Details of VAR-202006-1613

ID

VAR-202006-1613

CVE

CVE-2020-9817

TITLE

macOS Catalina Permission vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006291

DESCRIPTION

A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. PackageKit is one of the open source application software suites, which is mainly used for the installation and upgrade of Linux software. A security vulnerability exists in the PackageKit component of Apple macOS Catalina versions prior to 10.15.5. Part of this update addressed a local privilege escalation vulnerability (CVE-2020-9817). Cisco has determined that Cisco AnyConnect Secure Mobility Client releases 4.10.00093 and previous versions could be used to exploit this vulnerability. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra are now available and address the following: Accounts Available for: macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt AirDrop Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2020-9826: Dor Hadad of Palo Alto Networks AppleMobileFileIntegrity Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4 Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-9842: Linus Henze (pinauten.de) AppleUSBNetworking Available for: macOS Catalina 10.15.4 Impact: Inserting a USB device that sends invalid messages may cause a kernel panic Description: A logic issue was addressed with improved restrictions. CVE-2020-9804: Andy Davis of NCC Group Audio Available for: macOS Catalina 10.15.4 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative Audio Available for: macOS Catalina 10.15.4 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative Bluetooth Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9831: Yu Wang of Didi Research America Calendar Available for: macOS Catalina 10.15.4 Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information Description: This issue was addressed with improved checks. CVE-2020-3882: Andy Grant of NCC Group CVMS Available for: macOS Catalina 10.15.4 Impact: An application may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2020-9856: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative DiskArbitration Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to break out of its sandbox Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team Find My Available for: macOS Catalina 10.15.4 Impact: A local attacker may be able to elevate their privileges Description: A validation issue existed in the handling of symlinks. CVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team FontParser Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative ImageIO Available for: macOS Catalina 10.15.4 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3878: Samuel Groß of Google Project Zero ImageIO Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9789: Wenchao Li of VARAS@IIE CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab Intel Graphics Driver Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9822: ABC Research s.r.o IPSec Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9837: Thijs Alkemade of Computest Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to determine another application's memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2020-9797: an anonymous researcher Kernel Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local user may be able to read kernel memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9811: Tielei Wang of Pangu Lab CVE-2020-9812: Derrek (@derrekr6) Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue existed resulting in memory corruption. CVE-2020-9813: Xinru Chi of Pangu Lab CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed with improved state management. CVE-2020-9809: Benjamin Randazzo (@____benjamin) ksh Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local user may be able to execute arbitrary shell commands Description: An issue existed in the handling of environment variables. CVE-2019-14868 NSURL Available for: macOS Mojave 10.14.6 Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: An issue existed in the parsing of URLs. CVE-2020-9817: Andy Grant of NCC Group