Details of VAR-202006-0946

ID

VAR-202006-0946

CVE

CVE-2020-15358

TITLE

Sqlite Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202006-1768

DESCRIPTION

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. SQLite is an open source embedded relational database management system based on C language developed by American D.Richard Hipp software developer. The system has the characteristics of independence, isolation and cross-platform. multiSelectOrderBy in versions prior to SQLite 3.32.3 has a buffer error vulnerability. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8 5. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/ Security: * fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321) * fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322) * nodejs-netmask: improper input validation of octal input data (CVE-2021-28918) * redis: Integer overflow via STRALGO LCS command (CVE-2021-29477) * redis: Integer overflow via COPY command for large intsets (CVE-2021-29478) * nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469) * nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500) * golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing - -u- extension (CVE-2020-28851) * golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852) * nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377) * oras: zip-slip vulnerability via oras-pull (CVE-2021-21272) * redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * nodejs-lodash: command injection via template (CVE-2021-23337) * nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362) * browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364) * nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368) * nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369) * nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382) * nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383) * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) * nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292) * grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358) * nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092) * nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418) * ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482) * normalize-url: ReDoS for data URLs (CVE-2021-33502) * nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623) * nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343) * html-parse-stringify: Regular Expression DoS (CVE-2021-23346) * openssl: incorrect SSLv2 rollback protection (CVE-2021-23839) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. Bugs: * RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444) * cluster became offline after apiserver health check (BZ# 1942589) 3. Bugs fixed (https://bugzilla.redhat.com/): 1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters 5. CVE-2020-9976: Rias A. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre (onespan.com) and University College London, Jack Cable of Lightning Security, Ryan Pickren (ryanpickren.com), Yair Amit for their assistance. Entry added November 12, 2020 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 14.0 and iPadOS 14.0". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Advanced Cluster Management 2.2.4 security and bug fix update Advisory ID: RHSA-2021:2461-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2021:2461 Issue date: 2021-06-16 CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-14866 CVE-2019-25013 CVE-2019-25032 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8648 CVE-2020-8927 CVE-2020-10543 CVE-2020-10878 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-13434 CVE-2020-13776 CVE-2020-15358 CVE-2020-24330 CVE-2020-24331 CVE-2020-24332 CVE-2020-24977 CVE-2020-25648 CVE-2020-25692 CVE-2020-26116 CVE-2020-26137 CVE-2020-27170 CVE-2020-27618 CVE-2020-27619 CVE-2020-28196 CVE-2020-28362 CVE-2020-28935 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2021-3114 CVE-2021-3177 CVE-2021-3326 CVE-2021-3347 CVE-2021-3501 CVE-2021-3543 CVE-2021-21309 CVE-2021-21639 CVE-2021-21640 CVE-2021-23336 CVE-2021-25215 CVE-2021-27219 CVE-2021-28092 CVE-2021-28163 CVE-2021-28165 CVE-2021-28918 ===================================================================== 1. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security fixes: * redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092) * console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918) Bug fixes: * RHACM 2.2.4 images (BZ# 1957254) * Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832) * ACM Operator should support using the default route TLS (BZ# 1955270) * The scrolling bar for search filter does not work properly (BZ# 1956852) * Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426) * The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181) * Unable to make SSH connection to a Bitbucket server (BZ# 1966513) * Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890) 3. Bugs fixed (https://bugzilla.redhat.com/): 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message 5. References: https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2019-25032 https://access.redhat.com/security/cve/CVE-2019-25034 https://access.redhat.com/security/cve/CVE-2019-25035 https://access.redhat.com/security/cve/CVE-2019-25036 https://access.redhat.com/security/cve/CVE-2019-25037 https://access.redhat.com/security/cve/CVE-2019-25038 https://access.redhat.com/security/cve/CVE-2019-25039 https://access.redhat.com/security/cve/CVE-2019-25040 https://access.redhat.com/security/cve/CVE-2019-25041 https://access.redhat.com/security/cve/CVE-2019-25042 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8648 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12362 