VARIoT IoT vulnerabilities database

Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator. The platform can specify a unified management strategy to achieve efficient management of the cloud platform. The vulnerability is caused by weak input validation on Windows, which allows an attacker to act as a high-privileged The user runs the program

Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021. plural Aruba CX A buffer error vulnerability exists in the switch series.Denial of service (DoS) It may be put into a state

Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Starter" module) within the application. Ozeki NG SMS Gateway Is vulnerable to an unlimited upload of dangerous types of files.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Ozeki NG SMS Gateway (Ozeki NG SMS Gateway) is a software from serials that allows you to access mobile networks through your computer. The program can convert your incoming emails to SMS and send them to your mobile phone. Ozeki NG SMS Gateway is very reliable and operates 24 hours a day, 7 days a week. The main functions are: (1), send and receive messages in two ways (from phone to system, from system to phone); (2), support various applications of desktop email and Webmail; (3), powerful The server supports the program and stores your SMS to send and receive these; (4), supports multiple devices, etc. Ozeki NG SMS Gateway versions 4.17.1 to 4.17.6 have security vulnerabilities. This vulnerability stems from the fact that the file type is not verified when uploading contact lists in batches

The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. Reason S20 The series is General Electric An industrial managed Ethernet switch provided by the company. Reason S20 There are several vulnerabilities in the series: * Cross-site scripting (CWE-79) - CVE-2020-16242 * Cross-site scripting (CWE-79) - CVE-2020-16246The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2020-16242 * A remote third party can use cross-site scripting to execute arbitrary scripts on the user's web browser. - CVE-2020-16246

