var-202002-1480
Vulnerability from variot
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. A buffer error vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Windows-based Apple iCloud versions prior to 10.9.2 and 7.17; Windows-based iTunes versions prior to 12.10.4; tvOS versions prior to 13.3.1; Safari versions prior to 13.0.5; iOS 13.3 Versions prior to .1; versions prior to iPadOS 13.3.1. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237) WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-8601) An out-of-bounds read was addressed with improved input validation. (CVE-2019-8644) A logic issue existed in the handling of synchronous page loads. (CVE-2019-8689) A logic issue existed in the handling of document loads. (CVE-2019-8719) This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766) "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768) An issue existed in the drawing of web page elements. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769) This issue was addressed with improved iframe sandbox enforcement. (CVE-2019-8846) WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018) A use-after-free flaw exists in WebKitGTK. This flaw allows remote malicious users to execute arbitrary code or cause a denial of service. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885) A race condition was addressed with additional validation. An application may be able to read restricted memory. (CVE-2020-3901) An input validation issue was addressed with improved input validation. (CVE-2020-3902). Solution:
Download the release images via:
quay.io/redhat/quay:v3.3.3 quay.io/redhat/clair-jwt:v3.3.3 quay.io/redhat/quay-builder:v3.3.3 quay.io/redhat/clair:v3.3.3
- Bugs fixed (https://bugzilla.redhat.com/):
1905758 - CVE-2020-27831 quay: email notifications authorization bypass 1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display
- JIRA issues fixed (https://issues.jboss.org/):
PROJQUAY-1124 - NVD feed is broken for latest Clair v2 version
Bug Fix(es):
-
Aggregator pod tries to parse ConfigMaps without results (BZ#1899479)
-
The compliancesuite object returns error with ocp4-cis tailored profile (BZ#1902251)
-
The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object (BZ#1902634)
-
[OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object (BZ#1907414)
-
The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator (BZ#1908991)
-
Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" (BZ#1909081)
-
[OCP v46] Always update the default profilebundles on Compliance operator startup (BZ#1909122)
-
Bugs fixed (https://bugzilla.redhat.com/):
1899479 - Aggregator pod tries to parse ConfigMaps without results 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902251 - The compliancesuite object returns error with ocp4-cis tailored profile 1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object 1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object 1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator 1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" 1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: webkitgtk4 security, bug fix, and enhancement update Advisory ID: RHSA-2020:4035-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4035 Issue date: 2020-09-29 CVE Names: CVE-2019-6237 CVE-2019-6251 CVE-2019-8506 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 CVE-2019-8625 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8674 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-11070 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-10018 CVE-2020-11793 ==================================================================== 1. Summary:
An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
- Description:
WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3.
The following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144)
Security Fix(es):
- webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: webkitgtk4-2.28.2-2.el7.src.rpm
x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: webkitgtk4-2.28.2-2.el7.src.rpm
x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: webkitgtk4-2.28.2-2.el7.src.rpm
ppc64: webkitgtk4-2.28.2-2.el7.ppc.rpm webkitgtk4-2.28.2-2.el7.ppc64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm
ppc64le: webkitgtk4-2.28.2-2.el7.ppc64le.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm
s390x: webkitgtk4-2.28.2-2.el7.s390.rpm webkitgtk4-2.28.2-2.el7.s390x.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm
x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
ppc64: webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm
s390x: webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-devel-2.28.2-2.el7.s390.rpm webkitgtk4-devel-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: webkitgtk4-2.28.2-2.el7.src.rpm
x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. References:
https://access.redhat.com/security/cve/CVE-2019-6237 https://access.redhat.com/security/cve/CVE-2019-6251 https://access.redhat.com/security/cve/CVE-2019-8506 https://access.redhat.com/security/cve/CVE-2019-8524 https://access.redhat.com/security/cve/CVE-2019-8535 https://access.redhat.com/security/cve/CVE-2019-8536 https://access.redhat.com/security/cve/CVE-2019-8544 https://access.redhat.com/security/cve/CVE-2019-8551 https://access.redhat.com/security/cve/CVE-2019-8558 https://access.redhat.com/security/cve/CVE-2019-8559 https://access.redhat.com/security/cve/CVE-2019-8563 https://access.redhat.com/security/cve/CVE-2019-8571 https://access.redhat.com/security/cve/CVE-2019-8583 https://access.redhat.com/security/cve/CVE-2019-8584 https://access.redhat.com/security/cve/CVE-2019-8586 https://access.redhat.com/security/cve/CVE-2019-8587 https://access.redhat.com/security/cve/CVE-2019-8594 https://access.redhat.com/security/cve/CVE-2019-8595 https://access.redhat.com/security/cve/CVE-2019-8596 https://access.redhat.com/security/cve/CVE-2019-8597 https://access.redhat.com/security/cve/CVE-2019-8601 https://access.redhat.com/security/cve/CVE-2019-8607 https://access.redhat.com/security/cve/CVE-2019-8608 https://access.redhat.com/security/cve/CVE-2019-8609 https://access.redhat.com/security/cve/CVE-2019-8610 https://access.redhat.com/security/cve/CVE-2019-8611 https://access.redhat.com/security/cve/CVE-2019-8615 https://access.redhat.com/security/cve/CVE-2019-8619 https://access.redhat.com/security/cve/CVE-2019-8622 https://access.redhat.com/security/cve/CVE-2019-8623 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8644 https://access.redhat.com/security/cve/CVE-2019-8649 https://access.redhat.com/security/cve/CVE-2019-8658 https://access.redhat.com/security/cve/CVE-2019-8666 https://access.redhat.com/security/cve/CVE-2019-8669 https://access.redhat.com/security/cve/CVE-2019-8671 https://access.redhat.com/security/cve/CVE-2019-8672 https://access.redhat.com/security/cve/CVE-2019-8673 https://access.redhat.com/security/cve/CVE-2019-8674 https://access.redhat.com/security/cve/CVE-2019-8676 https://access.redhat.com/security/cve/CVE-2019-8677 https://access.redhat.com/security/cve/CVE-2019-8678 https://access.redhat.com/security/cve/CVE-2019-8679 https://access.redhat.com/security/cve/CVE-2019-8680 https://access.redhat.com/security/cve/CVE-2019-8681 https://access.redhat.com/security/cve/CVE-2019-8683 https://access.redhat.com/security/cve/CVE-2019-8684 https://access.redhat.com/security/cve/CVE-2019-8686 https://access.redhat.com/security/cve/CVE-2019-8687 https://access.redhat.com/security/cve/CVE-2019-8688 https://access.redhat.com/security/cve/CVE-2019-8689 https://access.redhat.com/security/cve/CVE-2019-8690 https://access.redhat.com/security/cve/CVE-2019-8707 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8719 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8726 https://access.redhat.com/security/cve/CVE-2019-8733 https://access.redhat.com/security/cve/CVE-2019-8735 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8763 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8765 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8768 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8821 https://access.redhat.com/security/cve/CVE-2019-8822 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-11070 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX3OjINzjgjWX9erEAQjqsg/9FnSEJ3umFx0gtnsZIVRP9YxMIVZhVQ8z rNnK/LGQWq1nPlNC5OF60WRcWA7cC74lh1jl/+xU6p+9JXTq9y9hQTd7Fcf+6T01 RYj2zJe6kGBY/53rhZJKCdb9zNXz1CkqsuvTPqVGIabUWTTlsBFnd6l4GK6QL4kM XVQZyWtmSfmLII4Ocdav9WocJzH6o1TbEo+O9Fm6WjdVOK+/+VzPki0/dW50CQAK R8u5tTXZR5m52RLmvhs/LTv3yUnmhEkhvrR0TtuR8KRfcP1/ytNwn3VidFefuAO1 PWrgpjIPWy/kbtZaZWK4fBblYj6bKCVD1SiBKQcOfCq0f16aqRP2niFoDXdAy467 eGu0JHkRsIRCLG2rY+JfOau5KtLRhRr0iRe5AhOVpAtUelzjAvEQEcVv4GmZXcwX rXfeagSjWzdo8Mf55d7pjORXAKhGdO3FQSeiCvzq9miZq3NBX4Jm4raobeskw/rJ 1ONqg4fE7Gv7rks8QOy5xErwI8Ut1TGJAgYOD8rmRptr05hBWQFJCfmoc4KpxsMe PJoRag0AZfYxYoMe5avMcGCYHosU63z3wS7gao9flj37NkEi6M134vGmCpPNmpGr w5HQly9SO3mD0a92xOUn42rrXq841ZkVu89fR6j9wBn8NAKLWH6eUjZkVMNmLRzh PKg+HFNkMjk=dS3G -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2020-1-28-4 tvOS 13.3.1
tvOS 13.3.1 is now available and addresses the following:
Audio Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team
ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3870 CVE-2020-3878: Samuel Groß of Google Project Zero
IOAcceleratorFamily Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3837: Brandon Azad of Google Project Zero
IPSec Available for: Apple TV 4K and Apple TV HD Impact: Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution Description: An off by one issue existed in the handling of racoon configuration files. CVE-2020-3840: @littlelailo
Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2020-3875: Brandon Azad of Google Project Zero
Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3872: Haakon Garseg Mørk of Cognite and Cim Stordal of Cognite
Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to determine kernel memory layout Description: An access issue was addressed with improved memory management. CVE-2020-3836: Brandon Azad of Google Project Zero
Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3842: Ned Williamson working with Google Project Zero
Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3853: Brandon Azad of Google Project Zero
libxpc Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory corruption issue was addressed with improved input validation. CVE-2020-3856: Ian Beer of Google Project Zero
libxpc Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-3868: Marcin Towalski of Cisco Talos
wifivelocityd Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2020-3838: Dayton Pidhirney (@_watbulb)
Additional recognition
IOSurface We would like to acknowledge Liang Chen (@chenliang0817) for their assistance.
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."
To check the current version of software, select "Settings -> General -> About."
