Details of VAR-201912-1860

ID

VAR-201912-1860

CVE

CVE-2019-8743

TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-011304

DESCRIPTION

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * * information leak * * User impersonation * * Arbitrary code execution * * UI Spoofing * * Insufficient access restrictions * * Service operation interruption (DoS) * * Privilege escalation * * Memory corruption * * Authentication bypass. Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple watchOS is a smart watch operating system. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple watchOS prior to 6.1; iOS prior to 13.1; iPadOS prior to 13.1; Windows-based iTunes prior to 12.10.1; Safari prior to 13.0.1. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. (CVE-2019-6237) WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. (CVE-2019-8601) An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. (CVE-2019-8644) A logic issue existed in the handling of synchronous page loads. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. (CVE-2019-8689) A logic issue existed in the handling of document loads. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. (CVE-2019-8719) This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. (CVE-2019-8766) "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. A user may be unable to delete browsing history items. (CVE-2019-8768) An issue existed in the drawing of web page elements. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769) This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. (CVE-2019-8846) WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018) A use-after-free flaw exists in WebKitGTK. This flaw allows remote malicious users to execute arbitrary code or cause a denial of service. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. (CVE-2020-3885) A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. (CVE-2020-3901) An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. (CVE-2020-3902). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update Advisory ID: RHSA-2020:5605-01 Product: Red Hat OpenShift Container Storage Advisory URL: https://access.redhat.com/errata/RHSA-2020:5605 Issue date: 2020-12-17 CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2018-20843 CVE-2019-1551 CVE-2019-5018 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-11068 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 CVE-2019-16168 CVE-2019-16935 CVE-2019-18197 CVE-2019-18609 CVE-2019-19221 CVE-2019-19906 CVE-2019-19956 CVE-2019-20218 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20807 CVE-2019-20907 CVE-2019-20916 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-7720 CVE-2020-8177 CVE-2020-8237 CVE-2020-8492 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-11793 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15503 CVE-2020-15586 CVE-2020-16845 CVE-2020-25660 ===================================================================== 1. Summary: Updated images are now available for Red Hat OpenShift Container Storage 4.6.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API. These updated images include numerous security fixes, bug fixes, and enhancements. Security Fix(es): * nodejs-node-forge: prototype pollution via the util.setPath function (CVE-2020-7720) * nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS (CVE-2020-8237) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586) * golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes: https://access.redhat.com/documentation/en-us/red_hat_openshift_container_s torage/4.6/html/4.6_release_notes/index All Red Hat OpenShift Container Storage users are advised to upgrade to these updated images. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume 1813506 - Dockerfile not compatible with docker and buildah 1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup 1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement 1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance 1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https) 1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node. 1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default 1842254 - [NooBaa] Compression stats do not add up when compression id disabled 1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster 1849771 - [RFE] Account created by OBC should have same permissions as bucket owner 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot 1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume 1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount 1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params) 1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips "b" and "c" (spawned from Bug 1840084#c14) 1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage 1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards 1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found 1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining 1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script 1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH while running couple of OCS test cases. 