PackageKit Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to modify protected parts of the file system Description: An access issue was addressed with improved access restrictions. CVE-2020-9851: Linus Henze (pinauten.de) Python Available for: macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2020-9793 Sandbox Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to bypass Privacy preferences Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0) Security Available for: macOS Catalina 10.15.4 Impact: A file may be incorrectly rendered to execute JavaScript Description: A validation issue was addressed with improved input sanitization. CVE-2020-9788: Wojciech Reguła of SecuRing (https://wojciechregula.blog) SIP Available for: macOS Catalina 10.15.4 Impact: A non-privileged user may be able to modify restricted network settings Description: A logic issue was addressed with improved restrictions. CVE-2020-9824: Csaba Fitzl (@theevilbit) of Offensive Security SQLite Available for: macOS Catalina 10.15.4 Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9794 System Preferences Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with improved state handling. CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative USB Audio Available for: macOS Catalina 10.15.4 Impact: A USB device may be able to cause a denial of service Description: A validation issue was addressed with improved input sanitization. CVE-2020-9792: Andy Davis of NCC Group Wi-Fi Available for: macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A double free issue was addressed with improved memory management. CVE-2020-9844: Ian Beer of Google Project Zero Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-9830: Tielei Wang of Pangu Lab Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-9834: Yu Wang of Didi Research America Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-9833: Yu Wang of Didi Research America Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9832: Yu Wang of Didi Research America WindowServer Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day Initiative zsh Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local attacker may be able to elevate their privileges Description: An authorization issue was addressed with improved state management. CVE-2019-20044: Sam Foxman Additional recognition CoreBluetooth We would like to acknowledge Maximilian von Tschitschnitz of Technical University Munich and Ludwig Peuckert of Technical University Munich for their assistance. CoreText We would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance. Endpoint Security We would like to acknowledge an anonymous researcher for their assistance. ImageIO We would like to acknowledge Lei Sun for their assistance. IOHIDFamily We would like to acknowledge Andy Davis of NCC Group for their assistance. IPSec We would like to acknowledge Thijs Alkemade of Computest for their assistance. Login Window We would like to acknowledge Jon Morby and an anonymous researcher for their assistance. Sandbox We would like to acknowledge Jason L Lang of Optum for their assistance. Spotlight We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Installation note: macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64 iQIcBAEDCAAGBQJezZcfAAoJEAc+Lhnt8tDNIQYP/0YN+/T85WC7RJjAlRrUDduD ZO0e76d2C1jNgZWsYmXnrEPwfRYAEPLcKgb/SxAlwlRNFqex9CNu2sD1aA3GZBIO MaektARuncqh06rl8BjbakS4HQs675vUEjoJS9H2d0pq2dSEIjOtH1agJwtGIeNS wHBFlUnQzI42hurYeq7fxRdiByf+Z3mKEBt6wlVtaWjqcMfG9sroj9H58RLiqSNm VNfU4eZNPrG49kbTf4IC2JvvKg18hrUZqIcjbV/56+kPBl4+USIxh/5ECJHV/cDD BEe64M2I1LiY0lq6neoOeHvBiiIvUq9EUW2PBnfcbo3V1D35mm6td+WnO3Buqo6f EEkjfIwtq7fI10ZPYYjiUayrQyfqmM3x14JcxDsHzlerT6NNRTg3g2ls0seQK9Lt 8IDbkrseOR0JFukR1njC+cAk4RbDFue5cUJK6Js1nGvFwLN0kHFIhh9jFKgccgH7 bKSLDAdB+kSxBOshDDmYyNS+KRzXEWIsBU8ZbNAbRDANWqm4lcPffKWcG7zIdiMQ JLUclRURf35AoFmJ0F1BZSRzFuHr1Dvh23SjNK7H9i/mD05+rY6esh5ZKco+6Yqe pW/EOXEAs/J06xUytABH3SkFmQSzlIPuFrXa8qAskHhFp/E8yLehyefoY+AZJjal sLrLBIOxQCTskSFoExP8 =2eah -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2020-9817 // JVNDB: JVNDB-2020-006291 // VULHUB: VHN-187942 // VULMON: CVE-2020-9817 // PACKETSTORM: 157877