https://access.redhat.com/security/cve/CVE-2020-12363 https://access.redhat.com/security/cve/CVE-2020-12364 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-24330 https://access.redhat.com/security/cve/CVE-2020-24331 https://access.redhat.com/security/cve/CVE-2020-24332 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25648 https://access.redhat.com/security/cve/CVE-2020-25692 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27170 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2020-28935 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2021-3114 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3347 https://access.redhat.com/security/cve/CVE-2021-3501 https://access.redhat.com/security/cve/CVE-2021-3543 https://access.redhat.com/security/cve/CVE-2021-21309 https://access.redhat.com/security/cve/CVE-2021-21639 https://access.redhat.com/security/cve/CVE-2021-21640 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/cve/CVE-2021-25215 https://access.redhat.com/security/cve/CVE-2021-27219 https://access.redhat.com/security/cve/CVE-2021-28092 https://access.redhat.com/security/cve/CVE-2021-28163 https://access.redhat.com/security/cve/CVE-2021-28165 https://access.redhat.com/security/cve/CVE-2021-28918 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. Description: Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers. Bug Fix(es): * WMCO patch pub-key-hash annotation to Linux node (BZ#1945248) * LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917) * Telemetry info not completely available to identify windows nodes (BZ#1955319) * WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412) * kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263) 3. Solution: For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 macOS Big Sur 11.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211931. AMD Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-27914: Yu Wang of Didi Research America CVE-2020-27915: Yu Wang of Didi Research America Entry added December 14, 2020 App Store Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light- Year Lab Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab Bluetooth Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause unexpected application termination or heap corruption Description: Multiple integer overflows were addressed with improved input validation. CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab CoreAudio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light- Year Lab CVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year Lab CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab Entry added December 14, 2020 CoreAudio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab CoreCapture Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9949: Proteas CoreGraphics Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro Crash Reporter Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local attacker may be able to elevate their privileges Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan CoreText Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-27922: Mickey Jin of Trend Micro Entry added December 14, 2020 CoreText Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-9999: Apple Entry updated December 14, 2020 Disk Images Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9965: Proteas CVE-2020-9966: Proteas Finder Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Users may be unable to remove metadata indicating where files were downloaded from Description: The issue was addressed with additional user controls. CVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com) FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved size validation. CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added December 14, 2020 FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro Entry added December 14, 2020 FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro’s Zero Day Initiative Entry added December 14, 2020 FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. CVE-2020-27931: Apple Entry added December 14, 2020 FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory corruption issue was addressed with improved input validation. CVE-2020-27930: Google Project Zero FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab Foundation Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local user may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2020-10002: James Hutchins HomeKit Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An attacker in a privileged network position may be able to unexpectedly alter application state Description: This issue was addressed with improved setting propagation. CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology Entry added December 14, 2020 ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab Entry added December 14, 2020 ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27924: Lei Sun Entry added December 14, 2020 ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab CVE-2020-27923: Lei Sun Entry updated December 14, 2020 ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9876: Mickey Jin of Trend Micro Intel Graphics Driver Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc., and Luyi Xing of Indiana University Bloomington Entry added December 14, 2020 Intel Graphics Driver Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative Entry added December 14, 2020 Image Processing Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab Entry added December 14, 2020 Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2020-9967: Alex Plaskett (@alexjplaskett) Entry added December 14, 2020 Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9975: Tielei Wang of Pangu Lab Entry added December 