1865938 - CSIDrivers missing in OCS 4.6 1867024 - [ocs-operator] operator v4.6.0-519.ci is in Installing state 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868060 - [External Cluster] Noobaa-default-backingstore PV in released state upon OCS 4.5 uninstall (Secret not found) 1868703 - [rbd] After volume expansion, the new size is not reflected on the pod 1869411 - capture full crash information from ceph 1870061 - [RHEL][IBM] OCS un-install should make the devices raw 1870338 - OCS 4.6 must-gather : ocs-must-gather-xxx-helper pod in ContainerCreationError (couldn't find key admin-secret) 1870631 - OCS 4.6 Deployment : RGW pods went into 'CrashLoopBackOff' state on Z Platform 1872119 - Updates don't work on StorageClass which will keep PV expansion disabled for upgraded cluster 1872696 - [ROKS][RFE]NooBaa Configure IBM COS as default backing store 1873864 - Noobaa: On an baremetal RHCOS cluster, some backingstores are stuck in PROGRESSING state with INVALID_ENDPOINT TemporaryError 1874606 - CVE-2020-7720 nodejs-node-forge: prototype pollution via the util.setPath function 1875476 - Change noobaa logo in the noobaa UI 1877339 - Incorrect use of logr 1877371 - NooBaa UI warning message on Deploy Kubernetes Pool process - typo and shown number is incorrect 1878153 - OCS 4.6 must-gather: collect node information under cluster_scoped_resources/oc_output directory 1878714 - [FIPS enabled] BadDigest error on file upload to noobaa bucket 1878853 - [External Mode] ceph-external-cluster-details-exporter.py does not tolerate TLS enabled RGW 1879008 - ocs-osd-removal job fails because it can't find admin-secret in rook-ceph-mon secret 1879072 - Deployment with encryption at rest is failing to bring up OSD pods 1879919 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed 1880255 - Collect rbd info and subvolume info and snapshot info command output 1881028 - CVE-2020-8237 nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS 1881071 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed 1882397 - MCG decompression problem with snappy on s390x arch 1883253 - CSV doesn't contain values required for UI to enable minimal deployment and cluster encryption 1883398 - Update csi sidecar containers in rook 1883767 - Using placement strategies in cluster-service.yaml causes ocs-operator to crash 1883810 - [External mode] RGW metrics is not available after OCS upgrade from 4.5 to 4.6 1883927 - Deployment with encryption at rest is failing to bring up OSD pods 1885175 - Handle disappeared underlying device for encrypted OSD 1885428 - panic seen in rook-ceph during uninstall - "close of closed channel" 1885648 - [Tracker for https://bugzilla.redhat.com/show_bug.cgi?id=1885700] FSTYPE for localvolumeset devices shows up as ext2 after uninstall 1885971 - ocs-storagecluster-cephobjectstore doesn't report true state of RGW 1886308 - Default VolumeSnapshot Classes not created in External Mode 1886348 - osd removal job failed with status "Error" 1886551 - Clone creation failed after timeout of 5 hours of Azure platrom for 3 CephFS PVCs ( PVC sizes: 1, 25 and 100 GB) 1886709 - [External] RGW storageclass disappears after upgrade from OCS 4.5 to 4.6 1886859 - OCS 4.6: Uninstall stuck indefinitely if any Ceph pods are in Pending state before uninstall 1886873 - [OCS 4.6 External/Internal Uninstall] - Storage Cluster deletion stuck indefinitely, "failed to delete object store", remaining users: [noobaa-ceph-objectstore-user] 1888583 - [External] When deployment is attempted without specifying the monitoring-endpoint while generating JSON, the CSV is stuck in installing state 1888593 - [External] Add validation for monitoring-endpoint and port in the exporter script 1888614 - [External] Unreachable monitoring-endpoint used during deployment causes ocs-operator to crash 1889441 - Traceback error message while running OCS 4.6 must-gather 1889683 - [GSS] Noobaa Problem when setting public access to a bucket 1889866 - Post node power off/on, an unused MON PVC still stays back in the cluster 1890183 - [External] ocs-operator logs are filled with "failed to reconcile metrics exporter" 1890638 - must-gather helper pod should be deleted after collecting ceph crash info 1890971 - [External] RGW metrics are not available if anything else except 9283 is provided as the monitoring-endpoint-port 1891856 - ocs-metrics-exporter pod should have tolerations for OCS taint 1892206 - [GSS] Ceph image/version mismatch 1892234 - clone #95 creation failed for CephFS PVC ( 10 GB PVC size) during multiple clones creation test 1893624 - Must Gather is not collecting the tar file from NooBaa diagnose 1893691 - OCS4.6 must_gather failes to complete in 600sec 1893714 - Bad response for upload an object with encryption 1895402 - Mon pods didn't get upgraded in 720 second timeout from OCS 4.5 upgrade to 4.6 1896298 - [RFE] Monitoring for Namespace buckets and resources 1896831 - Clone#452 for RBD PVC ( PVC size 1 GB) failed to be created for 600 secs 1898521 - [CephFS] Deleting cephfsplugin pod along with app pods will make PV remain in Released state after deleting the PVC 1902627 - must-gather should wait for debug pods to be in ready state 1904171 - RGW Service is unavailable for a short period during upgrade to OCS 4.6 5. References: https://access.redhat.com/security/cve/CVE-2018-10103 