An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. Host and guest crashes are also possible, leading to a Denial of Service (DoS). Information leaks cannot be ruled out. All Xen versions from 4.5 onwards are vulnerable. Xen versions 4.4 and earlier are not vulnerable. Xen Is vulnerable to a race condition.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Xen is an open source virtual machine monitor product from the University of Cambridge in the United Kingdom. The product can make different and incompatible operating systems run on the same computer, and supports migration during runtime, ensuring normal operation and avoiding downtime. The vulnerability stems from EVTCHNOP reset or XEN DOMCTL soft reset violating various internal assumptions, resulting in out-of-range memory access or triggering error checks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4769-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 02, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks. For the stable distribution (buster), these problems have been fixed in version 4.11.4+37-g3263f257ca-1. We recommend that you upgrade your xen packages. For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl93YAEACgkQEMKTtsN8 TjY0MBAAhNI5m2Xr0uDfEROtBWOy5om8CNYJRnOH4cm4f6Nx9uCvNUDU+AvhS3Bk 67nVTbpJe6IP7jtYHh2YuIuJIz0iCbSxPrW5wlytA/HKnrqfFITD2SgwvQx4ncZU iiJOn/LWDwxfsAMjZk01TboPEoefzOa8PsxprTUmfpbdCfr9uctQ6VMqDJGbQuTb YZoNBn9p38t37HgI3JN2r43LXXawR9HU30NwTnL9H2ffRu/Rqz7aA+7sCjjbgJ85 7gEHix+lBvQmEc8qd6f/JkhSu1TCxvslL6MdGcCj9kYecW7g0Rme7A+TtEfdrfnK zpKcoSDsp3VZUGvP4pV8aQ+ByV8A4CgCKJ9wchkwWNRCgDZaB/hn1FLSIG47cvAL qOL/2cO456ZGtCadjYeO3JIKUlQtjwZafc5NRtI52YB13ZVQBblu2u+msnKkg7VD Ba9P7M9QwWM37DmFwjyhxvWj52I/VLHZ4jsx2giRY+QhZ/FilkO1G3esBPVVtcrk jReijuSE4r/7q9iwPsdAj03UevSzah/3kY2ZlNolQkBQcVUgXQluWuImBO3Fvn50 grFSMJTnrxfjcj3pLFEgHw7p+CJEM2Tv1a3QnoO6iQS0EH1tAnFUk3bHIvYg1fNk o2jnKeLe9sUhtr3GXEhu3wv3eOq7zyg0IoocCo/tAOkl9bgWyI4= =po/H -----END PGP SIGNATURE----- . Software Description: - xen: Public headers and libs for Xen Details: It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Julien Grall discovered that Xen incorrectly handled memory barriers on ARM-based systems. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or escalate privileges. (CVE-2020-11739) Ilja Van Sprundel discovered that Xen incorrectly handled profiling of guests. An unprivileged attacker could use this issue to obtain sensitive information from other guests, cause a denial of service or possibly gain privileges. (CVE-2020-11742, CVE-2020-11743) Jan Beulich discovered that Xen incorrectly handled certain code paths. (CVE-2020-15563) Julien Grall discovered that Xen incorrectly verified memory addresses provided by the guest on ARM-based systems. (CVE-2020-15564) Roger Pau Monn\xe9 discovered that Xen incorrectly handled caching on x86 Intel systems. (CVE-2020-15565) It was discovered that Xen incorrectly handled error in event-channel port allocation. (CVE-2020-15566) Jan Beulich discovered that Xen incorrectly handled certain EPT (Extended Page Tables). (CVE-2020-15567) Andrew Cooper discovered that Xen incorrectly handled PCI passthrough. (CVE-2020-25595) Andrew Cooper discovered that Xen incorrectly sanitized path injections. (CVE-2020-25596) Jan Beulich discovered that Xen incorrectly handled validation of event channels. (CVE-2020-25597) Julien Grall and Jan Beulich discovered that Xen incorrectly handled resetting event channels. (CVE-2020-25599) Julien Grall discovered that Xen incorrectly handled event channels memory allocation on 32-bits domains. (CVE-2020-25600) Jan Beulich discovered that Xen incorrectly handled resetting or cleaning up event channels. (CVE-2020-25601) Andrew Cooper discovered that Xen incorrectly handled certain Intel specific MSR (Model Specific Registers). (CVE-2020-25602) Julien Grall discovered that Xen incorrectly handled accessing/allocating event channels. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information of privilege escalation. (CVE-2020-25604) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libxendevicemodel1 4.11.3+24-g14b62ab3e5-1ubuntu2.3 libxenevtchn1 4.11.3+24-g14b62ab3e5-1ubuntu2.3 libxengnttab1 4.11.3+24-g14b62ab3e5-1ubuntu2.3 libxenmisc4.11 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-hypervisor-4.11-amd64 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-hypervisor-4.11-arm64 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-hypervisor-4.11-armhf 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-utils-4.11 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-utils-common 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xenstore-utils 4.11.3+24-g14b62ab3e5-1ubuntu2.3 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5617-1 CVE-2020-0543, CVE-2020-11739, CVE-2020-11740, CVE-2020-11741, CVE-2020-11742, CVE-2020-11743, CVE-2020-15563, CVE-2020-15564, CVE-2020-15565, CVE-2020-15566, CVE-2020-15567, CVE-2020-25595, CVE-2020-25596, CVE-2020-25597, CVE-2020-25599, CVE-2020-25600, CVE-2020-25601, CVE-2020-25602, CVE-2020-25603, CVE-2020-25604 Package Information: https://launchpad.net/ubuntu/+source/xen/4.11.3+24-g14b62ab3e5-1ubuntu2.3

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files). Ozeki NG SMS Gateway Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The program can convert your incoming emails to SMS and send them to your mobile phone. The main functions are: (1), send and receive messages in two ways (from phone to system, from system to phone); (2), support various applications of desktop email and Webmail; (3), powerful The server supports the program and stores your SMS to send and receive these; (4), supports multiple devices, etc

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges. Ozeki NG SMS Gateway Contains a path traversal vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The program can convert your incoming emails to SMS and send them to your mobile phone. The main functions are: (1), send and receive messages in two ways (from phone to system, from system to phone); (2), support various applications of desktop email and Webmail; (3), powerful The server supports the program and stores your SMS to send and receive these; (4), supports multiple devices, etc

Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuration, or (4) any GET Parameter in the /default URL of the application. Ozeki NG SMS Gateway Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. The program can convert your incoming emails to SMS and send them to your mobile phone. The main functions are: (1), send and receive messages in two ways (from phone to system, from system to phone); (2), support various applications of desktop email and Webmail; (3), powerful The server supports the program and stores your SMS to send and receive these; (4), supports multiple devices, etc. An attacker could exploit this vulnerability to execute client code

Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS. Ozeki NG SMS Gateway Contains a server-side request forgery vulnerability.Denial of service (DoS) It may be put into a state. The program can convert your incoming emails to SMS and send them to your mobile phone. The main functions are: (1), send and receive messages in two ways (from phone to system, from system to phone); (2), support various applications of desktop email and Webmail; (3), powerful The server supports the program and stores your SMS to send and receive these; (4), supports multiple devices, etc

