Details of VAR-202005-0223

ID

VAR-202005-0223

CVE

CVE-2020-13631

TITLE

SQLite In Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005730

DESCRIPTION

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. SQLite There is an unspecified vulnerability in.Information may be tampered with. SQLite is an open source embedded relational database management system based on C language developed by American D.Richard Hipp software developer. The system has the characteristics of independence, isolation and cross-platform. An attacker could exploit this vulnerability to rename the virtual form to the name of one of the shadow forms. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update Advisory ID: RHSA-2020:5605-01 Product: Red Hat OpenShift Container Storage Advisory URL: https://access.redhat.com/errata/RHSA-2020:5605 Issue date: 2020-12-17 CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2018-20843 CVE-2019-1551 CVE-2019-5018 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-11068 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 CVE-2019-16168 CVE-2019-16935 CVE-2019-18197 CVE-2019-18609 CVE-2019-19221 CVE-2019-19906 CVE-2019-19956 CVE-2019-20218 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20807 CVE-2019-20907 CVE-2019-20916 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-7720 CVE-2020-8177 CVE-2020-8237 CVE-2020-8492 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-11793 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15503 CVE-2020-15586 CVE-2020-16845 CVE-2020-25660 ===================================================================== 1. Summary: Updated images are now available for Red Hat OpenShift Container Storage 4.6.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description: Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API. These updated images include numerous security fixes, bug fixes, and enhancements. Security Fix(es): * nodejs-node-forge: prototype pollution via the util.setPath function (CVE-2020-7720) * nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS (CVE-2020-8237) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586) * golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes: https://access.redhat.com/documentation/en-us/red_hat_openshift_container_s torage/4.6/html/4.6_release_notes/index All Red Hat OpenShift Container Storage users are advised to upgrade to these updated images. Bugs fixed (https://bugzilla.redhat.com/): 1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume 1813506 - Dockerfile not compatible with docker and buildah 1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup 1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement 1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance 1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https) 1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node. 1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default 1842254 - [NooBaa] Compression stats do not add up when compression id disabled 1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster 1849771 - [RFE] Account created by OBC should have same permissions as bucket owner 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot 1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume 1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount 1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params) 1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips "b" and "c" (spawned from Bug 1840084#c14) 1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage 1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards 1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found 1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining 1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script 1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH while running couple of OCS test cases. 1865938 - CSIDrivers missing in OCS 4.6 1867024 - [ocs-operator] operator v4.6.0-519.ci is in Installing state 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868060 - [External Cluster] Noobaa-default-backingstore PV in released state upon OCS 4.5 uninstall (Secret not found) 1868703 - [rbd] After volume expansion, the new size is not reflected on the pod 1869411 - capture full crash information from ceph 1870061 - [RHEL][IBM] OCS un-install should make the devices raw 1870338 - OCS 4.6 must-gather : ocs-must-gather-xxx-helper pod in ContainerCreationError (couldn't find key admin-secret) 1870631 - OCS 4.6 Deployment : RGW pods went into 'CrashLoopBackOff' state on Z Platform 1872119 - Updates don't work on StorageClass which will keep PV expansion disabled for upgraded cluster 1872696 - [ROKS][RFE]NooBaa Configure IBM COS as default backing store 1873864 - Noobaa: On an baremetal RHCOS cluster, some backingstores are stuck in PROGRESSING state with INVALID_ENDPOINT TemporaryError 1874606 - CVE-2020-7720 nodejs-node-forge: prototype pollution via the util.setPath function 1875476 - Change noobaa logo in the noobaa UI 1877339 - Incorrect use of logr 1877371 - NooBaa