https://access.redhat.com/security/cve/CVE-2018-10105 https://access.redhat.com/security/cve/CVE-2018-14461 https://access.redhat.com/security/cve/CVE-2018-14462 https://access.redhat.com/security/cve/CVE-2018-14463 https://access.redhat.com/security/cve/CVE-2018-14464 https://access.redhat.com/security/cve/CVE-2018-14465 https://access.redhat.com/security/cve/CVE-2018-14466 https://access.redhat.com/security/cve/CVE-2018-14467 https://access.redhat.com/security/cve/CVE-2018-14468 https://access.redhat.com/security/cve/CVE-2018-14469 https://access.redhat.com/security/cve/CVE-2018-14470 https://access.redhat.com/security/cve/CVE-2018-14879 https://access.redhat.com/security/cve/CVE-2018-14880 https://access.redhat.com/security/cve/CVE-2018-14881 https://access.redhat.com/security/cve/CVE-2018-14882 https://access.redhat.com/security/cve/CVE-2018-16227 https://access.redhat.com/security/cve/CVE-2018-16228 https://access.redhat.com/security/cve/CVE-2018-16229 https://access.redhat.com/security/cve/CVE-2018-16230 https://access.redhat.com/security/cve/CVE-2018-16300 https://access.redhat.com/security/cve/CVE-2018-16451 https://access.redhat.com/security/cve/CVE-2018-16452 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-1551 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-11068 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15166 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-18609 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-7720 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8237 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14019 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15586 https://access.redhat.com/security/cve/CVE-2020-16845 https://access.redhat.com/security/cve/CVE-2020-25660 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX9yeRtzjgjWX9erEAQhKqg//WVp+fmCNgDoozXxpMDkvwSjyEP8wbySG 6wxQcsechzpRP9/+1f6bmq61lsOcZG6RXLEXawJT7Enhu42xsJ10UEsZbvQDqxVA KXAGqNQus9PYN9pjUwdjcWUazqjwjtJ9E7D1cReoph7rc3+OghIqC/lwv29VSy+X sM42m+FpEvdzSYtYCwuh8Nj7HdIZKT8Oo1fMFHik7TgYnJm3GXLPagHbqnLXq0Kj qww4ChW4+pFpfxgBgXWCJYZVRAK0Cb/LjjylK/dG0cdCBECoC2olqH6KLbADdyIv g1t9YqzcqcL/A3ZJd5icmt7OUhcHE+S3QOE53KCf8ew2IVT8rMgY1sZBU+TH3wVx Vz8AHfWB25yvfermFRzOY9WcVGQuDiWK19NYBxtIrE5HniAJ6rszhz5HWEOOT1Qm a6fc0CRkAz2dtkxF06TFFTBKWzXJeICtnqGlBmzbgRMf9hV3UZVJj28p/5SHzpJ7 MF2EfwEk2FtM6AWba7nXFaD61bTswBtJZAdoOVDnqkrK0Hmrw1kXUz+2DYRtEU0c 7kfeqJ91cKj/9DBhxN6n4rJob+wxkp1Ew8gShbqBdlLHmN9lO0b/bNmXexKwzlxJ +KmOX/5IcXfDY3bOjbkvSNdWlDxJl/hKyJNP1uHCZVgNP+oekELOit+xwr2oj/BJ c2GmqBqesbg= =MfHM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution: Download the release images via: quay.io/redhat/quay:v3.3.3 quay.io/redhat/clair-jwt:v3.3.3 quay.io/redhat/quay-builder:v3.3.3 quay.io/redhat/clair:v3.3.3 4. Bugs fixed (https://bugzilla.redhat.com/): 1905758 - CVE-2020-27831 quay: email notifications authorization bypass 1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display 5. JIRA issues fixed (https://issues.jboss.org/): PROJQUAY-1124 - NVD feed is broken for latest Clair v2 version 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-29-9 Additional information for APPLE-SA-2019-9-26-6 tvOS 13 tvOS 13 addresses the following: AppleFirmwareUpdateKext Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2019-8747: Mohamed Ghannam (@_simo36) Entry added October 29, 2019 Audio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab Entry added October 29, 2019 CFNetwork Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: This issue was addressed with improved checks. CVE-2019-8753: Łukasz Pilorz of Standard Chartered GBS Poland Entry added October 29, 2019 CoreAudio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted movie may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved validation. CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Entry added October 29, 2019 CoreCrypto Available for: Apple TV 4K and Apple TV HD Impact: Processing a large input may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2019-8741: Nicky Mouha of NIST Entry added October 29, 2019 Foundation Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8746: Natalie Silvanovich and Samuel Groß of Google Project Zero Entry added October 29, 2019 IOUSBDeviceFamily Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8718: Joshua Hill and Sem Voigtländer Entry added October 29, 2019 Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2019-8740: Mohamed Ghannam (@_simo36) Entry added October 29, 2019 Kernel Available for: Apple TV 4K and Apple TV HD Impact: A local app may be able to read a persistent account identifier Description: A validation issue was addressed with improved logic. CVE-2019-8809: Apple Entry added October 29, 2019 Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8717: Jann Horn of Google Project Zero Entry added October 29, 2019 Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8712: Mohamed Ghannam (@_simo36) Entry added October 29, 2019 Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to determine kernel memory layout Description: A memory corruption issue existed in the handling of IPv6 packets. CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team Entry added October 