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attacks. The program can convert your incoming emails to SMS and send them to your mobile phone. The main functions are: (1), send and receive messages in two ways (from phone to system, from system to phone); (2), support various applications of desktop email and Webmail; (3), powerful The server supports the program and stores your SMS to send and receive these; (4), supports multiple devices, etc. The vulnerability stems from the fact that the database connection string accepts custom insecure parameters, such as ENABLE_LOCAL_INFILE

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export. Ozeki NG SMS Gateway Has CSV A vulnerability exists regarding the neutralization of mathematical elements in files.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Ozeki NG SMS Gateway (Ozeki NG SMS Gateway) is a software from serials that allows you to access mobile networks through your computer. The program can convert your incoming emails to SMS and send them to your mobile phone. Ozeki NG SMS Gateway is very reliable and operates 24 hours a day, 7 days a week. The main functions are: (1), send and receive messages in two ways (from phone to system, from system to phone); (2), support various applications of desktop email and Webmail; (3), powerful The server supports the program and stores your SMS to send and receive these; (4), supports multiple devices, etc

Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password. Ozeki NG SMS Gateway Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The program can convert your incoming emails to SMS and send them to your mobile phone. The main functions are: (1), send and receive messages in two ways (from phone to system, from system to phone); (2), support various applications of desktop email and Webmail; (3), powerful The server supports the program and stores your SMS to send and receive these; (4), supports multiple devices, etc. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors. Fortinet FortiAnalyzer is a centralized network security reporting solution from Fortinet. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. Fortinet FortiAnalyzer has a security vulnerability, which stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to trigger cross-site scripting through the storage connector to run JavaScript code in the context of the website

An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. FortiTester Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the AMDSupport driver. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with system privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the AppleIntelKBLGraphics kernel extension. The issue results from the lack of proper locking when performing operations on an object. Apple OS X is a set of dedicated operating systems developed by Apple for Mac computers

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header. D-Link DIR-816L and DIR-816 are both wireless routers of D-Link company in Taiwan. No detailed vulnerability details are currently provided