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl4whoIACgkQBz4uGe3y 0M0O1A//SCZ3xER+6ClBQJdJzWwsjmHI/Fwb5lod5uMRYxFx8T+xc0DT1KQV+cM6 HDjMO6vB0m9lc7ftwER09PnBnI8sZTnxfWckZV1LHX1Wss77wTI/thGZMB716rD8 ddUTcvMBwyLoI4qLg/DBXPb5ySshRXjXyoJ+DSbQ74iUssMhMrvP7j1OgdXximiq Ymjwd9q5gICNmtIPBu/dkx/bIPwgmTGPbDKfIUOPkqD2guxEf1lXTS+XaiYT2dKt LOYbtz5wVw82462BkV7dW2a0CZtom9NO/ro0h0dbl/QJI6Czpdq1V7oTY+csfm9N 2ouDc6MlxcKwBPncQUfHxXgWgodSG/syR/0gY2AX3YXwsVbGgo8DYdEKuGsB9DVZ bcvZPWPQl6tvsYw0JlKVzGLzIZiqQq88187lT2omY3AzRYW12+te8Aj2AGNhTyCI E/1YGwp9RYXNTsWD0Va4pf1a1r8+6F3m1GSkOmXEZRP4+MPu1/HmhCu7+uQXcVvF fahuZmJ0E4F6k0dkBbI619FuDl41dhhuEqZjkhObLcYYq3Uyrd5qx3Qbw7wj/r68 17Ni/+nAoNf70vu7lxsVth86NWgqbzlTErymZ/jfd3/87NAEPRL8y5fmFZt91AQt Ah4CGUBhIyRKcNoTBTgqzYUUE8jaQ3/HiAKKgwNboldqbNmQknA= =ZEol -----END PGP SIGNATURE----- . Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHEA-2020:5633
All OpenShift Container Platform users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1823765 - nfd-workers crash under an ipv6 environment 1838802 - mysql8 connector from operatorhub does not work with metering operator 1838845 - Metering operator can't connect to postgres DB from Operator Hub 1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1868294 - NFD operator does not allow customisation of nfd-worker.conf 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1890672 - NFD is missing a build flag to build correctly 1890741 - path to the CA trust bundle ConfigMap is broken in report operator 1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster 1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel 1900125 - FIPS error while generating RSA private key for CA 1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub 1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub 1913837 - The CI and ART 4.7 metering images are not mirrored 1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le 1916010 - olm skip range is set to the wrong range 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923998 - NFD Operator is failing to update and remains in Replacing state
-
8) - aarch64, ppc64le, s390x, x86_64
-
Bugs fixed (https://bugzilla.redhat.com/):
1207179 - Select items matching non existing pattern does not unselect already selected 1566027 - can't correctly compute contents size if hidden files are included 1569868 - Browsing samba shares using gvfs is very slow 1652178 - [RFE] perf-tool run on wayland 1656262 - The terminal's character display is unclear on rhel8 guest after installing gnome 1668895 - [RHEL8] Timedlogin Fails when Userlist is Disabled 1692536 - login screen shows after gnome-initial-setup 1706008 - Sound Effect sometimes fails to change to selected option. 1706076 - Automatic suspend for 90 minutes is set for 80 minutes instead. 1715845 - JS ERROR: TypeError: this._workspacesViews[i] is undefined 1719937 - GNOME Extension: Auto-Move-Windows Not Working Properly 1758891 - tracker-devel subpackage missing from el8 repos 1775345 - Rebase xdg-desktop-portal to 1.6 1778579 - Nautilus does not respect umask settings. 1779691 - Rebase xdg-desktop-portal-gtk to 1.6 1794045 - There are two different high contrast versions of desktop icons 1804719 - Update vte291 to 0.52.4 1805929 - RHEL 8.1 gnome-shell-extension errors 1811721 - CVE-2020-10018 webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp 1814820 - No checkbox to install updates in the shutdown dialog 1816070 - "search for an application to open this file" dialog broken 1816678 - CVE-2019-8846 webkitgtk: Use after free issue may lead to remote code execution 1816684 - CVE-2019-8835 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution 1816686 - CVE-2019-8844 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution 1817143 - Rebase WebKitGTK to 2.28 1820759 - Include IO stall fixes 1820760 - Include IO fixes 1824362 - [BZ] Setting in gnome-tweak-tool Window List will reset upon opening 1827030 - gnome-settings-daemon: subscription notification on CentOS Stream 1829369 - CVE-2020-11793 webkitgtk: use-after-free via crafted web content 1832347 - [Rebase] Rebase pipewire to 0.3.x 1833158 - gdm-related dconf folders and keyfiles are not found in fresh 8.2 install 1837381 - Backport screen cast improvements to 8.3 1837406 - Rebase gnome-remote-desktop to PipeWire 0.3 version 1837413 - Backport changes needed by xdg-desktop-portal-gtk-1.6 1837648 - Vendor.conf should point to https://access.redhat.com/site/solutions/537113 1840080 - Can not control top bar menus via keys in Wayland 1840788 - [flatpak][rhel8] unable to build potrace as dependency 1843486 - Software crash after clicking Updates tab 1844578 - anaconda very rarely crashes at startup with a pygobject traceback 1846191 - usb adapters hotplug crashes gnome-shell 1847051 - JS ERROR: TypeError: area is null 1847061 - File search doesn't work under certain locales 1847062 - gnome-remote-desktop crash on QXL graphics 1847203 - gnome-shell: get_top_visible_window_actor(): gnome-shell killed by SIGSEGV 1853477 - CVE-2020-15503 LibRaw: lack of thumbnail size range check can lead to buffer overflow 1854734 - PipeWire 0.2 should be required by xdg-desktop-portal 1866332 - Remove obsolete libusb-devel dependency 1868260 - [Hyper-V][RHEL8] VM starts GUI failed on Hyper-V 2019/2016, hangs at "Started GNOME Display Manager" - GDM regression issue.
