ID

VAR-201912-0124


CVE

CVE-2019-8815


TITLE

Multiple Apple product WebKit Process Model Component Buffer Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201910-1755

DESCRIPTION

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. Summary: An update is now available for Service Telemetry Framework 1.4 for RHEL 8. Description: Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/): 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 5. Bug Fix(es): * Aggregator pod tries to parse ConfigMaps without results (BZ#1899479) * The compliancesuite object returns error with ocp4-cis tailored profile (BZ#1902251) * The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object (BZ#1902634) * [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object (BZ#1907414) * The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator (BZ#1908991) * Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" (BZ#1909081) * [OCP v46] Always update the default profilebundles on Compliance operator startup (BZ#1909122) 3. Bugs fixed (https://bugzilla.redhat.com/): 1899479 - Aggregator pod tries to parse ConfigMaps without results 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902251 - The compliancesuite object returns error with ocp4-cis tailored profile 1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object 1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object 1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator 1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" 1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup 5. Installation note: Safari 13.0.3 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.7.0 extras and security update Advisory ID: RHSA-2020:5635-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:5635 Issue date: 2021-02-24 CVE Names: CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-13050 CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15903 CVE-2019-16168 CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 CVE-2019-19221 CVE-2019-19906 CVE-2019-19956 CVE-2019-20218 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20807 CVE-2019-20907 CVE-2019-20916 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-8492 CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-11793 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14040 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 CVE-2020-15999 CVE-2020-24659 CVE-2020-24750 CVE-2020-25211 CVE-2020-25658 CVE-2021-3121 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.7.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release also includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750) * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.0. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHEA-2020:5633 All OpenShift Container Platform users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. 3. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 1823765 - nfd-workers crash under an ipv6 environment 1838802 - mysql8 connector from operatorhub does not work with metering operator 1838845 - Metering operator can't connect to postgres DB from Operator Hub 1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1868294 - NFD operator does not allow customisation of nfd-worker.conf 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1890672 - NFD is missing a build flag to build correctly 1890741 - path to the CA trust bundle ConfigMap is broken in report operator 1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster 1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel 1900125 - FIPS error while generating RSA private key for CA 1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub 1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub 1913837 - The CI and ART 4.7 metering images are not mirrored 1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le 1916010 - olm skip range is set to the wrong range 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923998 - NFD Operator is failing to update and remains in Replacing state 5. References: https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-3884 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-17450 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3898 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-8566 https://access.redhat.com/security/cve/CVE-2020-8619 https://access.redhat.com/security/cve/CVE-2020-8622 https://access.redhat.com/security/cve/CVE-2020-8623 https://access.redhat.com/security/cve/CVE-2020-8624 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15157 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: March 15, 2020 Bugs: #699156, #706374, #709612 ID: 202003-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.26.4 >= 2.26.4 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Impact ====== A remote attacker could execute arbitrary code, cause a Denial of Service condition, bypass intended memory-read restrictions, conduct a timing side-channel attack to bypass the Same Origin Policy or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.26.4" References ========== [ 1 ] CVE-2019-8625 https://nvd.nist.gov/vuln/detail/CVE-2019-8625 [ 2 ] CVE-2019-8674 https://nvd.nist.gov/vuln/detail/CVE-2019-8674 [ 3 ] CVE-2019-8707 https://nvd.nist.gov/vuln/detail/CVE-2019-8707 [ 4 ] CVE-2019-8710 https://nvd.nist.gov/vuln/detail/CVE-2019-8710 [ 5 ] CVE-2019-8719 https://nvd.nist.gov/vuln/detail/CVE-2019-8719 [ 6 ] CVE-2019-8720 https://nvd.nist.gov/vuln/detail/CVE-2019-8720 [ 7 ] CVE-2019-8726 https://nvd.nist.gov/vuln/detail/CVE-2019-8726 [ 8 ] CVE-2019-8733 https://nvd.nist.gov/vuln/detail/CVE-2019-8733 [ 9 ] CVE-2019-8735 https://nvd.nist.gov/vuln/detail/CVE-2019-8735 [ 10 ] CVE-2019-8743 https://nvd.nist.gov/vuln/detail/CVE-2019-8743 [ 11 ] CVE-2019-8763 https://nvd.nist.gov/vuln/detail/CVE-2019-8763 [ 12 ] CVE-2019-8764 https://nvd.nist.gov/vuln/detail/CVE-2019-8764 [ 13 ] CVE-2019-8765 https://nvd.nist.gov/vuln/detail/CVE-2019-8765 [ 14 ] CVE-2019-8766 https://nvd.nist.gov/vuln/detail/CVE-2019-8766 [ 15 ] CVE-2019-8768 https://nvd.nist.gov/vuln/detail/CVE-2019-8768 [ 16 ] CVE-2019-8769 https://nvd.nist.gov/vuln/detail/CVE-2019-8769 [ 17 ] CVE-2019-8771 https://nvd.nist.gov/vuln/detail/CVE-2019-8771 [ 18 ] CVE-2019-8782 https://nvd.nist.gov/vuln/detail/CVE-2019-8782 [ 19 ] CVE-2019-8783 https://nvd.nist.gov/vuln/detail/CVE-2019-8783 [ 20 ] CVE-2019-8808 https://nvd.nist.gov/vuln/detail/CVE-2019-8808 [ 21 ] CVE-2019-8811 https://nvd.nist.gov/vuln/detail/CVE-2019-8811 [ 22 ] CVE-2019-8812 https://nvd.nist.gov/vuln/detail/CVE-2019-8812 [ 23 ] CVE-2019-8813 https://nvd.nist.gov/vuln/detail/CVE-2019-8813 [ 24 ] CVE-2019-8814 https://nvd.nist.gov/vuln/detail/CVE-2019-8814 [ 25 ] CVE-2019-8815 https://nvd.nist.gov/vuln/detail/CVE-2019-8815 [ 26 ] CVE-2019-8816 https://nvd.nist.gov/vuln/detail/CVE-2019-8816 [ 27 ] CVE-2019-8819 https://nvd.nist.gov/vuln/detail/CVE-2019-8819 [ 28 ] CVE-2019-8820 https://nvd.nist.gov/vuln/detail/CVE-2019-8820 [ 29 ] CVE-2019-8821 https://nvd.nist.gov/vuln/detail/CVE-2019-8821 [ 30 ] CVE-2019-8822 https://nvd.nist.gov/vuln/detail/CVE-2019-8822 [ 31 ] CVE-2019-8823 https://nvd.nist.gov/vuln/detail/CVE-2019-8823 [ 32 ] CVE-2019-8835 https://nvd.nist.gov/vuln/detail/CVE-2019-8835 [ 33 ] CVE-2019-8844 https://nvd.nist.gov/vuln/detail/CVE-2019-8844 [ 34 ] CVE-2019-8846 https://nvd.nist.gov/vuln/detail/CVE-2019-8846 [ 35 ] CVE-2020-3862 https://nvd.nist.gov/vuln/detail/CVE-2020-3862 [ 36 ] CVE-2020-3864 https://nvd.nist.gov/vuln/detail/CVE-2020-3864 [ 37 ] CVE-2020-3865 https://nvd.nist.gov/vuln/detail/CVE-2020-3865 [ 38 ] CVE-2020-3867 https://nvd.nist.gov/vuln/detail/CVE-2020-3867 [ 39 ] CVE-2020-3868 https://nvd.nist.gov/vuln/detail/CVE-2020-3868 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-22 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-29-1 iOS 13.2 and iPadOS 13.2 iOS 13.2 and iPadOS 13.2 are now available and address the following: Accounts Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at Technische Universität Darmstadt App Store Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local