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. A resource management error vulnerability exists in Apple Safari. The vulnerability originates from the aboutBlankURL() function of the WebKit component in Apple Safari. Affected products and versions are as follows: gnome-settings-daemon (Red Hat package): 3.32.0-4.el8, 3.32.0-9.el8, 3.32.0-9.el8_2.1. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 iOS 14.0 and iPadOS 14.0 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211850. AppleAVD Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to cause unexpected system termination or write kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9958: Mohamed Ghannam (@_simo36) Assets Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An attacker may be able to misuse a trust relationship to download malicious content Description: A trust issue was addressed by removing a legacy API. CVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup Entry updated November 12, 2020 Audio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020 Audio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020 CoreAudio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020 CoreCapture Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9949: Proteas Entry added November 12, 2020 Disk Images Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9965: Proteas CVE-2020-9966: Proteas Entry added November 12, 2020 Icons Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to identify what other applications a user has installed Description: The issue was addressed with improved handling of icon caches. CVE-2020-9773: Chilik Tamir of Zimperium zLabs IDE Device Support Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network Description: This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen of Zimperium zLabs Entry updated September 17, 2020 ImageIO Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab Entry added November 12, 2020 ImageIO Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9876: Mickey Jin of Trend Micro Entry added November 12, 2020 IOSurfaceAccelerator Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03) Kernel Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel Description: A routing issue was addressed with improved restrictions. CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall Entry added November 12, 2020 Keyboard Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany libxml2 Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9981: found by OSS-Fuzz Entry added November 12, 2020 Mail Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to unexpectedly alter application state Description: This issue was addressed with improved checks. CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences Entry added November 12, 2020 Messages Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local user may be able to discover a user’s deleted messages Description: The issue was addressed with improved deletion. CVE-2020-9988: William Breuer of the Netherlands CVE-2020-9989: von Brunn Media Entry added November 12, 2020 Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-13520: Aleksandar Nikolic of Cisco Talos Entry added November 12, 2020 Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-6147: Aleksandar Nikolic of Cisco Talos CVE-2020-9972: Aleksandar Nikolic of Cisco Talos Entry added November 12, 2020 Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9973: Aleksandar Nikolic of Cisco Talos NetworkExtension Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to elevate privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro Entry added November 12, 2020 Phone Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: The screen lock may not engage after the specified time period Description: This issue was addressed with improved checks. CVE-2020-9946: Daniel Larsson of iolight AB Quick Look Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious app may be able to determine the existence of files on the computer Description: The issue was addressed with improved handling of icon caches. CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security Entry added November 12, 2020 Safari Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to determine a user's open tabs in Safari Description: A validation issue existed in the entitlement verification. CVE-2020-9977: Josh Parnham (@joshparnham) Entry added November 12, 2020 Safari Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: The issue was addressed with improved UI handling. CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba, Piotr Duszynski Entry added November 12, 2020 Sandbox Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local user may be able to view senstive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog) Entry added November 12, 2020 Sandbox Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to access restricted files Description: A logic issue was addressed with improved restrictions. CVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec Entry updated September 17, 2020 Siri Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen Description: A lock screen issue allowed access to messages on a locked device. CVE-2020-9959: an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, Andrew Goldberg The University of Texas at Austin, McCombs School of Business, Meli̇h Kerem Güneş of Li̇v College, Sinan Gulguler SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 Entry added November 12, 2020 SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to leak memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9849 Entry added November 12, 2020 SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating SQLite to version 3.32.3. CVE-2020-15358 Entry added November 12, 2020 SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A maliciously crafted SQL query may lead to data corruption Description: This issue was addressed with improved checks. CVE-2020-13631 Entry added November 12, 2020 SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-13630 Entry added November 12, 2020 WebKit Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9947: cc working with Trend Micro Zero Day Initiative CVE-2020-9950: cc working with Trend Micro Zero Day Initiative CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos Entry added November 12, 2020 WebKit Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9983: zhunki Entry added November 12, 2020 WebKit Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-9952: Ryan Pickren (ryanpickren.com) Wi-Fi Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2020-10013: Yu Wang of Didi Research America Entry added November 12, 2020 Additional recognition App Store We would like to acknowledge Giyas Umarov of Holmdel High School for their assistance. Audio We would like to acknowledge JunDong Xie and XingWei Lin of Ant- financial Light-Year Security Lab for their assistance. Entry added November 12, 2020 Bluetooth We would like to acknowledge Andy Davis of NCC Group and Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance. CallKit We would like to acknowledge Federico Zanetello for their assistance. CarPlay We would like to acknowledge an anonymous researcher for their assistance. Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Entry added November 12, 2020 Core Location We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. debugserver We would like to acknowledge Linus Henze (pinauten.de) for their assistance. iAP We would like to acknowledge Andy Davis of NCC Group for their assistance. iBoot We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero, Stephen Röttger of Google for their assistance. Entry updated November 12, 2020 libarchive We would like to acknowledge Dzmitry Plotnikau and an anonymous researcher for their assistance. lldb We would like to acknowledge Linus Henze (pinauten.de) for their assistance. Entry added November 12, 2020 Location Framework We would like to acknowledge Nicolas Brunner (linkedin.com/in/nicolas-brunner-651bb4128) for their assistance. Entry updated October 19, 2020 Mail We would like to acknowledge an anonymous researcher for their assistance. Entry added November 12, 2020 Mail Drafts We would like to acknowledge Jon Bottarini of HackerOne for their assistance. Entry added November 12, 2020 Maps We would like to acknowledge Matthew Dolan of Amazon Alexa for their assistance. NetworkExtension We would like to acknowledge Thijs Alkemade of Computest and ‘Qubo Song’ of ‘Symantec, a division of Broadcom’ for their assistance. Phone Keypad We would like to acknowledge Hasan Fahrettin Kaya of Akdeniz University, an anonymous researcher for their assistance. Entry updated November 12, 2020 Safari We would like to acknowledge Andreas Gutmann (@KryptoAndI) of OneSpan's Innovation Centre (onespan.com) and University College London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre (onespan.com) and University College London, Jack Cable of Lightning Security, Ryan Pickren (ryanpickren.com), Yair Amit for their assistance. Entry added November 12, 2020 Safari Reader We would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance. Entry added November 12, 2020 Security We would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance. Entry added November 12, 2020 Status Bar We would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and an anonymous researcher for their assistance. Telephony We would like to acknowledge Onur Can Bıkmaz, Vodafone Turkey @canbkmaz, Yiğit Can YILMAZ (@yilmazcanyigit), an anonymous researcher for their assistance. Entry updated November 12, 2020 UIKit We would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt, and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk Inc for their assistance. Web App We would like to acknowledge Augusto Alvarez of Outcourse Limited for their assistance. WebKit We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance. Entry added November 12, 2020 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 14.0 and iPadOS 14.0". This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxqgACgkQZcsbuWJ6 jjBhIhAAhLzDSjgjVzG0JLzEerhFBcAWQ1G8ogmIdxuC0aQfvxO4V1NriKzUcmsZ UgQCEdN4kzfLsj3KeuwSeq0pg2CX1eZdgY/FyuOBRzljsmGPXJgkyYapJww6mC8n 7jeJazKusiyaRmScLYDwvbOQGlaqCfu6HrM9umMpLfwPGjFqe/gz8jyxohdVZx9t pNC0g9l37dVJIvFRc1mAm9HAnIQoL8CDOEd96jVYiecB8xk0X6CwjZ7nGzYJc5LZ A54EaN0dDz+8q8jgylmAd8xkA8Pgdsxw+LWDr1TxPuu3XIzYa98S1AsItK2eiWx8 pIhrzVZ3fk1w3+W/cSWrgzUq4ouijWcWw9dmVgxmzv9ldL/pS+wIgFsYLJm4xHAp PH+9p3JmMQks9BWgr3h+NEcJwCUm5J7y0PNuCnQL2iKzn4jikqgfCXHZOidkPV3t KjeeIFX30AGI7cUqhRl9GbRn8l5SA4pbd4a0Y5df1PgkDjSXxw91Z1+5S15Qfrzs K8pBlPH37yU3aqMEvxBsN5Fd7vdFdA+pV/aWG5tw4pUlZJC25c50w1ZW0vrnsisg /isPJqXhUWiGAfQ7s5W6W3AMs4PyvRjY+7zzGiHAd+wNkUNwVTbXvKP4W4n/vGH8 uARpQRQsureymLerXpVTwH8ZoeDEeZZwaqNHTQKg/M9ifAZPZUA= =WdqR -----END PGP SIGNATURE----- . Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1328 - Port fix to 5.0.z for BZ-1945168 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.7.13 bug fix and security update Advisory ID: RHSA-2021:2121-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:2121 Issue date: 2021-06-01 CVE Names: CVE-2016-10228 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 CVE-2019-18811 CVE-2019-19523 CVE-2019-19528 CVE-2019-25013 CVE-2019-25032 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042 CVE-2020-0431 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-10543 CVE-2020-10878 CVE-2020-11608 CVE-2020-12114 CVE-2020-12362 CVE-2020-12464 CVE-2020-13434 CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 CVE-2020-14314 CVE-2020-14344 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 CVE-2020-14356 CVE-2020-14360 CVE-2020-14361 CVE-2020-14362 CVE-2020-14363 CVE-2020-15358 CVE-2020-15437 CVE-2020-15586 CVE-2020-16845 CVE-2020-24330 CVE-2020-24331 CVE-2020-24332 CVE-2020-24394 CVE-2020-24977 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25643 CVE-2020-25659 CVE-2020-25704 CVE-2020-25712 CVE-2020-26116 CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 CVE-2020-27783 CVE-2020-27786 CVE-2020-27835 CVE-2020-28196 CVE-2020-28935 CVE-2020-28974 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2020-35508 CVE-2020-36242 CVE-2020-36322 CVE-2021-0342 CVE-2021-3121 CVE-2021-3177 CVE-2021-3326 CVE-2021-21642 CVE-2021-21643 CVE-2021-21644 CVE-2021-21645 CVE-2021-23336 CVE-2021-25215 CVE-2021-30465 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.7.13 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2021:2122 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html This update fixes the following bug among others: * Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238) Security Fix(es): * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64 The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36 All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor 3. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing 5. References: https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13012 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-18811 https://access.redhat.com/security/cve/CVE-2019-19523 https://access.redhat.com/security/cve/CVE-2019-19528 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2019-25032 https://access.redhat.com/security/cve/CVE-2019-25034 https://access.redhat.com/security/cve/CVE-2019-25035 https://access.redhat.com/security/cve/CVE-2019-25036 https://access.redhat.com/security/cve/CVE-2019-25037 https://access.redhat.com/security/cve/CVE-2019-25038 https://access.redhat.com/security/cve/CVE-2019-25039 https://access.redhat.com/security/cve/CVE-2019-25040 https://access.redhat.com/security/cve/CVE-2019-25041 https://access.redhat.com/security/cve/CVE-2019-25042 https://access.redhat.com/security/cve/CVE-2020-0431 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9948 https://access.redhat.com/security/cve/CVE-2020-9951 https://access.redhat.com/security/cve/CVE-2020-9983 https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-11608 https://access.redhat.com/security/cve/CVE-2020-12114 https://access.redhat.com/security/cve/CVE-2020-12362 https://access.redhat.com/security/cve/CVE-2020-12464 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13543 https://access.redhat.com/security/cve/CVE-2020-13584 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-14314 https://access.redhat.com/security/cve/CVE-2020-14344 https://access.redhat.com/security/cve/CVE-2020-14345 https://access.redhat.com/security/cve/CVE-2020-14346 https://access.redhat.com/security/cve/CVE-2020-14347 https://access.redhat.com/security/cve/CVE-2020-14356 https://access.redhat.com/security/cve/CVE-2020-14360 https://access.redhat.com/security/cve/CVE-2020-14361 https://access.redhat.com/security/cve/CVE-2020-14362 https://access.redhat.com/security/cve/CVE-2020-14363 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-15437 https://access.redhat.com/security/cve/CVE-2020-15586 https://access.redhat.com/security/cve/CVE-2020-16845 https://access.redhat.com/security/cve/CVE-2020-24330 https://access.redhat.com/security/cve/CVE-2020-24331 https://access.redhat.com/security/cve/CVE-2020-24332 https://access.redhat.com/security/cve/CVE-2020-24394 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25212 https://access.redhat.com/security/cve/CVE-2020-25284 https://access.redhat.com/security/cve/CVE-2020-25285 https://access.redhat.com/security/cve/CVE-2020-25643 https://access.redhat.com/security/cve/CVE-2020-25659 https://access.redhat.com/security/cve/CVE-2020-25704 https://access.redhat.com/security/cve/CVE-2020-25712 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-27783 https://access.redhat.com/security/cve/CVE-2020-27786 https://access.redhat.com/security/cve/CVE-2020-27835 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-28935 https://access.redhat.com/security/cve/CVE-2020-28974 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2020-35508 https://access.redhat.com/security/cve/CVE-2020-36242 https://access.redhat.com/security/cve/CVE-2020-36322 https://access.redhat.com/security/cve/CVE-2021-0342 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-21642 https://access.redhat.com/security/cve/CVE-2021-21643 https://access.redhat.com/security/cve/CVE-2021-21644 https://access.redhat.com/security/cve/CVE-2021-21645 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/cve/CVE-2021-25215 https://access.redhat.com/security/cve/CVE-2021-30465 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202012-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: December 23, 2020 Bugs: #755947 ID: 202012-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which could result in the arbitrary execution of code. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.30.3 >= 2.30.3 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.30.3" References ========== [ 1 ] CVE-2020-13543 https://nvd.nist.gov/vuln/detail/CVE-2020-13543 [ 2 ] CVE-2020-13584 https://nvd.nist.gov/vuln/detail/CVE-2020-13584 [ 3 ] CVE-2020-9948 https://nvd.nist.gov/vuln/detail/CVE-2020-9948 [ 4 ] CVE-2020-9951 https://nvd.nist.gov/vuln/detail/CVE-2020-9951 [ 5 ] CVE-2020-9952 https://nvd.nist.gov/vuln/detail/CVE-2020-9952 [ 6 ] CVE-2020-9983 https://nvd.nist.gov/vuln/detail/CVE-2020-9983 [ 7 ] WSA-2020-0008 https://webkitgtk.org/security/WSA-2020-0008.html [ 8 ] WSA-2020-0009 https://webkitgtk.org/security/WSA-2020-0009.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202012-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal. plural Citrix The product contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Citrix Application Delivery Controller is an application delivery controller. The product has features such as application delivery control and load balancing. Many Citrix Systems products have injection vulnerabilities, which can be used by attackers to attack SSL VPN website portals

Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network. plural Citrix The product contains a resource depletion vulnerability.Denial of service (DoS) It may be put into a state. Citrix Application Delivery Controller is an application delivery controller. The product has features such as application delivery control and load balancing. Many Citrix Systems products have resource management vulnerabilities, which originate from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products