For the stable distribution (buster), these problems have been fixed in version 2.26.4-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages. Description:
Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-1480",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.3.1"
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.10.4"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0.5"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.3.1"
},
{
"model": "icloud",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.0"
},
{
"model": "icloud",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.8"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.17"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.3.1"
},
{
"model": "leap",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 7.17 \u672a\u6e80 (windows 7 \u4ee5\u964d)"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.3.1 \u672a\u6e80 (apple tv hd)"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.3.1 \u672a\u6e80 (apple tv 4k)"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 10.9.2 \u672a\u6e80 (windows 10 \u4ee5\u964d)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002340"
},
{
"db": "NVD",
"id": "CVE-2020-3868"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:opensuse_project:leap",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:icloud",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002340"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "161016"
},
{
"db": "PACKETSTORM",
"id": "159375"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "PACKETSTORM",
"id": "159816"
},
{
"db": "PACKETSTORM",
"id": "168011"
}
],
"trust": 0.6
},
"cve": "CVE-2020-3868",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-3868",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-002340",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-181993",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-3868",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-002340",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3868",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-002340",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-1451",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-181993",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-3868",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181993"
},
{
"db": "VULMON",
"id": "CVE-2020-3868"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002340"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1451"
},
{
"db": "NVD",
"id": "CVE-2020-3868"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. A buffer error vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Windows-based Apple iCloud versions prior to 10.9.2 and 7.17; Windows-based iTunes versions prior to 12.10.4; tvOS versions prior to 13.3.1; Safari versions prior to 13.0.5; iOS 13.3 Versions prior to .1; versions prior to iPadOS 13.3.1. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237)\nWebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-8601)\nAn out-of-bounds read was addressed with improved input validation. (CVE-2019-8644)\nA logic issue existed in the handling of synchronous page loads. (CVE-2019-8689)\nA logic issue existed in the handling of document loads. (CVE-2019-8719)\nThis fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766)\n\"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768)\nAn issue existed in the drawing of web page elements. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769)\nThis issue was addressed with improved iframe sandbox enforcement. (CVE-2019-8846)\nWebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018)\nA use-after-free flaw exists in WebKitGTK. This flaw allows remote malicious users to execute arbitrary code or cause a denial of service. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885)\nA race condition was addressed with additional validation. An application may be able to read restricted memory. (CVE-2020-3901)\nAn input validation issue was addressed with improved input validation. (CVE-2020-3902). Solution:\n\nDownload the release images via:\n\nquay.io/redhat/quay:v3.3.3\nquay.io/redhat/clair-jwt:v3.3.3\nquay.io/redhat/quay-builder:v3.3.3\nquay.io/redhat/clair:v3.3.3\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1905758 - CVE-2020-27831 quay: email notifications authorization bypass\n1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nPROJQUAY-1124 - NVD feed is broken for latest Clair v2 version\n\n6. \n\nBug Fix(es):\n\n* Aggregator pod tries to parse ConfigMaps without results (BZ#1899479)\n\n* The compliancesuite object returns error with ocp4-cis tailored profile\n(BZ#1902251)\n\n* The compliancesuite does not trigger when there are multiple rhcos4\nprofiles added in scansettingbinding object (BZ#1902634)\n\n* [OCP v46] Not all remediations get applied through machineConfig although\nthe status of all rules shows Applied in ComplianceRemediations object\n(BZ#1907414)\n\n* The profile parser pod deployment and associated profiles should get\nremoved after upgrade the compliance operator (BZ#1908991)\n\n* Applying the \"rhcos4-moderate\" compliance profile leads to Ignition error\n\"something else exists at that path\" (BZ#1909081)\n\n* [OCP v46] Always update the default profilebundles on Compliance operator\nstartup (BZ#1909122)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1899479 - Aggregator pod tries to parse ConfigMaps without results\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1902251 - The compliancesuite object returns error with ocp4-cis tailored profile\n1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object\n1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object\n1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator\n1909081 - Applying the \"rhcos4-moderate\" compliance profile leads to Ignition error \"something else exists at that path\"\n1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: webkitgtk4 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:4035-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4035\nIssue date: 2020-09-29\nCVE Names: CVE-2019-6237 CVE-2019-6251 CVE-2019-8506\n CVE-2019-8524 CVE-2019-8535 CVE-2019-8536\n CVE-2019-8544 CVE-2019-8551 CVE-2019-8558\n CVE-2019-8559 CVE-2019-8563 CVE-2019-8571\n CVE-2019-8583 CVE-2019-8584 CVE-2019-8586\n CVE-2019-8587 CVE-2019-8594 CVE-2019-8595\n CVE-2019-8596 CVE-2019-8597 CVE-2019-8601\n CVE-2019-8607 CVE-2019-8608 CVE-2019-8609\n CVE-2019-8610 CVE-2019-8611 CVE-2019-8615\n CVE-2019-8619 CVE-2019-8622 CVE-2019-8623\n CVE-2019-8625 CVE-2019-8644 CVE-2019-8649\n CVE-2019-8658 CVE-2019-8666 CVE-2019-8669\n CVE-2019-8671 CVE-2019-8672 CVE-2019-8673\n CVE-2019-8674 CVE-2019-8676 CVE-2019-8677\n CVE-2019-8678 CVE-2019-8679 CVE-2019-8680\n CVE-2019-8681 CVE-2019-8683 CVE-2019-8684\n CVE-2019-8686 CVE-2019-8687 CVE-2019-8688\n CVE-2019-8689 CVE-2019-8690 CVE-2019-8707\n CVE-2019-8710 CVE-2019-8719 CVE-2019-8720\n CVE-2019-8726 CVE-2019-8733 CVE-2019-8735\n CVE-2019-8743 CVE-2019-8763 CVE-2019-8764\n CVE-2019-8765 CVE-2019-8766 CVE-2019-8768\n CVE-2019-8769 CVE-2019-8771 CVE-2019-8782\n CVE-2019-8783 CVE-2019-8808 CVE-2019-8811\n CVE-2019-8812 CVE-2019-8813 CVE-2019-8814\n CVE-2019-8815 CVE-2019-8816 CVE-2019-8819\n CVE-2019-8820 CVE-2019-8821 CVE-2019-8822\n CVE-2019-8823 CVE-2019-8835 CVE-2019-8844\n CVE-2019-8846 CVE-2019-11070 CVE-2020-3862\n CVE-2020-3864 CVE-2020-3865 CVE-2020-3867\n CVE-2020-3868 CVE-2020-3885 CVE-2020-3894\n CVE-2020-3895 CVE-2020-3897 CVE-2020-3899\n CVE-2020-3900 CVE-2020-3901 CVE-2020-3902\n CVE-2020-10018 CVE-2020-11793\n====================================================================\n1. Summary:\n\nAn update for webkitgtk4 is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch\n\n3. Description:\n\nWebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+\nplatform. These packages provide