14, 2020 Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2020-27921: Linus Henze (pinauten.de) Entry added December 14, 2020 Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management. CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong Security Lab Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel Description: A routing issue was addressed with improved restrictions. CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory initialization issue was addressed. CVE-2020-27950: Google Project Zero Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management. CVE-2020-9974: Tommy Muir (@Muirey03) Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-10016: Alex Helie Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A type confusion issue was addressed with improved state handling. CVE-2020-27932: Google Project Zero libxml2 Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27917: found by OSS-Fuzz CVE-2020-27920: found by OSS-Fuzz Entry updated December 14, 2020 libxml2 Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2020-27911: found by OSS-Fuzz libxpc Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. CVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Entry added December 14, 2020 libxpc Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to break out of its sandbox Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Logging Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local attacker may be able to elevate their privileges Description: A path handling issue was addressed with improved validation. CVE-2020-10010: Tommy Muir (@Muirey03) Mail Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to unexpectedly alter application state Description: This issue was addressed with improved checks. CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences Messages Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local user may be able to discover a user’s deleted messages Description: The issue was addressed with improved deletion. CVE-2020-9988: William Breuer of the Netherlands CVE-2020-9989: von Brunn Media Model I/O Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-10011: Aleksandar Nikolic of Cisco Talos Entry added December 14, 2020 Model I/O Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-13524: Aleksandar Nikolic of Cisco Talos Model I/O Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-10004: Aleksandar Nikolic of Cisco Talos NetworkExtension Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to elevate privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro NSRemoteView Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved restrictions. CVE-2020-27901: Thijs Alkemade of Computest Research Division Entry added December 14, 2020 NSRemoteView Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to preview files it does not have access to Description: An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic. CVE-2020-27900: Thijs Alkemade of Computest Research Division PCRE Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Multiple issues in pcre Description: Multiple issues were addressed by updating to version 8.44. CVE-2019-20838 CVE-2020-14155 Power Management Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management. CVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative python Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Cookies belonging to one origin may be sent to another origin Description: Multiple issues were addressed with improved logic. CVE-2020-27896: an anonymous researcher Quick Look Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious app may be able to determine the existence of files on the computer Description: The issue was addressed with improved handling of icon caches. CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security Quick Look Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted document may lead to a cross site scripting attack Description: An access issue was addressed with improved access restrictions. CVE-2020-10012: Heige of KnownSec 404 Team (https://www.knownsec.com/) and Bo Qu of Palo Alto Networks (https://www.paloaltonetworks.com/) Ruby Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to modify the file system Description: A path handling issue was addressed with improved validation. CVE-2020-27896: an anonymous researcher Ruby Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system Description: This issue was addressed with improved checks. CVE-2020-10663: Jeremy Evans Safari Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati Safari Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to determine a user's open tabs in Safari Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. CVE-2020-9977: Josh Parnham (@joshparnham) Safari Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2020-9942: an anonymous researcher, Rahul d Kankrale (servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho (@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab Sandbox Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local user may be able to view senstive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog) SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-9991 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to leak memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9849 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating SQLite to version 3.32.3. CVE-2020-15358 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A maliciously crafted SQL query may lead to data corruption Description: This issue was addressed with improved checks. CVE-2020-13631 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-13630 Symptom Framework Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local attacker may