UI warning message on Deploy Kubernetes Pool process - typo and shown number is incorrect 1878153 - OCS 4.6 must-gather: collect node information under cluster_scoped_resources/oc_output directory 1878714 - [FIPS enabled] BadDigest error on file upload to noobaa bucket 1878853 - [External Mode] ceph-external-cluster-details-exporter.py does not tolerate TLS enabled RGW 1879008 - ocs-osd-removal job fails because it can't find admin-secret in rook-ceph-mon secret 1879072 - Deployment with encryption at rest is failing to bring up OSD pods 1879919 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed 1880255 - Collect rbd info and subvolume info and snapshot info command output 1881028 - CVE-2020-8237 nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS 1881071 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed 1882397 - MCG decompression problem with snappy on s390x arch 1883253 - CSV doesn't contain values required for UI to enable minimal deployment and cluster encryption 1883398 - Update csi sidecar containers in rook 1883767 - Using placement strategies in cluster-service.yaml causes ocs-operator to crash 1883810 - [External mode] RGW metrics is not available after OCS upgrade from 4.5 to 4.6 1883927 - Deployment with encryption at rest is failing to bring up OSD pods 1885175 - Handle disappeared underlying device for encrypted OSD 1885428 - panic seen in rook-ceph during uninstall - "close of closed channel" 1885648 - [Tracker for https://bugzilla.redhat.com/show_bug.cgi?id=1885700] FSTYPE for localvolumeset devices shows up as ext2 after uninstall 1885971 - ocs-storagecluster-cephobjectstore doesn't report true state of RGW 1886308 - Default VolumeSnapshot Classes not created in External Mode 1886348 - osd removal job failed with status "Error" 1886551 - Clone creation failed after timeout of 5 hours of Azure platrom for 3 CephFS PVCs ( PVC sizes: 1, 25 and 100 GB) 1886709 - [External] RGW storageclass disappears after upgrade from OCS 4.5 to 4.6 1886859 - OCS 4.6: Uninstall stuck indefinitely if any Ceph pods are in Pending state before uninstall 1886873 - [OCS 4.6 External/Internal Uninstall] - Storage Cluster deletion stuck indefinitely, "failed to delete object store", remaining users: [noobaa-ceph-objectstore-user] 1888583 - [External] When deployment is attempted without specifying the monitoring-endpoint while generating JSON, the CSV is stuck in installing state 1888593 - [External] Add validation for monitoring-endpoint and port in the exporter script 1888614 - [External] Unreachable monitoring-endpoint used during deployment causes ocs-operator to crash 1889441 - Traceback error message while running OCS 4.6 must-gather 1889683 - [GSS] Noobaa Problem when setting public access to a bucket 1889866 - Post node power off/on, an unused MON PVC still stays back in the cluster 1890183 - [External] ocs-operator logs are filled with "failed to reconcile metrics exporter" 1890638 - must-gather helper pod should be deleted after collecting ceph crash info 1890971 - [External] RGW metrics are not available if anything else except 9283 is provided as the monitoring-endpoint-port 1891856 - ocs-metrics-exporter pod should have tolerations for OCS taint 1892206 - [GSS] Ceph image/version mismatch 1892234 - clone #95 creation failed for CephFS PVC ( 10 GB PVC size) during multiple clones creation test 1893624 - Must Gather is not collecting the tar file from NooBaa diagnose 1893691 - OCS4.6 must_gather failes to complete in 600sec 1893714 - Bad response for upload an object with encryption 1895402 - Mon pods didn't get upgraded in 720 second timeout from OCS 4.5 upgrade to 4.6 1896298 - [RFE] Monitoring for Namespace buckets and resources 1896831 - Clone#452 for RBD PVC ( PVC size 1 GB) failed to be created for 600 secs 1898521 - [CephFS] Deleting cephfsplugin pod along with app pods will make PV remain in Released state after deleting the PVC 1902627 - must-gather should wait for debug pods to be in ready state 1904171 - RGW Service is unavailable for a short period during upgrade to OCS 4.6 5. References: https://access.redhat.com/security/cve/CVE-2018-10103 https://access.redhat.com/security/cve/CVE-2018-10105 https://access.redhat.com/security/cve/CVE-2018-14461 https://access.redhat.com/security/cve/CVE-2018-14462 https://access.redhat.com/security/cve/CVE-2018-14463 https://access.redhat.com/security/cve/CVE-2018-14464 https://access.redhat.com/security/cve/CVE-2018-14465 https://access.redhat.com/security/cve/CVE-2018-14466 https://access.redhat.com/security/cve/CVE-2018-14467 https://access.redhat.com/security/cve/CVE-2018-14468 https://access.redhat.com/security/cve/CVE-2018-14469 https://access.redhat.com/security/cve/CVE-2018-14470 https://access.redhat.com/security/cve/CVE-2018-14879 https://access.redhat.com/security/cve/CVE-2018-14880 https://access.redhat.com/security/cve/CVE-2018-14881 https://access.redhat.com/security/cve/CVE-2018-14882 https://access.redhat.com/security/cve/CVE-2018-16227 https://access.redhat.com/security/cve/CVE-2018-16228 