WebKitGTK+ for GTK+ 3. \n\nThe following packages have been upgraded to a later upstream version:\nwebkitgtk4 (2.28.2). (BZ#1817144)\n\nSecurity Fix(es):\n\n* webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251,\nCVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544,\nCVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571,\nCVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594,\nCVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607,\nCVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615,\nCVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644,\nCVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671,\nCVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677,\nCVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683,\nCVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689,\nCVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720,\nCVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763,\nCVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769,\nCVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811,\nCVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816,\nCVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823,\nCVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862,\nCVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885,\nCVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900,\nCVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.9 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nwebkitgtk4-2.28.2-2.el7.src.rpm\n\nx86_64:\nwebkitgtk4-2.28.2-2.el7.i686.rpm\nwebkitgtk4-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.i686.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nwebkitgtk4-doc-2.28.2-2.el7.noarch.rpm\n\nx86_64:\nwebkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-devel-2.28.2-2.el7.i686.rpm\nwebkitgtk4-devel-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nwebkitgtk4-2.28.2-2.el7.src.rpm\n\nx86_64:\nwebkitgtk4-2.28.2-2.el7.i686.rpm\nwebkitgtk4-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.i686.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nwebkitgtk4-doc-2.28.2-2.el7.noarch.rpm\n\nx86_64:\nwebkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-devel-2.28.2-2.el7.i686.rpm\nwebkitgtk4-devel-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nwebkitgtk4-2.28.2-2.el7.src.rpm\n\nppc64:\nwebkitgtk4-2.28.2-2.el7.ppc.rpm\nwebkitgtk4-2.28.2-2.el7.ppc64.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.ppc.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm\n\nppc64le:\nwebkitgtk4-2.28.2-2.el7.ppc64le.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm\nwebkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm\n\ns390x:\nwebkitgtk4-2.28.2-2.el7.s390.rpm\nwebkitgtk4-2.28.2-2.el7.s390x.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.s390.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.s390x.rpm\n\nx86_64:\nwebkitgtk4-2.28.2-2.el7.i686.rpm\nwebkitgtk4-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-devel-2.28.2-2.el7.i686.rpm\nwebkitgtk4-devel-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.i686.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nwebkitgtk4-doc-2.28.2-2.el7.noarch.rpm\n\nppc64:\nwebkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm\nwebkitgtk4-devel-2.28.2-2.el7.ppc.rpm\nwebkitgtk4-devel-2.28.2-2.el7.ppc64.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm\n\ns390x:\nwebkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm\nwebkitgtk4-devel-2.28.2-2.el7.s390.rpm\nwebkitgtk4-devel-2.28.2-2.el7.s390x.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nwebkitgtk4-2.28.2-2.el7.src.rpm\n\nx86_64:\nwebkitgtk4-2.28.2-2.el7.i686.rpm\nwebkitgtk4-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-devel-2.28.2-2.el7.i686.rpm\nwebkitgtk4-devel-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.i686.rpm\nwebkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm\nwebkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nwebkitgtk4-doc-2.28.2-2.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-6237\nhttps://access.redhat.com/security/cve/CVE-2019-6251\nhttps://access.redhat.com/security/cve/CVE-2019-8506\nhttps://access.redhat.com/security/cve/CVE-2019-8524\nhttps://access.redhat.com/security/cve/CVE-2019-8535\nhttps://access.redhat.com/security/cve/CVE-2019-8536\nhttps://access.redhat.com/security/cve/CVE-2019-8544\nhttps://access.redhat.com/security/cve/CVE-2019-8551\nhttps://access.redhat.com/security/cve/CVE-2019-8558\nhttps://access.redhat.com/security/cve/CVE-2019-8559\nhttps://access.redhat.com/security/cve/CVE-2019-8563\nhttps://access.redhat.com/security/cve/CVE-2019-8571\nhttps://access.redhat.com/security/cve/CVE-2019-8583\nhttps://access.redhat.com/security/cve/CVE-2019-8584\nhttps://access.redhat.com/security/cve/CVE-2019-8586\nhttps://access.redhat.com/security/cve/CVE-2019-8587\nhttps://access.redhat.com/security/cve/CVE-2019-8594\nhttps://access.redhat.com/security/cve/CVE-2019-8595\nhttps://access.redhat.com/security/cve/CVE-2019-8596\nhttps://access.redhat.com/security/cve/CVE-2019-8597\nhttps://access.redhat.com/security/cve/CVE-2019-8601\nhttps://access.redhat.com/security/cve/CVE-2019-8607\nhttps://access.redhat.com/security/cve/CVE-2019-8608\nhttps://access.redhat.com/security/cve/CVE-2019-8609\nhttps://access.redhat.com/security/cve/CVE-2019-8610\nhttps://access.redhat.com/security/cve/CVE-2019-8611\nhttps://access.redhat.com/security/cve/CVE-2019-8615\nhttps://access.redhat.com/security/cve/CVE-2019-8619\nhttps://access.redhat.com/security/cve/CVE-2019-8622\nhttps://access.redhat.com/security/cve/CVE-2019-8623\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8644\nhttps://access.redhat.com/security/cve/CVE-2019-8649\nhttps://access.redhat.com/security/cve/CVE-2019-8658\nhttps://access.redhat.com/security/cve/CVE-2019-8666\nhttps://access.redhat.com/security/cve/CVE-2019-8669\nhttps://access.redhat.com/security/cve/CVE-2019-8671\nhttps://access.redhat.com/security/cve/CVE-2019-8672\nhttps://access.redhat.com/security/cve/CVE-2019-8673\nhttps://access.redhat.com/security/cve/CVE-2019-8674\nhttps://access.redhat.com/security/cve/CVE-2019-8676\nhttps://access.redhat.com/security/cve/CVE-2019-8677\nhttps://access.redhat.com/security/cve/CVE-2019-8678\nhttps://access.redhat.com/security/cve/CVE-2019-8679\nhttps://access.redhat.com/security/cve/CVE-2019-8680\nhttps://access.redhat.com/security/cve/CVE-2019-8681\nhttps://access.redhat.com/security/cve/CVE-2019-8683\nhttps://access.redhat.com/security/cve/CVE-2019-8684\nhttps://access.redhat.com/security/cve/CVE-2019-8686\nhttps://access.redhat.com/security/cve/CVE-2019-8687\nhttps://access.redhat.com/security/cve/CVE-2019-8688\nhttps://access.redhat.com/security/cve/CVE-2019-8689\nhttps://access.redhat.com/security/cve/CVE-2019-8690\nhttps://access.redhat.com/security/cve/CVE-2019-8707\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8719\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8726\nhttps://access.redhat.com/security/cve/CVE-2019-8733\nhttps://access.redhat.com/security/cve/CVE-2019-8735\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8763\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8765\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8768\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8821\nhttps://access.redhat.com/security/cve/CVE-2019-8822\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-11070\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3OjINzjgjWX9erEAQjqsg/9FnSEJ3umFx0gtnsZIVRP9YxMIVZhVQ8z\nrNnK/LGQWq1nPlNC5OF60WRcWA7cC74lh1jl/+xU6p+9JXTq9y9hQTd7Fcf+6T01\nRYj2zJe6kGBY/53rhZJKCdb9zNXz1CkqsuvTPqVGIabUWTTlsBFnd6l4GK6QL4kM\nXVQZyWtmSfmLII4Ocdav9WocJzH6o1TbEo+O9Fm6WjdVOK+/+VzPki0/dW50CQAK\nR8u5tTXZR5m52RLmvhs/LTv3yUnmhEkhvrR0TtuR8KRfcP1/ytNwn3VidFefuAO1\nPWrgpjIPWy/kbtZaZWK4fBblYj6bKCVD1SiBKQcOfCq0f16aqRP2niFoDXdAy467\neGu0JHkRsIRCLG2rY+JfOau5KtLRhRr0iRe5AhOVpAtUelzjAvEQEcVv4GmZXcwX\nrXfeagSjWzdo8Mf55d7pjORXAKhGdO3FQSeiCvzq9miZq3NBX4Jm4raobeskw/rJ\n1ONqg4fE7Gv7rks8QOy5xErwI8Ut1TGJAgYOD8rmRptr05hBWQFJCfmoc4KpxsMe\nPJoRag0AZfYxYoMe5avMcGCYHosU63z3wS7gao9flj37NkEi6M134vGmCpPNmpGr\nw5HQly9SO3mD0a92xOUn42rrXq841ZkVu89fR6j9wBn8NAKLWH6eUjZkVMNmLRzh\nPKg+HFNkMjk=dS3G\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-1-28-4 