be able to elevate their privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-27899: 08Tc3wBB working with ZecOps Entry added December 14, 2020 System Preferences Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2020-10009: Thijs Alkemade of Computest Research Division TCC Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application with root privileges may be able to access private information Description: A logic issue was addressed with improved restrictions. CVE-2020-10008: Wojciech Reguła of SecuRing (wojciechregula.blog) Entry added December 14, 2020 WebKit Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27918: Liu Long of Ant Security Light-Year Lab Entry updated December 14, 2020 Wi-Fi Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An attacker may be able to bypass Managed Frame Protection Description: A denial of service issue was addressed with improved state handling. CVE-2020-27898: Stephan Marais of University of Johannesburg Xsan Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2020-10006: Wojciech Reguła (@_r3ggi) of SecuRing Additional recognition 802.1X We would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance. Entry added December 14, 2020 Audio We would like to acknowledge JunDong Xie and XingWei Lin of Ant- financial Light-Year Security Lab, an anonymous researcher for their assistance. Bluetooth We would like to acknowledge Andy Davis of NCC Group, Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance. Entry updated December 14, 2020 Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Core Location We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Crash Reporter We would like to acknowledge Artur Byszko of AFINE for their assistance. Entry added December 14, 2020 Directory Utility We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. iAP We would like to acknowledge Andy Davis of NCC Group for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero, Stephen Röttger of Google for their assistance. libxml2 We would like to acknowledge an anonymous researcher for their assistance. Entry added December 14, 2020 Login Window We would like to acknowledge Rob Morton of Leidos for their assistance. Photos Storage We would like to acknowledge Paulos Yibelo of LimeHats for their assistance. Quick Look We would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech Reguła of SecuRing (wojciechregula.blog) for their assistance. Safari We would like to acknowledge Gabriel Corona and Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their assistance. Security We would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance. System Preferences We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YDPwACgkQZcsbuWJ6 jjANmhAAoj+ZHNnH2pGDFl2/jrAtvWBtXg8mqw6NtNbGqWDZFhnY5q7Lp8WTx/Pi x64A4F8bU5xcybnmaDpK5PMwAAIiAg4g1BhpOq3pGyeHEasNx7D9damfqFGKiivS p8nl62XE74ayfxdZGa+2tOVFTFwqixfr0aALVoQUhAWNeYuvVSgJXlgdGjj+QSL+ 9vW86kbQypOqT5TPDg6tpJy3g5s4hotkfzCfxA9mIKOg5e/nnoRNhw0c1dzfeTRO INzGxnajKGGYy2C3MH6t0cKG0B6cH7aePZCHYJ1jmuAVd0SD3PfmoT76DeRGC4Ri c8fGD+5pvSF6/+5E+MbH3t3D6bLiCGRFJtYNMpr46gUKKt27EonSiheYCP9xR6lU ChpYdcgHMOHX4a07/Oo8vEwQrtJ4JryhI9tfBel1ewdSoxk2iCFKzLLYkDMihD6B 1x/9MlaqEpLYBnuKkrRzFINW23TzFPTI/+i2SbUscRQtK0qE7Up5C+IUkRvBGhEs MuEmEnn5spnVG2EBcKeLtJxtf/h5WaRFrev72EvSVR+Ko8Cj0MgK6IATu6saq8bV kURL5empvpexFAvVQWRDaLgGBHKM+uArBz2OP6t7wFvD2p1Vq5M+dMrEPna1JO/S AXZYC9Y9bBRZfYQAv7nxa+uIXy2rGTuQKQY8ldu4eEHtJ0OhaB8= =T5Y8 -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: SQLite: Multiple vulnerabilities Date: July 27, 2020 Bugs: #716748 ID: 202007-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in SQLite, the worst of which could result in the arbitrary execution of code. Background ========= SQLite is a C library that implements an SQL database engine. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/sqlite < 3.32.3 >= 3.32.3 Description ========== Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All SQLite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-db/sqlite-3.32.3" References ========= [ 1 ] CVE-2019-20218 https://nvd.nist.gov/vuln/detail/CVE-2019-20218 [ 2 ] CVE-2020-11655 https://nvd.nist.gov/vuln/detail/CVE-2020-11655 [ 3 ] CVE-2020-11656 https://nvd.nist.gov/vuln/detail/CVE-2020-11656 [ 4 ] CVE-2020-13434 https://nvd.nist.gov/vuln/detail/CVE-2020-13434 [ 5 ] CVE-2020-13435 https://nvd.nist.gov/vuln/detail/CVE-2020-13435 [ 6 ] CVE-2020-13630 https://nvd.nist.gov/vuln/detail/CVE-2020-13630 [ 7 ] CVE-2020-13631 https://nvd.nist.gov/vuln/detail/CVE-2020-13631 [ 8 ] CVE-2020-13632 https://nvd.nist.gov/vuln/detail/CVE-2020-13632 [ 9 ] CVE-2020-13871 https://nvd.nist.gov/vuln/detail/CVE-2020-13871 [ 10 ] CVE-2020-15358 https://nvd.nist.gov/vuln/detail/CVE-2020-15358 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-26 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Description: Red Hat OpenShift Serverless 1.17.0 release of the OpenShift Serverless Operator. Security Fix(es): * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) * golang: net: lookup functions may return invalid host names (CVE-2021-33195) * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) * golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) * golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918) * golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525) * golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196) It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. This has been fixed (CVE-2021-3703). For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless/index See the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.7/html/serverless/index See the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.8/html/serverless/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196 5