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.6	Trust: 1.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.6	Trust: 1.8
vendor:	apple	model:	mac os x	scope:	gte	version:	10.15	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.13	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.14	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.4	Trust: 0.8

sources: JVNDB: JVNDB-2020-006291 // NVD: CVE-2020-9817

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9817
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006291
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202005-1279
value:	HIGH
Trust: 0.6
VULHUB:	VHN-187942
value:	HIGH
Trust: 0.1
VULMON:	CVE-2020-9817
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-9817
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-006291
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-187942
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9817
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006291
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187942 // VULMON: CVE-2020-9817 // JVNDB: JVNDB-2020-006291 // CNNVD: CNNVD-202005-1279 // NVD: CVE-2020-9817

PROBLEMTYPE DATA

problemtype:

CWE-276

Trust: 1.9

sources: VULHUB: VHN-187942 // JVNDB: JVNDB-2020-006291 // NVD: CVE-2020-9817

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-1279

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202005-1279

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006291

PATCH

title:	HT211170	url:	https://support.apple.com/en-us/HT211170	Trust: 1.6
title:	Apple macOS Catalina PackageKit Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119871	Trust: 0.6
title:	Cisco: MacOS Local Privilege Escalation Exploitable through Cisco AnyConnect Secure Mobility Client	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-anyconnect-mac-priv-esc-VqST2nrT	Trust: 0.1
title:	Apple: macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=18d2b84c501f56d4d090c6cfd170dcdf	Trust: 0.1
title:	sec-daily-2020	url:	https://github.com/alphaSeclab/sec-daily-2020	Trust: 0.1

sources: VULMON: CVE-2020-9817 // JVNDB: JVNDB-2020-006291 // CNNVD: CNNVD-202005-1279

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9817	Trust: 2.7
db:	JVN	id:	JVNVU98042162	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-006291	Trust: 0.8
db:	CNNVD	id:	CNNVD-202005-1279	Trust: 0.7
db:	PACKETSTORM	id:	157877	Trust: 0.7
db:	NSFOCUS	id:	48550	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1859	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1550	Trust: 0.6
db:	CNVD	id:	CNVD-2020-34631	Trust: 0.1
db:	VULHUB	id:	VHN-187942	Trust: 0.1
db:	VULMON	id:	CVE-2020-9817	Trust: 0.1

sources: VULHUB: VHN-187942 // VULMON: CVE-2020-9817 // JVNDB: JVNDB-2020-006291 // PACKETSTORM: 157877 // CNNVD: CNNVD-202005-1279 // NVD: CVE-2020-9817

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-anyconnect-mac-priv-esc-vqst2nrt	Trust: 1.7
url:	https://support.apple.com/ht211170	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9817	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9817	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98042162/index.html	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.1550	Trust: 0.6
url:	https://support.apple.com/en-us/ht211170	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1859/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-32343	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/48550	Trust: 0.6
url:	https://support.apple.com/kb/ht211170	Trust: 0.6
url:	https://packetstormsecurity.com/files/157877/apple-security-advisory-2020-05-26-3.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9809	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9813	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9795	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9822	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9804	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9826	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9814	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9811	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14868	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9792	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3882	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9824	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9797	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9791	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9808	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9788	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9790	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9825	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9821	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9816	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9789	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20044	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3878	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9815	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9793	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9794	Trust: 0.1
url:	https://wojciechregula.blog)	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9812	Trust: 0.1

sources: VULHUB: VHN-187942 // JVNDB: JVNDB-2020-006291 // PACKETSTORM: 157877 // CNNVD: CNNVD-202005-1279 // NVD: CVE-2020-9817

CREDITS

Apple

Trust: 0.7

sources: PACKETSTORM: 157877 // CNNVD: CNNVD-202005-1279

SOURCES

db:	VULHUB	id:	VHN-187942
db:	VULMON	id:	CVE-2020-9817
db:	JVNDB	id:	JVNDB-2020-006291
db:	PACKETSTORM	id:	157877
db:	CNNVD	id:	CNNVD-202005-1279
db:	NVD	id:	CVE-2020-9817

LAST UPDATE DATE

2024-11-23T20:51:13.310000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187942	date:	2022-06-02T00:00:00
db:	VULMON	id:	CVE-2020-9817	date:	2021-05-05T00:00:00
db:	JVNDB	id:	JVNDB-2020-006291	date:	2020-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202005-1279	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2020-9817	date:	2024-11-21T05:41:20.380

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187942	date:	2020-06-09T00:00:00
db:	VULMON	id:	CVE-2020-9817	date:	2020-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-006291	date:	2020-07-06T00:00:00
db:	PACKETSTORM	id:	157877	date:	2020-05-29T19:04:22
db:	CNNVD	id:	CNNVD-202005-1279	date:	2020-05-26T00:00:00
db:	NVD	id:	CVE-2020-9817	date:	2020-06-09T17:15:13.253