29, 2019 Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2019-8709: derrek (@derrekr6) [confirmed]derrek (@derrekr6) Entry added October 29, 2019 Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to determine kernel memory layout Description: The issue was addressed with improved permissions logic. CVE-2019-8780: Siguza Entry added October 29, 2019 Keyboards Available for: Apple TV 4K and Apple TV HD Impact: A local user may be able to leak sensitive user information Description: An authentication issue was addressed with improved state management. CVE-2019-8750: found by OSS-Fuzz Entry added October 29, 2019 mDNSResponder Available for: Apple TV 4K and Apple TV HD Impact: An attacker in physical proximity may be able to passively observe device names in AWDL communications Description: This issue was resolved by replacing device names with a random identifier. CVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt Entry added October 29, 2019 UIFoundation Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8625: Sergei Glazunov of Google Project Zero CVE-2019-8719: Sergei Glazunov of Google Project Zero CVE-2019-8764: Sergei Glazunov of Google Project Zero Entry added October 29, 2019 WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8707: an anonymous researcher working with Trend Micro's Zero Day Initiative, cc working with Trend Micro Zero Day Initiative CVE-2019-8710: found by OSS-Fuzz CVE-2019-8726: Jihui Lu of Tencent KeenLab CVE-2019-8728: Junho Jang of LINE Security Team and Hanul Choi of ABLY Corporation CVE-2019-8733: Sergei Glazunov of Google Project Zero CVE-2019-8734: found by OSS-Fuzz CVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8743: zhunki from Codesafe Team of Legendsec at Qi'anxin Group CVE-2019-8751: Dongzhuo Zhao working with ADLab of Venustech CVE-2019-8752: Dongzhuo Zhao working with ADLab of Venustech CVE-2019-8763: Sergei Glazunov of Google Project Zero CVE-2019-8765: Samuel Groß of Google Project Zero CVE-2019-8766: found by OSS-Fuzz CVE-2019-8773: found by OSS-Fuzz Additional recognition Audio We would like to acknowledge riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative for their assistance. Entry added October 29, 2019 boringssl We would like to acknowledge Nimrod Aviram of Tel Aviv University, Robert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr University Bochum and Thijs Alkemade (@xnyhps) of Computest for their assistance. HomeKit We would like to acknowledge Tian Zhang for their assistance. mDNSResponder We would like to acknowledge Gregor Lang of e.solutions GmbH for their assistance. Profiles We would like to acknowledge Erik Johnson of Vernon Hills High School and James Seeley (@Code4iOS) of Shriver Job Corps for their assistance. WebKit We would like to acknowledge MinJeong Kim of Information Security Lab, Chungnam National University, JaeCheol Ryou of the Information Security Lab, Chungnam National University in South Korea, Yiğit Can YILMAZ (@yilmazcanyigit), Zhihua Yao of DBAPPSecurity Zion Lab, an anonymous researcher, and cc working with Trend Micro's Zero Day Initiative for their assistance. Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24p5YpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M0YchAA jI2eRdy8AoKd5E9xzIGpItuTINxIrpmJ7DLc5gGiCivdWfrIA1uqBdF+ACaaJKUm g1BGl1APui1r8ad4a1guUjVWsw7anVpORj/de/S80lylWR/4Fyhr2MCC1rq2twYs 2MlKiJ+KsQKM8Sf9QECrKivmQYI2Ssqwq8VwadsfZ6Mxrou7726bfjZ0+dlOSf0m ilG2hiOvc5mB8ZLvjQBXwLKdD3Li9DBQohpAM5VULymHmDUlWPPSdwkvdTxkMDYt 9pmhEq28K7oOCtCFD8SvAru/lNqJ6Q7sSTpzhnya8yh1sxKmfm0e7PQn08vX4JJ4 JCCj+ShEVl+ZKqX3IWvfITqgAZlF+vFM4S5UypkOTKSWzGob3Q5MRssbM+kK78M6 25GquKgaVfY8fxovMkskphi+z059FNVmivxSg/pnDjuiD6Z/t6A8DhxKmYCfbz9e HS9A8sSBGdP0IrIsznz0jBKdonoOzAQPcSreghac9G23JEN4vPb9Os8f+Wv8Yt1Q eWYHS8VliMnq/Zg9PqVvs4n/n8ttZ52uJcYpNLVR6NKJZMtaSoh/r3crwKyLB0UB /mOdIl55qzDUSVcyohcQlQa9moU02I8RaHw35lOVp87QtCK4IzKT8fPQnTN/c/bP 4eb6I9TA/xlMlYsXYNvIss8l6+Cs8NDdEqP3WQH7WCs= =SFPc -----END PGP SIGNATURE----- . The compliance-operator image updates are now available for OpenShift Container Platform 4.6. This advisory provides the following updates among others: * Enhances profile parsing time. * Fixes excessive resource consumption from the Operator. * Fixes default content image. * Fixes outdated remediation handling. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918990 - ComplianceSuite scans use quay content image for initContainer 1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present 1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules 1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console. Bugs fixed (https://bugzilla.redhat.com/): 1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from `oc explain` 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. 