Trust: 1.71

sources: NVD: CVE-2020-15358 // VULHUB: VHN-168328 // PACKETSTORM: 163789 // PACKETSTORM: 163747 // PACKETSTORM: 160061 // PACKETSTORM: 163188 // PACKETSTORM: 163257 // PACKETSTORM: 160545 // PACKETSTORM: 158592 // PACKETSTORM: 164192

AFFECTED PRODUCTS

vendor:	oracle	model:	hyperion infrastructure technology	scope:	eq	version:	11.1.2.4	Trust: 1.0
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	12.0.2	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	lte	version:	8.0.22	Trust: 1.0
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	oracle	model:	outside in technology	scope:	eq	version:	8.5.5	Trust: 1.0
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.4.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	20.04	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.21	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	14.0	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	14.0	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	7.0	Trust: 1.0
vendor:	sqlite	model:	sqlite	scope:	lt	version:	3.32.3	Trust: 1.0
vendor:	siemens	model:	sinec infrastructure network services	scope:	lt	version:	1.0.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	14.0	Trust: 1.0
vendor:	oracle	model:	communications cloud native core policy	scope:	eq	version:	1.14.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.0.1	Trust: 1.0
vendor:	oracle	model:	outside in technology	scope:	eq	version:	8.5.4	Trust: 1.0
vendor:	oracle	model:	communications messaging server	scope:	eq	version:	8.1	Trust: 1.0

sources: NVD: CVE-2020-15358

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-15358
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202006-1768
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-168328
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-15358
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-168328
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-15358
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-168328 // CNNVD: CNNVD-202006-1768 // NVD: CVE-2020-15358

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.1

sources: VULHUB: VHN-168328 // NVD: CVE-2020-15358

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1768

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202006-1768

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-168328

PATCH

title:

SQLite Buffer error vulnerability fix

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=123602

Trust: 0.6

sources: CNNVD: CNNVD-202006-1768

EXTERNAL IDS

db:	NVD	id:	CVE-2020-15358	Trust: 2.5
db:	SIEMENS	id:	SSA-389290	Trust: 1.7
db:	PACKETSTORM	id:	160061	Trust: 0.8
db:	PACKETSTORM	id:	160545	Trust: 0.8
db:	PACKETSTORM	id:	161245	Trust: 0.7
db:	PACKETSTORM	id:	163267	Trust: 0.7
db:	PACKETSTORM	id:	163496	Trust: 0.7
db:	PACKETSTORM	id:	163276	Trust: 0.7
db:	PACKETSTORM	id:	158623	Trust: 0.7
db:	PACKETSTORM	id:	162628	Trust: 0.7
db:	CNNVD	id:	CNNVD-202006-1768	Trust: 0.7
db:	PACKETSTORM	id:	163747	Trust: 0.7
db:	PACKETSTORM	id:	164192	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0349	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3181.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2561	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2412	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.3732	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1025	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4058	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2515	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3141	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2711	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1820	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1689	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1866	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2657	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2228	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4060.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2365	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3221	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2180	Trust: 0.6
db:	CS-HELP	id:	SB2022031104	Trust: 0.6
db:	CS-HELP	id:	SB2022011038	Trust: 0.6
db:	CS-HELP	id:	SB2021072292	Trust: 0.6
db:	CS-HELP	id:	SB2021062315	Trust: 0.6
db:	CS-HELP	id:	SB2021071516	Trust: 0.6
db:	CS-HELP	id:	SB2022071831	Trust: 0.6
db:	CS-HELP	id:	SB2021052017	Trust: 0.6
db:	CS-HELP	id:	SB2021092220	Trust: 0.6
db:	CS-HELP	id:	SB2021062703	Trust: 0.6
db:	CS-HELP	id:	SB2022060618	Trust: 0.6
db:	CS-HELP	id:	SB2021100407	Trust: 0.6
db:	NSFOCUS	id:	46984	Trust: 0.6
db:	PACKETSTORM	id:	163257	Trust: 0.2
db:	PACKETSTORM	id:	158592	Trust: 0.2
db:	PACKETSTORM	id:	163188	Trust: 0.2
db:	PACKETSTORM	id:	160062	Trust: 0.1
db:	PACKETSTORM	id:	160064	Trust: 0.1
db:	PACKETSTORM	id:	163209	Trust: 0.1
db:	VULHUB	id:	VHN-168328	Trust: 0.1
db:	PACKETSTORM	id:	163789	Trust: 0.1

sources: VULHUB: VHN-168328 // PACKETSTORM: 163789 // PACKETSTORM: 163747 // PACKETSTORM: 160061 // PACKETSTORM: 163188 // PACKETSTORM: 163257 // PACKETSTORM: 160545 // PACKETSTORM: 158592 // PACKETSTORM: 164192 // CNNVD: CNNVD-202006-1768 // NVD: CVE-2020-15358