attacker may be able to login to the account of a previously logged in user without valid credentials. CVE-2019-8803: Kiyeon An, 차민규 (CHA Minkyu) Associated Domains Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Improper URL processing may lead to data exfiltration Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation. CVE-2019-8788: Juha Lindstedt of Pakastin, Mirko Tanania, Rauli Rikama of Zero Keyboard Ltd Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8785: Ian Beer of Google Project Zero CVE-2019-8797: 08Tc3wBB working with SSD Secure Disclosure AVEVideoEncoder Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8795: 08Tc3wBB working with SSD Secure Disclosure Books Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2019-8789: Gertjan Franken of imec-DistriNet, KU Leuven Contacts Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously contact may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com) File System Events Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8798: ABC Research s.r.o. working with Trend Micro's Zero Day Initiative Graphics Driver Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8784: Vasiliy Vasilyev and Ilya Finogeev of Webinar, LLC Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8794: 08Tc3wBB working with SSD Secure Disclosure Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8786: an anonymous researcher Screen Time Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local user may be able to record the screen without a visible screen recording indicator Description: A consistency issue existed in deciding when to show the screen recording indicator. The issue was resolved with improved state management. CVE-2019-8793: Ryan Jenkins of Lake Forrest Prep School Setup Assistant Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup Description: An inconsistency in Wi-Fi network configuration settings was addressed. CVE-2019-8804: Christy Philip Mathew of Zimperium, Inc WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2019-8813: an anonymous researcher WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8782: Cheolung Lee of LINE+ Security Team CVE-2019-8783: Cheolung Lee of LINE+ Graylab Security Team CVE-2019-8808: found by OSS-Fuzz CVE-2019-8811: Soyeon Park of SSLab at Georgia Tech CVE-2019-8812: an anonymous researcher CVE-2019-8814: Cheolung Lee of LINE+ Security Team CVE-2019-8816: Soyeon Park of SSLab at Georgia Tech CVE-2019-8819: Cheolung Lee of LINE+ Security Team CVE-2019-8820: Samuel Groß of Google Project Zero CVE-2019-8821: Sergei Glazunov of Google Project Zero CVE-2019-8822: Sergei Glazunov of Google Project Zero CVE-2019-8823: Sergei Glazunov of Google Project Zero WebKit Process Model Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8815: Apple Additional recognition CFNetwork We would like to acknowledge Lily Chen of Google for their assistance. Kernel We would like to acknowledge Jann Horn of Google Project Zero for their assistance. WebKit We would like to acknowledge Dlive of Tencent's Xuanwu Lab and Zhiyi Zhang of Codesafe Team of Legendsec at Qi'anxin Group for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 13.2 and iPadOS 13.2". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24p5UpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M3v+g/+ Mffrv0Z/ZyoODELKoxbPFVk0AsQoZoOk5k2h84WaUyA9hJ007Ptv2ENTAU6xIOf4 F1ksBThWEeDJ/ucvJBbE5+V+F+8AkOhRLvvBvoH+u8x2vhUQK3Li5ojCgBptEHWU BnCFBHpbYXKxlyudqGfK3lLv3LChkNQpteYIB3asnY9H2uxHeofus8pOtGWuiG50 n8jdM8TriFlPamPOtHCvRT09j5OYOsZpS6eVFey6nWaWhaYQfbo0gk4cBaTjzmUW 4NvWYbxK9w/OmQN/QXdJ+H3cLqPhWBh5pmXrWlZTCYXlkD9XggsQL1/P7chkS/gp LdmG1VktxfWQQtfvwtzB2en3Xwd4xnkOcEcCdEIanQushCTagGNjNJN6a6PQy5lh FUHT8bDHBHV1bsirxGhV8lPk9byghCwcoC69ptCfPohDAVr20nVrPoxklWDlVYiC C3tbp2obFI2IV6LKPD4DUyPUo/VOv33j9+en8stZghLF7IuTJYm7V7PMuauxmXX4 wxrhDmrrA/H3GHeP/qHTlb0TcUurP3PoLU1GRn1djDccL607Gd49ezrvTIQxpU8N ZzgAdXeNgy3vjR88w6ZqUmpNWN8WItfwWQ7cRV+CiFGywcA+J23mzUWUNyYVLHUv /NnyM25nIe8IOrwFa2S/PaaMFr2fCvZeUkuG2/IYFh0= =QoQv -----END PGP SIGNATURE-----