1891285 - Common templates and kubevirt-config cm - update machine-type 1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error 1892227 - [SSP] cluster scoped resources are not being reconciled 1893278 - openshift-virtualization-os-images namespace not seen by user 1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza 1894428 - Message for VMI not migratable is not clear enough 1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium 1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import 1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1898072 - Add Fedora33 to Fedora common templates 1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail 1899558 - CNV 2.6 - nmstate fails to set state 1901480 - VM disk io can't worked if namespace have label kubemacpool 1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig) 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1903014 - hco-webhook pod in CreateContainerError 1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode 1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT "default" 1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers 1907151 - kubevirt version is not reported correctly via virtctl 1907352 - VM/VMI link changes to `kubevirt.io~v1~VirtualMachineInstance` on CNV 2.6 1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused "Internal error occurred" for creating datavolume 1907988 - VM loses dynamic IP address of its default interface after migration 1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity 1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on "qemu-img: /data/disk.img" error 1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO 1911118 - Windows VMI LiveMigration / shutdown fails on 'XML error: non unique alias detected: ua-') 1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface 1911662 - el6 guests don't work properly if virtio bus is specified on various devices 1912908 - Allow using "scsi" bus for disks in template validation 1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails 1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user 1913717 - Users should have read permitions for golden images data volumes 1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes 1914177 - CNV does not preallocate blank file data volumes 1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes 1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer 1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block 1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 1920576 - HCO can report ready=true when it failed to create a CR for a component operator 1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool 1927373 - NoExecute taint violates pdb; VMIs are not live migrated 1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4->CNV-2.6.0 upgrade 5. ------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2019-0006 ------------------------------------------------------------------------ Date reported : November 08, 2019 Advisory ID : WSA-2019-0006 WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2019-0006.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2019-0006.html CVE identifiers : CVE-2019-8710, CVE-2019-8743, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2019-8710 Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before 2.26.0. Credit to found by OSS-Fuzz. CVE-2019-8743 Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before 2.26.0. Credit to zhunki from Codesafe Team of Legendsec at Qi'anxin Group. CVE-2019-8764 Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before 2.26.0. Credit to Sergei Glazunov of Google Project Zero. CVE-2019-8765 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to Samuel Groß of Google Project Zero. CVE-2019-8766 Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before 2.26.0. Credit to found by OSS-Fuzz. CVE-2019-8782 Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before 2.26.0. Credit to Cheolung Lee of LINE+ Security Team. CVE-2019-8783 Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before 2.26.1. Credit to Cheolung Lee of LINE+ Graylab Security Team. CVE-2019-8808 Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before 2.26.0. Credit to found by OSS-Fuzz. CVE-2019-8811 Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before 2.26.1. Credit to Soyeon Park of SSLab at Georgia Tech. CVE-2019-8812 Versions affected: WebKitGTK before 2.26.2 and WPE WebKit before 2.26.2. Credit to an anonymous researcher. CVE-2019-8813 Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before 2.26.1. Credit to an anonymous researcher. CVE-2019-8814 Versions affected: WebKitGTK before 2.26.2 and WPE WebKit before 2.26.2. Credit to Cheolung Lee of LINE+ Security Team. CVE-2019-8815 Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before 2.26.0. Credit to Apple. CVE-2019-8816 Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before 2.26.1. Credit to Soyeon Park of SSLab at Georgia Tech. CVE-2019-8819 Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before 2.26.1. Credit to Cheolung Lee of LINE+ Security Team. CVE-2019-8820 Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before 2.26.1. Credit to Samuel Groß of Google Project Zero. CVE-2019-8821 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to Sergei Glazunov of Google Project Zero. CVE-2019-8822 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to Sergei Glazunov of Google Project Zero. CVE-2019-8823 Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before 2.26.1. Credit to Sergei Glazunov of Google Project Zero. We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK and WPE WebKit team, November 08, 2019