https://access.redhat.com/security/cve/CVE-2018-16229 https://access.redhat.com/security/cve/CVE-2018-16230 https://access.redhat.com/security/cve/CVE-2018-16300 https://access.redhat.com/security/cve/CVE-2018-16451 https://access.redhat.com/security/cve/CVE-2018-16452 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-1551 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-11068 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15166 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-18609 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-7720 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8237 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14019 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15586 https://access.redhat.com/security/cve/CVE-2020-16845 https://access.redhat.com/security/cve/CVE-2020-25660 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. CVE-2020-9976: Rias A. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre (onespan.com) and University College London, Jack Cable of Lightning Security, Ryan Pickren (ryanpickren.com), Yair Amit for their assistance. Entry added November 12, 2020 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 14.0 and iPadOS 14.0". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 macOS Big Sur 11.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211931. AMD Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-27914: Yu Wang of Didi Research America CVE-2020-27915: Yu Wang of Didi Research America Entry added December 14, 2020 App Store Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light- Year Lab Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab Bluetooth Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause unexpected application termination or heap corruption Description: Multiple integer overflows were addressed with improved input validation. CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab CoreAudio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light- Year Lab CVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year Lab CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab Entry added December 14, 2020 CoreAudio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab CoreCapture Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9949: Proteas CoreGraphics Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro Crash Reporter Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local attacker may be able to elevate their privileges Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan CoreText Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-27922: Mickey Jin of Trend Micro Entry added December 14, 2020 CoreText Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-9999: Apple Entry updated December 14, 2020 Disk Images Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9965: Proteas CVE-2020-9966: Proteas Finder Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Users may be unable to remove metadata indicating where files were downloaded from Description: The issue was addressed with additional user controls. CVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com) FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved size validation. CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added December 14, 2020 FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro Entry added December 14, 2020 FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro’s Zero Day Initiative Entry added December 14, 2020 FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. CVE-2020-27931: Apple Entry added December 14, 2020 FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory corruption issue was addressed with improved input validation. CVE-2020-27930: Google Project Zero FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab Foundation Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local user may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2020-10002: James Hutchins HomeKit Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An attacker in a privileged network position may be able to unexpectedly alter application state Description: This issue was addressed with improved setting propagation. CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology Entry added December 14, 2020 ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab Entry added December 14, 2020 ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27924: Lei Sun Entry added December 14, 2020 ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab CVE-2020-27923: Lei Sun Entry updated December 14, 2020 ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9876: Mickey Jin of Trend Micro Intel Graphics Driver Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc., and Luyi Xing of Indiana University Bloomington Entry added December 14, 2020 Intel Graphics Driver Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative Entry added December 14, 2020 Image Processing Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab Entry added December 14, 2020 Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2020-9967: Alex Plaskett (@alexjplaskett) Entry added December 14, 2020 Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9975: Tielei Wang of Pangu Lab Entry added December 14, 2020 Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2020-27921: Linus Henze (pinauten.de) Entry added December 14, 2020 Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management. CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong Security Lab Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel Description: A routing issue was addressed with improved restrictions. CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory initialization issue was addressed. CVE-2020-27950: Google Project Zero Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management. CVE-2020-9974: Tommy Muir (@Muirey03) Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-10016: Alex Helie Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A type confusion issue was addressed with improved state handling. CVE-2020-27932: Google Project Zero libxml2 Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27917: found by OSS-Fuzz CVE-2020-27920: found by OSS-Fuzz Entry updated December 14, 2020 libxml2 Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2020-27911: found by OSS-Fuzz libxpc Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. CVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Entry added December 14, 2020 libxpc Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to break out of its sandbox Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Logging Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local attacker may be able to elevate their privileges Description: A path handling issue was addressed with improved validation. CVE-2020-10010: Tommy Muir (@Muirey03) Mail Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to unexpectedly alter application state Description: This issue was addressed with improved checks. CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences Messages Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local user may be able to discover a user’s deleted messages Description: The issue was addressed with improved deletion. CVE-2020-9988: William Breuer of the Netherlands CVE-2020-9989: von Brunn Media Model I/O Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-10011: Aleksandar Nikolic of Cisco Talos Entry added December 14, 2020 Model I/O Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-13524: Aleksandar Nikolic of Cisco Talos Model I/O Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-10004: Aleksandar Nikolic of Cisco Talos NetworkExtension Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to elevate privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro NSRemoteView Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved restrictions. CVE-2020-27901: Thijs Alkemade of Computest Research Division Entry added December 14, 2020 NSRemoteView Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to preview files it does not have access to Description: An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic. CVE-2020-27900: Thijs Alkemade of Computest Research Division PCRE Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Multiple issues in pcre Description: Multiple issues were addressed by updating to version 8.44. CVE-2019-20838 CVE-2020-14155 Power Management Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management. CVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative python Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Cookies belonging to one origin may be sent to another origin Description: Multiple issues were addressed with improved logic. CVE-2020-27896: an anonymous researcher Quick Look Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious app may be able to determine the existence of files on the computer Description: The issue was addressed with improved handling of icon caches. CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security Quick Look Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted document may lead to a cross site scripting attack Description: An access issue was addressed with improved access restrictions. CVE-2020-10012: Heige of KnownSec 404 Team (https://www.knownsec.com/) and Bo Qu of Palo Alto Networks (https://www.paloaltonetworks.com/) Ruby Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to modify the file system Description: A path handling issue was addressed with improved validation. CVE-2020-27896: an anonymous researcher Ruby Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system Description: This issue was addressed with improved checks. CVE-2020-10663: Jeremy Evans Safari Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati Safari Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to determine a user's open tabs in Safari Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. CVE-2020-9977: Josh Parnham (@joshparnham) Safari Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2020-9942: an anonymous researcher, Rahul d Kankrale (servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho (@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab Sandbox Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local user may be able to view senstive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog) SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-9991 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to leak memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9849 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating SQLite to version 3.32.3. CVE-2020-15358 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A maliciously crafted SQL query may lead to data corruption Description: This issue was addressed with improved checks. CVE-2020-13631 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-13630 Symptom Framework Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local attacker may be able to elevate their privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-27899: 08Tc3wBB working with ZecOps Entry added December 14, 2020 System Preferences Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2020-10009: Thijs Alkemade of Computest Research Division TCC Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application with root privileges may be able to access private information Description: A logic issue was addressed with improved restrictions. CVE-2020-10008: Wojciech Reguła of SecuRing (wojciechregula.blog) Entry added December 14, 2020 WebKit Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27918: Liu Long of Ant Security Light-Year Lab Entry updated December 14, 2020 Wi-Fi Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An attacker may be able to bypass Managed Frame Protection Description: A denial of service issue was addressed with improved state handling. CVE-2020-27898: Stephan Marais of University of Johannesburg Xsan Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2020-10006: Wojciech Reguła (@_r3ggi) of SecuRing Additional recognition 802.1X We would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance. Entry added December 14, 2020 Audio We would like to acknowledge JunDong Xie and XingWei Lin of Ant- financial Light-Year Security Lab, an anonymous researcher for their assistance. Bluetooth We would like to acknowledge Andy Davis of NCC Group, Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance. Entry updated December 14, 2020 Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Core Location We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Crash Reporter We would like to acknowledge Artur Byszko of AFINE for their assistance. Entry added December 14, 2020 Directory Utility We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. iAP We would like to acknowledge Andy Davis of NCC Group for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero, Stephen Röttger of Google for their assistance. libxml2 We would like to acknowledge an anonymous researcher for their assistance. Entry added December 14, 2020 Login Window We would like to acknowledge Rob Morton of Leidos for their assistance. Photos Storage We would like to acknowledge Paulos Yibelo of LimeHats for their assistance. Quick Look We would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech Reguła of SecuRing (wojciechregula.blog) for their assistance. Safari We would like to acknowledge Gabriel Corona and Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their assistance. Security We would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance. System Preferences We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YDPwACgkQZcsbuWJ6 jjANmhAAoj+ZHNnH2pGDFl2/jrAtvWBtXg8mqw6NtNbGqWDZFhnY5q7Lp8WTx/Pi x64A4F8bU5xcybnmaDpK5PMwAAIiAg4g1BhpOq3pGyeHEasNx7D9damfqFGKiivS p8nl62XE74ayfxdZGa+2tOVFTFwqixfr0aALVoQUhAWNeYuvVSgJXlgdGjj+QSL+ 9vW86kbQypOqT5TPDg6tpJy3g5s4hotkfzCfxA9mIKOg5e/nnoRNhw0c1dzfeTRO INzGxnajKGGYy2C3MH6t0cKG0B6cH7aePZCHYJ1jmuAVd0SD3PfmoT76DeRGC4Ri c8fGD+5pvSF6/+5E+MbH3t3D6bLiCGRFJtYNMpr46gUKKt27EonSiheYCP9xR6lU ChpYdcgHMOHX4a07/Oo8vEwQrtJ4JryhI9tfBel1ewdSoxk2iCFKzLLYkDMihD6B 1x/9MlaqEpLYBnuKkrRzFINW23TzFPTI/+i2SbUscRQtK0qE7Up5C+IUkRvBGhEs MuEmEnn5spnVG2EBcKeLtJxtf/h5WaRFrev72EvSVR+Ko8Cj0MgK6IATu6saq8bV kURL5empvpexFAvVQWRDaLgGBHKM+uArBz2OP6t7wFvD2p1Vq5M+dMrEPna1JO/S AXZYC9Y9bBRZfYQAv7nxa+uIXy2rGTuQKQY8ldu4eEHtJ0OhaB8= =T5Y8 -----END PGP SIGNATURE----- . Bug Fix(es): * Configuring the system with non-RT kernel will hang the system (BZ#1923220) 3. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 5. JIRA issues fixed (https://issues.jboss.org/): CNF-802 - Infrastructure-provided enablement/disablement of interrupt processing for guaranteed pod CPUs CNF-854 - Performance tests in CNF Tests 6. Solution: See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless_applications/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897643 - CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time 1897646 - CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time 1906381 - Release of OpenShift Serverless Serving 1.12.0 1906382 - Release of OpenShift Serverless Eventing 1.12.0 5