Trust: 1.71

sources: NVD: CVE-2019-8815 // VULHUB: VHN-160250 // VULMON: CVE-2019-8815 // PACKETSTORM: 168011 // PACKETSTORM: 161016 // PACKETSTORM: 155069 // PACKETSTORM: 155059 // PACKETSTORM: 161536 // PACKETSTORM: 156742 // PACKETSTORM: 155058

AFFECTED PRODUCTS

vendor:applemodel:itunesscope:ltversion:12.10.2

Trust: 1.0

vendor:applemodel:icloudscope:lteversion:10.4

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.2

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.2

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.2

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:applemodel:safariscope:ltversion:13.0.3

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:applemodel:icloudscope:gteversion:10.0

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.15

Trust: 1.0

sources: NVD: CVE-2019-8815

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8815
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201910-1755
value: HIGH

Trust: 0.6

VULHUB: VHN-160250
value: HIGH

Trust: 0.1

VULMON: CVE-2019-8815
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-8815
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-160250
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8815
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-160250 // VULMON: CVE-2019-8815 // CNNVD: CNNVD-201910-1755 // NVD: CVE-2019-8815

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 0.1

sources: VULHUB: VHN-160250 // NVD: CVE-2019-8815

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 168011 // CNNVD: CNNVD-201910-1755

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1755

PATCH

title:Multiple Apple product WebKit Process Model Fix for component buffer error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105601

Trust: 0.6

title:Apple: Safari 13.0.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=1c7739ed700aa910958d8377a5ccd9e3

Trust: 0.1

title:Apple: iTunes 12.10.2 for Windowsurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=28a771d0ba8399f6a24197f633de9755

Trust: 0.1

title:Apple: iCloud for Windows 11.0url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=045ddd3284f4a43a28c13277a454681b

Trust: 0.1

title:Apple: iOS 13.2 and iPadOS 13.2url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=aba6b5817da532af0c2dabc251727995

Trust: 0.1

title:Apple: tvOS 13.2url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=625246a74a0088cbc978efe27fcdff0b

Trust: 0.1

title:Red Hat: Moderate: GNOME security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204451 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Quay v3.3.3 bug fix and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210050 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210190 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: webkitgtk4 security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204035 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210436 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205605 - Security Advisory