Trust: 2.34

sources: NVD: CVE-2019-8743 // JVNDB: JVNDB-2019-011304 // VULHUB: VHN-160178 // VULMON: CVE-2019-8743 // PACKETSTORM: 160624 // PACKETSTORM: 160889 // PACKETSTORM: 155061 // PACKETSTORM: 161429 // PACKETSTORM: 161742 // PACKETSTORM: 155216

AFFECTED PRODUCTS

vendor:	apple	model:	watchos	scope:	lt	version:	6.1	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 11.0 earlier	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.15 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	13.2 earlier	Trust: 0.8
vendor:	apple	model:	ipados	scope:	lt	version:	13.2 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	12.10.2 for windows earlier	Trust: 0.8
vendor:	apple	model:	macos catalina	scope:	lt	version:	10.15.1 earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	10.13.6 (security update 2019-006 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	eq	version:	10.14.6 (security update 2019-001 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	13.0.3 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	13.2 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	6.1 earlier	Trust: 0.8
vendor:	apple	model:	xcode	scope:	lt	version:	11.2 earlier	Trust: 0.8

sources: JVNDB: JVNDB-2019-011304 // NVD: CVE-2019-8743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8743
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201910-1760
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160178
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-8743
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-8743
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-160178
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8743
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-160178 // VULMON: CVE-2019-8743 // CNNVD: CNNVD-201910-1760 // NVD: CVE-2019-8743

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-119	Trust: 0.1

sources: VULHUB: VHN-160178 // NVD: CVE-2019-8743

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 160624 // CNNVD: CNNVD-201910-1760

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1760

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011304

PATCH

title:	About the security content of iCloud for Windows 11.0	url:	https://support.apple.com/en-us/HT210727	Trust: 0.8
title:	About the security content of iCloud for Windows 7.15	url:	https://support.apple.com/en-us/HT210728	Trust: 0.8
title:	About the security content of iOS 13.2 and iPadOS 13.2	url:	https://support.apple.com/en-us/HT210721	Trust: 0.8
title:	About the security content of Xcode 11.2	url:	https://support.apple.com/en-us/HT210729	Trust: 0.8
title:	About the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006	url:	https://support.apple.com/en-us/HT210722	Trust: 0.8
title:	About the security content of tvOS 13.2	url:	https://support.apple.com/en-us/HT210723	Trust: 0.8
title:	About the security content of watchOS 6.1	url:	https://support.apple.com/en-us/HT210724	Trust: 0.8
title:	About the security content of Safari 13.0.3	url:	https://support.apple.com/en-us/HT210725	Trust: 0.8
title:	About the security content of iTunes 12.10.2 for Windows	url:	https://support.apple.com/en-us/HT210726	Trust: 0.8
title:	Mac に搭載されている macOS を調べる	url:	https://support.apple.com/ja-jp/HT201260	Trust: 0.8
title:	Multiple Apple product WebKit Fix for component buffer error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105606	Trust: 0.6
title:	Red Hat: Moderate: GNOME security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204451 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210190 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Quay v3.3.3 bug fix and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210050 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: webkitgtk4 security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204035 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210436 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Service Telemetry Framework 1.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225924 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205605 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220056 - Security Advisory	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1563	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1563	Trust: 0.1
title:	DRL-Guided-Fuzzing	url:	https://github.com/tangsongTJU/DRL-Guided-Fuzzing	Trust: 0.1