Trust: 2.25

sources: NVD: CVE-2020-13631 // JVNDB: JVNDB-2020-005730 // VULHUB: VHN-166429 // PACKETSTORM: 160624 // PACKETSTORM: 160061 // PACKETSTORM: 160545 // PACKETSTORM: 161548 // PACKETSTORM: 160062 // PACKETSTORM: 160961

AFFECTED PRODUCTS

vendor:	oracle	model:	communications network charging and control	scope:	lte	version:	12.0.3	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	14.0	Trust: 1.0
vendor:	oracle	model:	zfs storage appliance kit	scope:	eq	version:	8.8	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	siemens	model:	sinec infrastructure network services	scope:	lt	version:	1.0.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	14.0	Trust: 1.0
vendor:	oracle	model:	outside in technology	scope:	eq	version:	8.5.5	Trust: 1.0
vendor:	brocade	model:	fabric operating system	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	11.5	Trust: 1.0
vendor:	netapp	model:	hci compute node	scope:	eq	version:	-	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	12.10.9	Trust: 1.0
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	20.04	Trust: 1.0
vendor:	sqlite	model:	sqlite	scope:	lt	version:	3.32.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.10	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	14.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	7.0	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.0.1	Trust: 1.0
vendor:	oracle	model:	outside in technology	scope:	eq	version:	8.5.4	Trust: 1.0
vendor:	netapp	model:	solidfire\, enterprise sds \& hci storage node	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications network charging and control	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	sqlite	model:	sqlite	scope:	eq	version:	3.32.0	Trust: 0.8

sources: JVNDB: JVNDB-2020-005730 // NVD: CVE-2020-13631

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-13631
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-005730
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202005-1351
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-166429
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-13631
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-005730
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-166429
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-13631
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-005730
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-166429 // CNNVD: CNNVD-202005-1351 // JVNDB: JVNDB-2020-005730 // NVD: CVE-2020-13631

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-13631

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-1351

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202005-1351

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005730

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-166429

PATCH

title:	FEDORA-2020-0477f8840e	url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/	Trust: 0.8
title:	Check-in [eca0ba2c]	url:	https://sqlite.org/src/info/eca0ba2cf4c0fdf7	Trust: 0.8
title:	SQLite Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=121034	Trust: 0.6

sources: CNNVD: CNNVD-202005-1351 // JVNDB: JVNDB-2020-005730

EXTERNAL IDS

db:	NVD	id:	CVE-2020-13631	Trust: 3.1
db:	SIEMENS	id:	SSA-389290	Trust: 1.7
db:	PACKETSTORM	id:	161548	Trust: 0.8
db:	PACKETSTORM	id:	160061	Trust: 0.8
db:	PACKETSTORM	id:	160545	Trust: 0.8
db:	PACKETSTORM	id:	160961	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-005730	Trust: 0.8
db:	PACKETSTORM	id:	162659	Trust: 0.7
db:	PACKETSTORM	id:	159817	Trust: 0.7
db:	PACKETSTORM	id:	160125	Trust: 0.7
db:	PACKETSTORM	id:	158592	Trust: 0.7
db:	CNNVD	id:	CNNVD-202005-1351	Trust: 0.7
db:	PACKETSTORM	id:	158024	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0584	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3181.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2412	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.3732	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0691	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2019	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4513	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4100	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1727	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4060.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2515	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0234	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0171	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1679	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3221	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0099	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0864	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3884	Trust: 0.6
db:	CS-HELP	id:	SB2022071831	Trust: 0.6
db:	CS-HELP	id:	SB2022031104	Trust: 0.6
db:	CS-HELP	id:	SB2021052221	Trust: 0.6
db:	CS-HELP	id:	SB2021072292	Trust: 0.6
db:	CS-HELP	id:	SB2022060618	Trust: 0.6
db:	NSFOCUS	id:	46787	Trust: 0.6
db:	LENOVO	id:	LEN-60182	Trust: 0.6
db:	PACKETSTORM	id:	160062	Trust: 0.2
db:	PACKETSTORM	id:	162694	Trust: 0.1
db:	PACKETSTORM	id:	160064	Trust: 0.1
db:	CNVD	id:	CNVD-2020-50093	Trust: 0.1
db:	VULHUB	id:	VHN-166429	Trust: 0.1
db:	PACKETSTORM	id:	160624	Trust: 0.1

sources: VULHUB: VHN-166429 // PACKETSTORM: 160624 // PACKETSTORM: 160061 // PACKETSTORM: 160545 // PACKETSTORM: 161548 // PACKETSTORM: 160062 // PACKETSTORM: 160961 // CNNVD: CNNVD-202005-1351 // JVNDB: JVNDB-2020-005730 // NVD: CVE-2020-13631