tvOS 13.3.1\n\ntvOS 13.3.1 is now available and addresses the following:\n\nAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-3870\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2020-3837: Brandon Azad of Google Project Zero\n\nIPSec\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Loading a maliciously crafted racoon configuration file may\nlead to arbitrary code execution\nDescription: An off by one issue existed in the handling of racoon\nconfiguration files. \nCVE-2020-3840: @littlelailo\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2020-3875: Brandon Azad of Google Project Zero\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to read restricted memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2020-3872: Haakon Garseg M\u00f8rk of Cognite and Cim Stordal of\nCognite\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An access issue was addressed with improved memory\nmanagement. \nCVE-2020-3836: Brandon Azad of Google Project Zero\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2020-3842: Ned Williamson working with Google Project Zero\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2020-3853: Brandon Azad of Google Project Zero\n\nlibxpc\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted string may lead to heap\ncorruption\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2020-3856: Ian Beer of Google Project Zero\n\nlibxpc\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-3868: Marcin Towalski of Cisco Talos\n\nwifivelocityd\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2020-3838: Dayton Pidhirney (@_watbulb)\n\nAdditional recognition\n\nIOSurface\nWe would like to acknowledge Liang Chen (@chenliang0817) for their\nassistance. \n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl4whoIACgkQBz4uGe3y\n0M0O1A//SCZ3xER+6ClBQJdJzWwsjmHI/Fwb5lod5uMRYxFx8T+xc0DT1KQV+cM6\nHDjMO6vB0m9lc7ftwER09PnBnI8sZTnxfWckZV1LHX1Wss77wTI/thGZMB716rD8\nddUTcvMBwyLoI4qLg/DBXPb5ySshRXjXyoJ+DSbQ74iUssMhMrvP7j1OgdXximiq\nYmjwd9q5gICNmtIPBu/dkx/bIPwgmTGPbDKfIUOPkqD2guxEf1lXTS+XaiYT2dKt\nLOYbtz5wVw82462BkV7dW2a0CZtom9NO/ro0h0dbl/QJI6Czpdq1V7oTY+csfm9N\n2ouDc6MlxcKwBPncQUfHxXgWgodSG/syR/0gY2AX3YXwsVbGgo8DYdEKuGsB9DVZ\nbcvZPWPQl6tvsYw0JlKVzGLzIZiqQq88187lT2omY3AzRYW12+te8Aj2AGNhTyCI\nE/1YGwp9RYXNTsWD0Va4pf1a1r8+6F3m1GSkOmXEZRP4+MPu1/HmhCu7+uQXcVvF\nfahuZmJ0E4F6k0dkBbI619FuDl41dhhuEqZjkhObLcYYq3Uyrd5qx3Qbw7wj/r68\n17Ni/+nAoNf70vu7lxsVth86NWgqbzlTErymZ/jfd3/87NAEPRL8y5fmFZt91AQt\nAh4CGUBhIyRKcNoTBTgqzYUUE8jaQ3/HiAKKgwNboldqbNmQknA=\n=ZEol\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHEA-2020:5633\n\nAll OpenShift Container Platform users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1823765 - nfd-workers crash under an ipv6 environment\n1838802 - mysql8 connector from operatorhub does not work with metering operator\n1838845 - Metering operator can\u0027t connect to postgres DB from Operator Hub\n1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1868294 - NFD operator does not allow customisation of nfd-worker.conf\n1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration\n1890672 - NFD is missing a build flag to build correctly\n1890741 - path to the CA trust bundle ConfigMap is broken in report operator\n1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster\n1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel\n1900125 - FIPS error while generating RSA private key for CA\n1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub\n1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub\n1913837 - The CI and ART 4.7 metering images are not mirrored\n1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le\n1916010 - olm skip range is set to the wrong range\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923998 - NFD Operator is failing to update and remains in Replacing state\n\n5. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1207179 - Select items matching non existing pattern does not unselect already selected\n1566027 - can\u0027t correctly compute contents size if hidden files are included\n1569868 - Browsing samba shares using gvfs is very slow\n1652178 - [RFE] perf-tool run on wayland\n1656262 - The terminal\u0027s character display is unclear on rhel8 guest after installing gnome\n1668895 - [RHEL8] Timedlogin Fails when Userlist is Disabled\n1692536 - login screen shows after gnome-initial-setup\n1706008 - Sound Effect sometimes fails to change to selected option. \n1706076 - Automatic suspend for 90 minutes is set for 80 minutes instead. \n1715845 - JS ERROR: TypeError: this._workspacesViews[i] is undefined\n1719937 - GNOME Extension: Auto-Move-Windows Not Working Properly\n1758891 - tracker-devel subpackage missing from el8 repos\n1775345 - Rebase xdg-desktop-portal to 1.6\n1778579 - Nautilus does not respect umask settings. \n1779691 - Rebase xdg-desktop-portal-gtk to 1.6\n1794045 - There are two different high contrast versions of desktop icons\n1804719 - Update vte291 to 0.52.4\n1805929 - RHEL 8.1 gnome-shell-extension errors\n1811721 - CVE-2020-10018 webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp\n1814820 - No checkbox to install updates in the shutdown dialog\n1816070 - \"search for an application to open this file\" dialog broken\n1816678 - CVE-2019-8846 webkitgtk: Use after free issue may lead to remote code execution\n1816684 - CVE-2019-8835 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution\n1816686 - CVE-2019-8844 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution\n1817143 - Rebase WebKitGTK to 2.28\n1820759 - Include IO stall fixes\n1820760 - Include IO fixes\n1824362 - [BZ] Setting in gnome-tweak-tool Window List will reset upon opening\n1827030 - gnome-settings-daemon: subscription notification on CentOS Stream\n1829369 - CVE-2020-11793 webkitgtk: use-after-free via crafted web content\n1832347 - [Rebase] Rebase pipewire to 0.3.x\n1833158 - gdm-related dconf folders and keyfiles are not found in fresh 8.2 install\n1837381 - Backport screen cast improvements to 8.3\n1837406 - Rebase gnome-remote-desktop to PipeWire 0.3 version\n1837413 - Backport changes needed by xdg-desktop-portal-gtk-1.6\n1837648 - Vendor.conf should point to https://access.redhat.com/site/solutions/537113\n1840080 - Can not control top bar menus via keys in Wayland\n1840788 - [flatpak][rhel8] unable to build potrace as dependency\n1843486 - Software crash after clicking Updates tab\n1844578 - anaconda very rarely crashes at startup with a pygobject traceback\n1846191 - usb adapters hotplug crashes gnome-shell\n1847051 - JS ERROR: TypeError: area is null\n1847061 - File search doesn\u0027t work under certain locales\n1847062 - gnome-remote-desktop crash on QXL graphics\n1847203 - gnome-shell: get_top_visible_window_actor(): gnome-shell killed by SIGSEGV\n1853477 - CVE-2020-15503 LibRaw: lack of thumbnail size range check can lead to buffer overflow\n1854734 - PipeWire 0.2 should be required by xdg-desktop-portal\n1866332 - Remove obsolete libusb-devel dependency\n1868260 - [Hyper-V][RHEL8] VM starts GUI failed on Hyper-V 2019/2016, hangs at \"Started GNOME Display Manager\" - GDM regression issue. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.26.4-1~deb10u1. \n\nWe recommend that you upgrade your webkit2gtk packages. Description:\n\nService Telemetry Framework (STF) provides automated collection of\nmeasurements and data from remote clients, such as Red Hat OpenStack\nPlatform or third-party nodes. \nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3868"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002340"