REFERENCES

url:	https://security.gentoo.org/glsa/202007-26	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20200709-0001/	Trust: 1.7
url:	https://support.apple.com/kb/ht211843	Trust: 1.7
url:	https://support.apple.com/kb/ht211844	Trust: 1.7
url:	https://support.apple.com/kb/ht211847	Trust: 1.7
url:	https://support.apple.com/kb/ht211850	Trust: 1.7
url:	https://support.apple.com/kb/ht211931	Trust: 1.7
url:	https://support.apple.com/kb/ht212147	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2020/nov/20	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2020/nov/19	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2020/nov/22	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2020/dec/32	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2021/feb/14	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.7
url:	https://www.sqlite.org/src/info/10fa79d00f8091e5	Trust: 1.7
url:	https://www.sqlite.org/src/tktview?name=8f157e8010	Trust: 1.7
url:	https://usn.ubuntu.com/4438-1/	Trust: 1.7
url:	https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15358	Trust: 1.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13434	Trust: 0.8
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-visions-202111-0000001172249896	Trust: 0.6
url:	https://packetstormsecurity.com/files/164192/red-hat-security-advisory-2021-3556-01.html	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/46984	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052017	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1689	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2657	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0349/	Trust: 0.6
url:	https://packetstormsecurity.com/files/163747/red-hat-security-advisory-2021-3016-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2020-15358/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2180	Trust: 0.6
url:	https://packetstormsecurity.com/files/158623/ubuntu-security-notice-usn-4438-1.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072292	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2228	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060618	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2561/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6520474	Trust: 0.6
url:	https://packetstormsecurity.com/files/160545/apple-security-advisory-2020-12-14-4.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071516	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4058	Trust: 0.6
url:	https://packetstormsecurity.com/files/162628/red-hat-security-advisory-2021-1581-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities-3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1866	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2515	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1820	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2711	Trust: 0.6
url:	https://source.android.com/security/bulletin/2021-10-01	Trust: 0.6
url:	https://support.apple.com/en-us/ht211844	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021100407	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2365	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4060.2/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022071831	Trust: 0.6
url:	https://packetstormsecurity.com/files/163276/red-hat-security-advisory-2021-2543-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1025	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-tensorflow-in-sqlite-before-3-32-3-select-c-mishandles-query-flattener-optimization/	Trust: 0.6
url:	https://packetstormsecurity.com/files/163496/red-hat-security-advisory-2021-2705-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.3732	Trust: 0.6
url:	https://packetstormsecurity.com/files/161245/apple-security-advisory-2021-02-01-1.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021062703	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092220	Trust: 0.6
url:	https://support.apple.com/en-us/ht212147	Trust: 0.6
url:	https://packetstormsecurity.com/files/163267/red-hat-security-advisory-2021-2532-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3221	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011038	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2412	Trust: 0.6
url:	https://packetstormsecurity.com/files/160061/apple-security-advisory-2020-11-13-3.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021062315	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3181.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3141	Trust: 0.6
url:	https://vigilance.fr/vulnerability/sqlite-buffer-overflow-via-query-flattener-optimization-32637	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-cve-2020-15358/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031104	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-8286	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-28196	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-15358	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14502	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-13434	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-8231	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-29362	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2017-14502	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-8285	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10228	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-9169	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-25013	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-29361	Trust: 0.5
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9169	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2021-3326	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-25013	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-2708	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-8927	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-29363	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2708	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2016-10228	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-8284	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-27618	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2021-27219	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-3520	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3537	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3518	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3516	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3517	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3541	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-20271	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-20305	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27618	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3449	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28196	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3450	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29362	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29361	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13435	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13631	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13630	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-25039	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12364	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-25037	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-25037	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-12363	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-33909	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-32399	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-28935	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-25034	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-25035	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14866	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-26116	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-25038	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14866	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-26137	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-25040	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3560	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-25042	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-25042	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-12362	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-25038	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-25032	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-25041	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-25217	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-25036	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-25032	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-27619	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-25215	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3177	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-25036	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-25035	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-23336	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12362	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12363	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3114	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-25039	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-25040	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-12364	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-25041	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-33910	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-25034	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-28092	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-21309	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-28918	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14899	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13776	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-3842	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-13776	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-24977	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3842	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8284	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20305	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8285	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8286	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8927	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3326	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29363	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8231	Trust: 0.2
url:	https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14347	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14346	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25712	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23240	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9951	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23239	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36242	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9948	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13012	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14363	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14345	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13584	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14360	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13584	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20201	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25659	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:3119	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9983	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14344	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14345	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14344	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14362	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14361	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28211	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13012	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14346	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20454	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28469	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28500	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20934	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29418	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28852	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13050	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33034	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20843	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28851	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1730	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29482	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23337	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-27358	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19906	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23369	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13050	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21321	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23368	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11668	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23362	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23364	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23343	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33502	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23841	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23383	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28851	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28852	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23840	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33033	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1000858	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14889	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1730	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13627	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1000858	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20934	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28469	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:3016	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3377	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20454	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28500	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21272	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29477	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-27292	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23346	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29478	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11668	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23839	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19906	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33623	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21322	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23382	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-15903	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13627	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14889	Trust: 0.1
url:	https://www.apple.com/itunes/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9961	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9964	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9951	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6147	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9947	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9963	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9944	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9954	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9773	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9941	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9943	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9958	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9965	Trust: 0.1
url:	https://support.apple.com/ht211850.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9946	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9876	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10013	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13520	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9949	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9849	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9950	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9959	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9952	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21639	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28165	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10878	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24330	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28163	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21640	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24330	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3501	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25648	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8648	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27170	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24331	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25692	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2433	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3347	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24332	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28362	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10543	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10878	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2461	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25736	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3450	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2130	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27219	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.7/windows_containers/window	Trust: 0.1
url:	https://issues.jboss.org/):	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-25736	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3449	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24977	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10014	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13524	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14155	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10016	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10011	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10015	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10017	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27894	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27896	Trust: 0.1
url:	https://support.apple.com/ht211931.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10003	Trust: 0.1
url:	https://www.knownsec.com/)	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10009	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10004	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10008	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20838	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10002	Trust: 0.1
url:	https://www.paloaltonetworks.com/)	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10010	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10012	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10663	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10006	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10007	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11655	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11656	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13871	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20218	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13632	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27918	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33196	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33195	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-27918	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27218	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33196	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33197	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33195	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33198	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33198	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-31525	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-27218	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-34558	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:3556	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33197	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20271	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3421	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31525	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3703	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index	Trust: 0.1