sources: VULMON: CVE-2019-8743 // JVNDB: JVNDB-2019-011304 // CNNVD: CNNVD-201910-1760

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8743	Trust: 3.2
db:	PACKETSTORM	id:	161429	Trust: 0.8
db:	PACKETSTORM	id:	160889	Trust: 0.8
db:	JVN	id:	JVNVU96749516	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-011304	Trust: 0.8
db:	PACKETSTORM	id:	166279	Trust: 0.7
db:	PACKETSTORM	id:	159816	Trust: 0.7
db:	PACKETSTORM	id:	161536	Trust: 0.7
db:	PACKETSTORM	id:	168011	Trust: 0.7
db:	CNNVD	id:	CNNVD-201910-1760	Trust: 0.7
db:	PACKETSTORM	id:	155216	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0099	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1025	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0691	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0234	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3399	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4456	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1549	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3893	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4233	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4513	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0584	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0864	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4013	Trust: 0.6
db:	PACKETSTORM	id:	156742	Trust: 0.6
db:	PACKETSTORM	id:	155068	Trust: 0.6
db:	PACKETSTORM	id:	161016	Trust: 0.1
db:	VULHUB	id:	VHN-160178	Trust: 0.1
db:	VULMON	id:	CVE-2019-8743	Trust: 0.1
db:	PACKETSTORM	id:	160624	Trust: 0.1
db:	PACKETSTORM	id:	155061	Trust: 0.1
db:	PACKETSTORM	id:	161742	Trust: 0.1

sources: VULHUB: VHN-160178 // VULMON: CVE-2019-8743 // JVNDB: JVNDB-2019-011304 // PACKETSTORM: 160624 // PACKETSTORM: 160889 // PACKETSTORM: 155061 // PACKETSTORM: 161429 // PACKETSTORM: 161742 // PACKETSTORM: 155216 // CNNVD: CNNVD-201910-1760 // NVD: CVE-2019-8743

REFERENCES

url:	https://security.gentoo.org/glsa/202003-22	Trust: 1.8
url:	https://support.apple.com/ht210724	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8743	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8710	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8764	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8766	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8812	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8750	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8822	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8813	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8823	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8814	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8765	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8815	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8816	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8819	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8782	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8820	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8783	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8811	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8747	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8821	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8735	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8788	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8803	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8815	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8766	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8735	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8789	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8804	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8816	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8775	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8793	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8805	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8710	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8819	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8782	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8794	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8807	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8743	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8820	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8783	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8795	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8811	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8747	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8821	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8784	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8797	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8812	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8750	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8822	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8785	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8798	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8813	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8764	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8823	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8786	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8802	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8814	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8765	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8787	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu96749516/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8785	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8797	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8786	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8798	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8787	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8802	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8788	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8803	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8804	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8775	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8789	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8805	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8793	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8807	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8794	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8784	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8795	Trust: 0.8
url:	https://wpewebkit.org/security/wsa-2019-0006.html	Trust: 0.7
url:	https://webkitgtk.org/security/wsa-2019-0006.html	Trust: 0.7
url:	https://support.apple.com/en-au/ht201222	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193044-1.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht210637	Trust: 0.6
url:	https://packetstormsecurity.com/files/161536/red-hat-security-advisory-2020-5635-01.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht210636	Trust: 0.6
url:	https://packetstormsecurity.com/files/168011/red-hat-security-advisory-2022-5924-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159816/red-hat-security-advisory-2020-4451-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/155216/webkitgtk-wpe-webkit-code-execution-xss.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4013/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156742/gentoo-linux-security-advisory-202003-22.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4233/	Trust: 0.6
url:	https://packetstormsecurity.com/files/161429/red-hat-security-advisory-2021-0436-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4513/	Trust: 0.6
url:	https://packetstormsecurity.com/files/166279/red-hat-security-advisory-2022-0056-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0234/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0584	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3399/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1025	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1549/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0864	Trust: 0.6
url:	https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-30975	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4456/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0691	Trust: 0.6
url:	https://packetstormsecurity.com/files/155068/apple-security-advisory-2019-10-29-11.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0099/	Trust: 0.6
url:	https://packetstormsecurity.com/files/160889/red-hat-security-advisory-2021-0050-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3893/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2019-20907	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-13050	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9925	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9802	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-20218	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9895	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8625	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-20388	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-15165	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-14382	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8812	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-3899	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8819	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-3867	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8720	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9893	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-19221	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8808	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-3902	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-1751	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-3900	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9805	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8820	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9807	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8769	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8710	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8813	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9850	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-7595	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8811	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-16168	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9803	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9862	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9327	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-3885	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-15503	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-16935	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-20916	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-5018	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-19956	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-10018	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-14422	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8835	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8764	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8844	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-3865	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-1730	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-3864	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-19906	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-20387	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-14391	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-3862	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-3901	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8823	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-1752	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-15903	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-3895	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-8492	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-11793	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-20454	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2018-20843	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9894	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8816	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9843	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-13627	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-6405	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8771	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13050	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-3897	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9806	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8814	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-14889	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20843	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8743	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9915	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8815	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-13632	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-10029	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8783	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-20807	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-13630	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-13631	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8766	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8846	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-3868	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-3894	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-8782	Trust: 0.4
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11068	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-18197	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-11068	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-1971	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-24659	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8625	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-16300	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14466	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-10105	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-15166	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-16230	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-16845	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14467	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10103	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14469	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-16229	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14465	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14882	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-16227	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14461	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14881	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14464	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14463	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16228	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14879	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-8177	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14469	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10105	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14880	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-1551	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14461	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14468	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14466	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14882	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-15586	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16227	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14464	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16452	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16230	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14468	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14467	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14462	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14880	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14881	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16300	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14462	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16229	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-16451	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-10103	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-16228	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14463	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16451	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-14040	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14879	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14470	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14470	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14465	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-16452	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20454	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20907	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19906	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5018	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19956	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20807	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14889	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20387	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13627	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20916	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19221	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15165	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16935	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8720	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20388	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16168	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20218	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-28362	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/tangsongtju/drl-guided-fuzzing	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4451	Trust: 0.1
url:	https://alas.aws.amazon.com/al2/alas-2020-1563.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-18609	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_openshift_container_s	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:5605	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25660	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14019	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1885700]	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7720	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8237	Trust: 0.1
url:	https://issues.jboss.org/):	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0050	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8771	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27831	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8769	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27832	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8753	Trust: 0.1
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8706	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8717	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8728	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8744	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8734	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8712	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8718	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8746	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8745	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8733	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8752	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8751	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8707	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8749	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8709	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8705	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8741	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8740	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8704	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8726	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18197	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1551	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20386	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/updating/updating-cluster	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20386	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0436	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8624	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25684	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25705	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26160	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-6829	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12403	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3156	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8623	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25683	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20206	Trust: 0.1
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29652	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14351	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17450	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12321	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15999	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14559	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29661	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25682	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8622	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25685	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0799	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3121	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25686	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25687	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25681	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8619	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9283	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27813	Trust: 0.1
url:	https://wpewebkit.org/security/.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8808	Trust: 0.1
url:	https://webkitgtk.org/security.html	Trust: 0.1