},
{
"db": "VULHUB",
"id": "VHN-181993"
},
{
"db": "VULMON",
"id": "CVE-2020-3868"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "161016"
},
{
"db": "PACKETSTORM",
"id": "159375"
},
{
"db": "PACKETSTORM",
"id": "156130"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "PACKETSTORM",
"id": "159816"
},
{
"db": "PACKETSTORM",
"id": "156398"
},
{
"db": "PACKETSTORM",
"id": "168011"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3868",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU95678717",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002340",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1451",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1549",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0567",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0538",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0355",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1025",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3893",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0691",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0677",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0099",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3399",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4513",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0864",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0584",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0234",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156153",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156392",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156400",
"trust": 0.6
},
{
"db": "TALOS",
"id": "TALOS-2019-0967",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-15279",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-181993",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-3868",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160889",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161016",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159375",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156130",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161536",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159816",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156398",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168011",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181993"
},
{
"db": "VULMON",
"id": "CVE-2020-3868"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002340"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "161016"
},
{
"db": "PACKETSTORM",
"id": "159375"
},
{
"db": "PACKETSTORM",
"id": "156130"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "PACKETSTORM",
"id": "159816"
},
{
"db": "PACKETSTORM",
"id": "156398"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1451"
},
{
"db": "NVD",
"id": "CVE-2020-3868"
}
]
},
"id": "VAR-202002-1480",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-181993"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T20:07:14.232000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT210920",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT210920"
},
{
"title": "HT210947",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT210947"
},
{
"title": "HT210948",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT210948"
},
{
"title": "HT210948",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT210948"
},
{
"title": "HT210920",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT210920"
},
{
"title": "HT210947",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT210947"
},
{
"title": "openSUSE-SU-2020:0278-1",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html"
},
{
"title": "Multiple Apple product WebKit Fix for component buffer error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111065"
},
{
"title": "Ubuntu Security Notice: webkit2gtk vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4281-1"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-3868 log"
},
{
"title": "Debian Security Advisories: DSA-4627-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=78d59627ce9fc1018e3643bc1e16ec00"
},
{
"title": "Arch Linux Advisories: [ASA-202002-10] webkit2gtk: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202002-10"
},
{
"title": "Red Hat: Moderate: GNOME security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204451 - Security Advisory"
},
{
"title": "Red Hat: Important: Service Telemetry Framework 1.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225924 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210190 - Security Advisory"
},
{
"title": "Red Hat: Moderate: webkitgtk4 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204035 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210436 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Quay v3.3.3 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210050 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220056 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205605 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1563",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1563"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/apple-patches-ios-device-tracking/152364/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-3868"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002340"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1451"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181993"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002340"
},
{
"db": "NVD",
"id": "CVE-2020-3868"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202003-22"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210920"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210947"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210948"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3868"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3868"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95678717/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-au/ht210920"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210947"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1025"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1549/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0864"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0538/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156392/webkitgtk-wpe-webkit-dos-logic-issue-code-execution.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156400/ubuntu-security-notice-usn-4281-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156153/apple-security-advisory-2020-1-29-1.html"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0967"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-five-vulnerabilities-31619"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0567/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0677/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0355/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0691"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4513/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0099/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0234/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0584"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3399/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3893/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20218"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-15165"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14382"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-19221"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1751"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16168"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-24659"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