Trust: 0.1

title:CVE-2019-8815url:https://github.com/JamesGeee/CVE-2019-8815

Trust: 0.1

sources: VULMON: CVE-2019-8815 // CNNVD: CNNVD-201910-1755

EXTERNAL IDS

db:NVDid:CVE-2019-8815

Trust: 2.5

db:PACKETSTORMid:159816

Trust: 0.7

db:PACKETSTORMid:155069

Trust: 0.7

db:PACKETSTORMid:156742

Trust: 0.7

db:AUSCERTid:ESB-2020.1549

Trust: 0.6

db:AUSCERTid:ESB-2022.1025

Trust: 0.6

db:AUSCERTid:ESB-2019.4233

Trust: 0.6

db:AUSCERTid:ESB-2020.3893

Trust: 0.6

db:AUSCERTid:ESB-2021.0691

Trust: 0.6

db:AUSCERTid:ESB-2019.4012

Trust: 0.6

db:AUSCERTid:ESB-2021.0099

Trust: 0.6

db:AUSCERTid:ESB-2020.3399

Trust: 0.6

db:AUSCERTid:ESB-2019.4456

Trust: 0.6

db:AUSCERTid:ESB-2020.4513

Trust: 0.6

db:AUSCERTid:ESB-2021.0864

Trust: 0.6

db:AUSCERTid:ESB-2021.0584

Trust: 0.6

db:AUSCERTid:ESB-2022.0382

Trust: 0.6

db:AUSCERTid:ESB-2021.0234

Trust: 0.6

db:PACKETSTORMid:155216

Trust: 0.6

db:CNNVDid:CNNVD-201910-1755

Trust: 0.6

db:VULHUBid:VHN-160250

Trust: 0.1

db:VULMONid:CVE-2019-8815

Trust: 0.1

db:PACKETSTORMid:168011

Trust: 0.1

db:PACKETSTORMid:161016

Trust: 0.1

db:PACKETSTORMid:155059

Trust: 0.1

db:PACKETSTORMid:161536

Trust: 0.1

db:PACKETSTORMid:155058

Trust: 0.1

sources: VULHUB: VHN-160250 // VULMON: CVE-2019-8815 // PACKETSTORM: 168011 // PACKETSTORM: 161016 // PACKETSTORM: 155069 // PACKETSTORM: 155059 // PACKETSTORM: 161536 // PACKETSTORM: 156742 // PACKETSTORM: 155058 // CNNVD: CNNVD-201910-1755 // NVD: CVE-2019-8815

REFERENCES

url:https://security.gentoo.org/glsa/202003-22

Trust: 1.9

url:https://support.apple.com/ht210721

Trust: 1.8

url:https://support.apple.com/ht210723

Trust: 1.8

url:https://support.apple.com/ht210725

Trust: 1.8

url:https://support.apple.com/ht210726

Trust: 1.8

url:https://support.apple.com/ht210727

Trust: 1.8

url:https://support.apple.com/ht210728

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8815

Trust: 1.0

url:https://support.apple.com/en-au/ht201222

Trust: 0.6

url:https://wpewebkit.org/security/wsa-2019-0006.html

Trust: 0.6

url:https://webkitgtk.org/security/wsa-2019-0006.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193044-1.html

Trust: 0.6

url:https://support.apple.com/en-us/ht210725

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1025

Trust: 0.6

url:https://support.apple.com/en-us/ht210728

Trust: 0.6

url:https://packetstormsecurity.com/files/155069/apple-security-advisory-2019-10-29-3.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1549/

Trust: 0.6

url:https://packetstormsecurity.com/files/159816/red-hat-security-advisory-2020-4451-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0382

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0864

Trust: 0.6

url:https://packetstormsecurity.com/files/155216/webkitgtk-wpe-webkit-code-execution-xss.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4456/

Trust: 0.6

url:https://packetstormsecurity.com/files/156742/gentoo-linux-security-advisory-202003-22.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0691

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4012/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4233/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4513/

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-30746

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0099/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0234/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0584

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3399/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3893/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-8743

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8625

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8710

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8720

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8821

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8819

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8783

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8811

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8822

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8813

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8812

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8820

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8814

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8808

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8823

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8782

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8816

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-3867

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9805

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3894

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9807

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3899

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8743

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8823

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3900

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9894

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8782

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8771

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8846

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9915

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8783

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8813

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9806

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3885

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9802

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8764

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8769

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8710

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-10018

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9895

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8811

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8819

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3862

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-13050

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3868

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3895

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3865

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-14391

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3864

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9862

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8835

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-14889

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8816

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3897

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8808

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-13627

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-20454

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8625

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8766

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-11793

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9803

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9850

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8820

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9893

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-14889

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-1730

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8844

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-20807

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3902

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8814

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8812

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8815

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9843

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-20454

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3901

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8720

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-13050

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-13627

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-20807

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9925

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-15503

Trust: 0.3

url:https://support.apple.com/kb/ht201222

Trust: 0.3

url:https://www.apple.com/support/security/pgp/

Trust: 0.3

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20907

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17450

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20218

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20388

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-15165

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14382

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1971

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19221

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20907

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1751

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19906

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-7595

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-5018

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-16168

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24659

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19956

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9327

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17450

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-16935

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20916

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5018

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19956

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14422

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19906

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20387

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20387

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20916

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1752

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19221

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-15165

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-16935

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8492

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-6405

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20388

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-16168

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13632

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20218

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10029

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13630

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13631

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8786

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8787

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8794

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8798

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8797

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8803

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8795

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8785

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://github.com/jamesgeee/cve-2019-8815