CREDITS

Red Hat

Trust: 1.1

sources: PACKETSTORM: 163789 // PACKETSTORM: 163747 // PACKETSTORM: 163188 // PACKETSTORM: 163257 // PACKETSTORM: 164192 // CNNVD: CNNVD-202006-1768

SOURCES

db:	VULHUB	id:	VHN-168328
db:	PACKETSTORM	id:	163789
db:	PACKETSTORM	id:	163747
db:	PACKETSTORM	id:	160061
db:	PACKETSTORM	id:	163188
db:	PACKETSTORM	id:	163257
db:	PACKETSTORM	id:	160545
db:	PACKETSTORM	id:	158592
db:	PACKETSTORM	id:	164192
db:	CNNVD	id:	CNNVD-202006-1768
db:	NVD	id:	CVE-2020-15358

LAST UPDATE DATE

2025-04-18T19:46:10.907000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-168328	date:	2022-05-12T00:00:00
db:	CNNVD	id:	CNNVD-202006-1768	date:	2023-06-30T00:00:00
db:	NVD	id:	CVE-2020-15358	date:	2024-11-21T05:05:24.197

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-168328	date:	2020-06-27T00:00:00
db:	PACKETSTORM	id:	163789	date:	2021-08-11T16:15:17
db:	PACKETSTORM	id:	163747	date:	2021-08-06T14:02:37
db:	PACKETSTORM	id:	160061	date:	2020-11-13T20:32:22
db:	PACKETSTORM	id:	163188	date:	2021-06-17T17:53:22
db:	PACKETSTORM	id:	163257	date:	2021-06-23T15:44:15
db:	PACKETSTORM	id:	160545	date:	2020-12-16T18:05:29
db:	PACKETSTORM	id:	158592	date:	2020-07-27T18:32:44
db:	PACKETSTORM	id:	164192	date:	2021-09-17T16:04:56
db:	CNNVD	id:	CNNVD-202006-1768	date:	2020-06-27T00:00:00
db:	NVD	id:	CVE-2020-15358	date:	2020-06-27T12:15:11.187