9327"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20916"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-5018"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20387"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1752"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15165"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-6405"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13632"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10029"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13630"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13631"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8764"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8766"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17450"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17450"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3862"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4281-1/"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2020-1563.html"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1551"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8768"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8544"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8611"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8583"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8608"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8597"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8607"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8707"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8658"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8551"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8594"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8609"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8601"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8765"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8601"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8821"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8671"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8763"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8544"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8679"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8674"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8678"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8681"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8669"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4035"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8687"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8672"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8684"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8689"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8563"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8551"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8596"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8610"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8610"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8644"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8607"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8506"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8563"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8536"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8680"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8609"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8683"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8506"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8649"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8583"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3837"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3853"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3857"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3838"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3870"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3836"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3856"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhea-2020:5633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8624"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13225"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25211"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15157"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17546"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3884"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13225"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8835"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11793"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4451"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10018"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/solutions/537113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3867"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3865"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3864"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9952"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181993"
},
{
"db": "VULMON",
"id": "CVE-2020-3868"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002340"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "161016"
},
{
"db": "PACKETSTORM",
"id": "159375"
},
{
"db": "PACKETSTORM",
"id": "156130"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "PACKETSTORM",
"id": "159816"
},
{
"db": "PACKETSTORM",
"id": "156398"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1451"
},
{
"db": "NVD",
"id": "CVE-2020-3868"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-181993"
},
{
"db": "VULMON",
"id": "CVE-2020-3868"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002340"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "161016"
},
{
"db": "PACKETSTORM",
"id": "159375"
},
{
"db": "PACKETSTORM",
"id": "156130"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "PACKETSTORM",
"id": "159816"
},
{
"db": "PACKETSTORM",
"id": "156398"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1451"
},
{
"db": "NVD",
"id": "CVE-2020-3868"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-181993"
},
{
"date": "2020-02-27T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3868"
},
{
"date": "2020-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002340"
},
{
"date": "2021-01-11T16:29:48",
"db": "PACKETSTORM",
"id": "160889"
},
{
"date": "2021-01-19T14:45:45",
"db": "PACKETSTORM",
"id": "161016"
},
{
"date": "2020-09-30T15:47:21",
"db": "PACKETSTORM",
"id": "159375"
},
{
"date": "2020-01-29T17:17:28",
"db": "PACKETSTORM",
"id": "156130"
},
{
"date": "2021-02-25T15:26:54",
"db": "PACKETSTORM",
"id": "161536"
},
{
"date": "2020-11-04T15:24:00",
"db": "PACKETSTORM",
"id": "159816"
},
{
"date": "2020-02-18T15:04:51",
"db": "PACKETSTORM",
"id": "156398"
},
{
"date": "2022-08-09T14:36:05",
"db": "PACKETSTORM",
"id": "168011"
},
{
"date": "2020-01-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1451"
},
{
"date": "2020-02-27T21:15:18.210000",
"db": "NVD",
"id": "CVE-2020-3868"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-01T00:00:00",
"db": "VULHUB",
"id": "VHN-181993"
},
{
"date": "2021-12-01T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3868"
},
{
"date": "2020-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002340"
},
{
"date": "2022-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1451"
},
{
"date": "2021-12-01T18:09:40.913000",
"db": "NVD",
"id": "CVE-2020-3868"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1451"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows for Apple iCloud and tvOS Memory Corruption Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002340"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1451"
}
],
"trust": 0.6
}
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.