REFERENCES

url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13631	Trust: 1.9
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	Trust: 1.7
url:	https://support.apple.com/kb/ht211843	Trust: 1.7
url:	https://support.apple.com/kb/ht211844	Trust: 1.7
url:	https://support.apple.com/kb/ht211850	Trust: 1.7
url:	https://support.apple.com/kb/ht211931	Trust: 1.7
url:	https://support.apple.com/kb/ht211935	Trust: 1.7
url:	https://support.apple.com/kb/ht211952	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20200608-0002/	Trust: 1.7
url:	https://security.freebsd.org/advisories/freebsd-sa-20:22.sqlite.asc	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2020/nov/20	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2020/nov/19	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2020/nov/22	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2020/dec/32	Trust: 1.7
url:	https://security.gentoo.org/glsa/202007-26	Trust: 1.7
url:	https://bugs.chromium.org/p/chromium/issues/detail?id=1080459	Trust: 1.7
url:	https://sqlite.org/src/info/eca0ba2cf4c0fdf7	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 1.7
url:	https://usn.ubuntu.com/4394-1/	Trust: 1.7
url:	https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3cissues.guacamole.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/l7kxqwhiy2mqp4lnm6odwjenmxyyqybn/	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13631	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l7kxqwhiy2mqp4lnm6odwjenmxyyqybn/	Trust: 0.7
url:	https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3cissues.guacamole.apache.org%3e	Trust: 0.7
url:	http://www.nsfocus.net/vulndb/46787	Trust: 0.6
url:	https://packetstormsecurity.com/files/160125/red-hat-security-advisory-2020-5149-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/160961/red-hat-security-advisory-2021-0146-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities-3/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-60182	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2515	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1727	Trust: 0.6
url:	https://support.apple.com/en-us/ht211844	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4513/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0234/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2019/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0584	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3884/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4060.2/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022071831	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0171/	Trust: 0.6
url:	https://support.apple.com/en-us/ht211935	Trust: 0.6
url:	https://packetstormsecurity.com/files/162659/red-hat-security-advisory-2021-1968-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072292	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0864	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1679	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.3732	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060618	Trust: 0.6
url:	https://packetstormsecurity.com/files/158024/ubuntu-security-notice-usn-4394-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4100/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052221	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0691	Trust: 0.6
url:	https://packetstormsecurity.com/files/160545/apple-security-advisory-2020-12-14-4.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3221	Trust: 0.6
url:	https://packetstormsecurity.com/files/158592/gentoo-linux-security-advisory-202007-26.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2412	Trust: 0.6
url:	https://packetstormsecurity.com/files/159817/red-hat-security-advisory-2020-4442-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/160061/apple-security-advisory-2020-11-13-3.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0099/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/sqlite-three-vulnerabilities-32354	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-wml-ce-sqlite-through-3-32-0-has-various-security-issues/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3181.2/	Trust: 0.6
url:	https://packetstormsecurity.com/files/161548/red-hat-security-advisory-2020-5364-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031104	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13630	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-13050	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-20218	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-20388	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-19221	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-1751	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-7595	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-16168	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-9327	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-5018	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-19956	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-1730	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-19906	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-20387	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-1752	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-15903	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-20454	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-20843	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-13627	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-6405	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13050	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-14889	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20843	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-13632	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-10029	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-13630	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-13631	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13434	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13435	Trust: 0.3
url:	https://www.apple.com/support/security/pgp/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15358	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-20907	Trust: 0.2
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-15165	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-14382	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-16935	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-20916	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-14422	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-8492	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9961	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9951	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9947	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9944	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9954	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9943	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14899	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9965	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9876	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10013	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9949	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9849	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9950	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9952	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19906	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20387	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13627	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20388	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5018	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16168	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20218	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10029	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-24659	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19956	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-1971	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20454	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19221	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14889	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-16300	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14466	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-10105	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9925	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-15166	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9802	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-16230	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-18609	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9895	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8625	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8812	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3899	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-16845	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14467	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8819	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10103	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14469	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11068	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3867	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-16229	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8720	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9893	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8808	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3902	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14465	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14882	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-16227	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-18197	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3900	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14461	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14881	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9805	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14464	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8820	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9807	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8769	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8710	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8813	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9850	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14463	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8811	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16228	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14879	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_openshift_container_s	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9803	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8177	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9862	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14469	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10105	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14880	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-1551	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3885	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15503	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14461	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10018	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:5605	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25660	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14468	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8835	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8764	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14466	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8844	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3865	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14882	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15586	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3864	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16227	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14464	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16452	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16230	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14391	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14468	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14467	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14462	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3862	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14880	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14881	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3901	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16300	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8823	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14462	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16229	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3895	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11793	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9894	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8816	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8771	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-16451	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3897	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-10103	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-16228	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9806	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14463	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8814	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8743	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9915	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8815	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16451	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8783	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20807	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14040	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14879	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14019	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14470	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14470	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1885700]	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14465	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11068	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8766	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-16452	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8846	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3868	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3894	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7720	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8782	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8237	Trust: 0.1
url:	https://www.apple.com/itunes/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9964	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6147	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9963	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9773	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9941	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9958	Trust: 0.1
url:	https://support.apple.com/ht211850.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9946	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13520	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9959	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10014	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13524	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14155	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10016	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10011	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10015	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10017	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27894	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27896	Trust: 0.1
url:	https://support.apple.com/ht211931.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10003	Trust: 0.1
url:	https://www.knownsec.com/)	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10009	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10004	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10008	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20838	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10002	Trust: 0.1
url:	https://www.paloaltonetworks.com/)	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10010	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10012	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10663	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10006	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10007	Trust: 0.1
url:	https://issues.jboss.org/):	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25211	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10726	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17450	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10725	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10723	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10725	Trust: 0.1
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20916	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10722	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10722	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17450	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10726	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27813	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15165	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16935	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:5364	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20907	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:5633	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9983	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9981	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9991	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9976	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9968	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9966	Trust: 0.1
url:	https://support.apple.com/ht211843.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9969	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9979	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1752	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0146	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1730	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28362	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24553	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13632	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24553	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24659	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1751	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28366	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28362	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28366	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28367	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28367	Trust: 0.1