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://support.apple.com/kb/ht210725

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30761

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-14502

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-10228

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000858

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27618

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-10228

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9952

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24407

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36222

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3326

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20305

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000858

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-14502

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15358

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-9169

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3541

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8927

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3520

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3521

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25013

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3537

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30666

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3517

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30631

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3516

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5924

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13434

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25013

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0778

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0190

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11068

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18197

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18197

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1551

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1551

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/updating/updating-cluster

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27813

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11068

Trust: 0.1

url:https://access.redhat.com/errata/rhea-2020:5633

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8624

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/updating/updating-cluster

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13225

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25211

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5635

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15157

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25658

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15999

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17546

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3884

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3884

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8622

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13225

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3121

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17546

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8619

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3898

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8765

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8735

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-3867

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8835

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-3862

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8771

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-3868

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8769

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8733

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8766

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8764

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8707

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-3864

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-3865

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8844

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8674

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8763

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8846

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8768

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8726

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8784

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8788

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8789

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-7152

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8804

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8793

Trust: 0.1

sources: VULHUB: VHN-160250 // VULMON: CVE-2019-8815 // PACKETSTORM: 168011 // PACKETSTORM: 161016 // PACKETSTORM: 155069 // PACKETSTORM: 155059 // PACKETSTORM: 161536 // PACKETSTORM: 156742 // PACKETSTORM: 155058 // CNNVD: CNNVD-201910-1755 // NVD: CVE-2019-8815

CREDITS

Apple,Red Hat,WebKitGTK+ Team,Gentoo

Trust: 0.6

sources: CNNVD: CNNVD-201910-1755

SOURCES

db:VULHUBid:VHN-160250
db:VULMONid:CVE-2019-8815
db:PACKETSTORMid:168011
db:PACKETSTORMid:161016
db:PACKETSTORMid:155069
db:PACKETSTORMid:155059
db:PACKETSTORMid:161536
db:PACKETSTORMid:156742
db:PACKETSTORMid:155058
db:CNNVDid:CNNVD-201910-1755
db:NVDid:CVE-2019-8815

LAST UPDATE DATE

2026-06-30T19:50:05.044000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-160250date:2020-03-15T00:00:00
db:VULMONid:CVE-2019-8815date:2021-05-18T00:00:00
db:CNNVDid:CNNVD-201910-1755date:2022-03-11T00:00:00
db:NVDid:CVE-2019-8815date:2024-11-21T04:50:31.717

SOURCES RELEASE DATE

db:VULHUBid:VHN-160250date:2019-12-18T00:00:00
db:VULMONid:CVE-2019-8815date:2019-12-18T00:00:00
db:PACKETSTORMid:168011date:2022-08-09T14:36:05
db:PACKETSTORMid:161016date:2021-01-19T14:45:45
db:PACKETSTORMid:155069date:2019-11-01T17:11:43
db:PACKETSTORMid:155059date:2019-11-01T17:06:21
db:PACKETSTORMid:161536date:2021-02-25T15:26:54
db:PACKETSTORMid:156742date:2020-03-15T14:00:23
db:PACKETSTORMid:155058date:2019-11-01T17:05:53
db:CNNVDid:CNNVD-201910-1755date:2019-10-30T00:00:00
db:NVDid:CVE-2019-8815date:2019-12-18T18:15:44.100