CREDITS

Apple,Red Hat,WebKitGTK+ Team,Gentoo

Trust: 0.6

sources: CNNVD: CNNVD-201910-1760

SOURCES

db:	VULHUB	id:	VHN-160178
db:	VULMON	id:	CVE-2019-8743
db:	JVNDB	id:	JVNDB-2019-011304
db:	PACKETSTORM	id:	160624
db:	PACKETSTORM	id:	160889
db:	PACKETSTORM	id:	155061
db:	PACKETSTORM	id:	161429
db:	PACKETSTORM	id:	161742
db:	PACKETSTORM	id:	155216
db:	CNNVD	id:	CNNVD-201910-1760
db:	NVD	id:	CVE-2019-8743

LAST UPDATE DATE

2024-11-12T21:02:16.339000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-160178	date:	2020-03-15T00:00:00
db:	VULMON	id:	CVE-2019-8743	date:	2021-11-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-011304	date:	2020-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201910-1760	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2019-8743	date:	2021-11-30T21:05:05.460

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-160178	date:	2019-12-18T00:00:00
db:	VULMON	id:	CVE-2019-8743	date:	2019-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-011304	date:	2019-11-01T00:00:00
db:	PACKETSTORM	id:	160624	date:	2020-12-18T19:14:41
db:	PACKETSTORM	id:	160889	date:	2021-01-11T16:29:48
db:	PACKETSTORM	id:	155061	date:	2019-11-01T17:08:00
db:	PACKETSTORM	id:	161429	date:	2021-02-16T15:44:48
db:	PACKETSTORM	id:	161742	date:	2021-03-10T16:02:43
db:	PACKETSTORM	id:	155216	date:	2019-11-08T15:45:31
db:	CNNVD	id:	CNNVD-201910-1760	date:	2019-10-30T00:00:00
db:	NVD	id:	CVE-2019-8743	date:	2019-12-18T18:15:38.333