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 160624 // PACKETSTORM: 161548 // PACKETSTORM: 160961 // CNNVD: CNNVD-202005-1351

SOURCES

db:	VULHUB	id:	VHN-166429
db:	PACKETSTORM	id:	160624
db:	PACKETSTORM	id:	160061
db:	PACKETSTORM	id:	160545
db:	PACKETSTORM	id:	161548
db:	PACKETSTORM	id:	160062
db:	PACKETSTORM	id:	160961
db:	CNNVD	id:	CNNVD-202005-1351
db:	JVNDB	id:	JVNDB-2020-005730
db:	NVD	id:	CVE-2020-13631

LAST UPDATE DATE

2025-10-20T01:33:59.069000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-166429	date:	2022-05-13T00:00:00
db:	CNNVD	id:	CNNVD-202005-1351	date:	2023-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-005730	date:	2020-06-22T00:00:00
db:	NVD	id:	CVE-2020-13631	date:	2024-11-21T05:01:38.243

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-166429	date:	2020-05-27T00:00:00
db:	PACKETSTORM	id:	160624	date:	2020-12-18T19:14:41
db:	PACKETSTORM	id:	160061	date:	2020-11-13T20:32:22
db:	PACKETSTORM	id:	160545	date:	2020-12-16T18:05:29
db:	PACKETSTORM	id:	161548	date:	2021-02-25T15:30:03
db:	PACKETSTORM	id:	160062	date:	2020-11-13T22:22:22
db:	PACKETSTORM	id:	160961	date:	2021-01-15T15:06:55
db:	CNNVD	id:	CNNVD-202005-1351	date:	2020-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-005730	date:	2020-06-22T00:00:00
db:	NVD	id:	CVE-2020-13631	date:	2020-05-27T15:15:12.947