2023-01-09T16:41:00", "cpe": ["cpe:/o:apple:mac_os_x:10.13.6", "cpe:/o:apple:macos:11.0.1", "cpe:/o:apple:mac_os_x:10.14.6"], "id": "CVE-2020-9876", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9876", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:11.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T16:40:09", "description": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-22T18:15:00", "type": "cve", "title": "CVE-2020-9877", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9877"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9877", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9877", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T16:40:28", "description": "A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-10-16T17:15:00", "type": "cve", "title": "CVE-2020-9925", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9925"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9925", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9925", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2023-12-03T16:40:32", "description": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-22T19:15:00", "type": "cve", "title": "CVE-2020-9938", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9938"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9938", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9938", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T16:40:24", "description": "An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-16T17:15:00", "type": "cve", "title": "CVE-2020-9915", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9915"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9915", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9915", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2023-12-03T16:40:37", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-22T19:15:00", "type": "cve", "title": "CVE-2020-9937", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9937"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9937", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9937", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T16:40:31", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-16T17:15:00", "type": "cve", "title": "CVE-2020-9936", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9936"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9936", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9936", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T14:57:44", "description": "An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-14T23:15:00", "type": "cve", "title": "CVE-2020-11765", "cwe": ["CWE-193", "CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11765"], "modified": "2023-11-07T03:15:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:apple:mac_os_x:10.14.6", "cpe:/o:apple:mac_os_x:10.13.6", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:canonical:ubuntu_linux:19.10", "cpe:/o:canonical:ubuntu_linux:20.04", "cpe:/o:opensuse:leap:15.1", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2020-11765", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11765", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.13.6:supplemental_update:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T16:40:16", "description": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-10-16T17:15:00", "type": "cve", "title": "CVE-2020-9894", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9894"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9894", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9894", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-12-03T14:57:41", "description": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-14T23:15:00", "type": "cve", "title": "CVE-2020-11758", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11758"], "modified": "2023-11-07T03:15:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:apple:mac_os_x:10.14.6", "cpe:/o:apple:mac_os_x:10.13.6", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:canonical:ubuntu_linux:19.10", "cpe:/o:canonical:ubuntu_linux:20.04", "cpe:/o:opensuse:leap:15.1", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2020-11758", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11758", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.13.6:supplemental_update:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T16:40:04", "description": "A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-16T17:15:00", "type": "cve", "title": "CVE-2020-9862", "cwe": ["CWE-116", "CWE-77"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9862"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9862", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9862", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T14:57:41", "description": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-14T23:15:00", "type": "cve", "title": "CVE-2020-11760", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11760"], "modified": "2023-11-07T03:15:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:apple:mac_os_x:10.14.6", "cpe:/o:apple:mac_os_x:10.13.6", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:canonical:ubuntu_linux:19.10", "cpe:/o:canonical:ubuntu_linux:20.04", "cpe:/o:opensuse:leap:15.1", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2020-11760", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11760", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:57:41", "description": "An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-14T23:15:00", "type": "cve", "title": "CVE-2020-11759", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11759"], "modified": "2023-11-07T03:15:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:apple:mac_os_x:10.14.6", "cpe:/o:apple:mac_os_x:10.13.6", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:canonical:ubuntu_linux:19.10", "cpe:/o:canonical:ubuntu_linux:20.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2020-11759", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11759", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T16:40:15", "description": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadO