VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202005-0459 CVE-2020-13393 plural Tenda Classic buffer overflow vulnerability in device CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda
VAR-202005-0458 CVE-2020-13392 plural Tenda Classic buffer overflow vulnerability in device CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda
VAR-202005-0457 CVE-2020-13391 plural Tenda Classic buffer overflow vulnerability in device CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda
VAR-202005-0455 CVE-2020-13389 plural Tenda Classic buffer overflow vulnerability in device CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda
VAR-202005-0994 CVE-2020-6091 Epson EB-1470Ui Vulnerability regarding information leakage in CVSS V2: 6.4
CVSS V3: 9.1
Severity: CRITICAL
An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability. Epson EB-1470Ui There is an information leakage vulnerability in.Information may be obtained and tampered with. EPSON EB-1470Ui is a full high-definition laser short-range interactive projector from Epson Corporation of Japan
VAR-202005-0969 CVE-2020-9045 plural Johnson Controls Vulnerability in plaintext storage of important product information CVSS V2: 4.0
CVSS V3: 6.5
Severity: MEDIUM
During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation. Johnson Controls Several products provided by the company contain vulnerabilities in the plaintext storage of important information. The product is vulnerable to plaintext storage of important information (CWE-312) Exists.The credentials of the user who installed or upgraded the product are stored in clear text in a log file and are not deleted after installation, which could lead to the theft of credentials by a remote third party. The Software House C?CURE 9000 is a scalable multi-site access control and alarm monitoring system. An attacker could exploit this vulnerability to gain access to the application's credentials
VAR-202005-0734 CVE-2017-18868 Digi XBee 2 Vulnerability in improper default permissions on device CVSS V2: 5.5
CVSS V3: 7.7
Severity: HIGH
Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built. Digi XBee 2 A vulnerability exists in the device regarding improper default permissions.Information may be tampered with
VAR-202005-0971 CVE-2020-9069 plural Huawei Information leakage vulnerabilities in products CVSS V2: 3.3
CVSS V3: 6.5
Severity: MEDIUM
There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. Affected product versions include: Anne-AL00 Versions earlier than 9.1.0.331(C675E9R1P3T8); Berkeley-L09 Versions earlier than 10.0.1.1(C675R1); CD16-10 Versions earlier than 10.0.2.8; CD17-10 Versions earlier than 10.0.2.8; CD17-16 Versions earlier than 10.0.2.8; CD18-10 Versions earlier than 10.0.2.8; CD18-16 Versions earlier than 10.0.2.8; Columbia-TL00B Versions earlier than 9.0.0.187(C01E181R1P20T8); E6878-370 Versions earlier than 10.0.5.1(H610SP10C00); HUAWEI P30 lite Versions earlier than 10.0.0.185(C605E3R1P3), Versions earlier than 10.0.0.197(C432E8R2P7); HUAWEI nova 4e Versions earlier than 10.0.0.158(C00E64R1P9); Honor 10 Lite 9.0.1.113(C675E11R1P12); LelandP-L22A Versions earlier than 9.1.0.166(C675E5R1P4T8); Marie-AL00AX Versions earlier than 10.0.0.158(C00E64R1P9); Marie-AL00AY Versions earlier than 10.0.0.158(C00E64R1P9); Marie-AL00BX Versions earlier than 10.0.0.158(C00E64R1P9); Marie-L03BX Versions earlier than 10.0.0.188(C605E5R1P1); Marie-L21BX Versions earlier than 10.0.0.188(C432E4R4P1), Versions earlier than 10.0.0.188(C461E5R3P1); Marie-L22BX Versions earlier than 10.0.0.188(C636E3R3P1); Marie-L23BX Versions earlier than 10.0.0.188(C605E5R1P1); TC5200-16 Versions earlier than 10.0.2.8; WS5200-11 Versions earlier than 10.0.2.8; WS5200-12 Versions earlier than 10.0.2.23; WS5200-16 Versions earlier than 10.0.2.8; WS5200-17 Versions earlier than 10.0.2.23; WS5800-10 Versions earlier than 10.0.3.27; WS6500-10 Versions earlier than 10.0.2.8; WS6500-16 Versions earlier than 10.0.2.8. Huawei Anne-AL00 and other products are products of China's Huawei company. Huawei Anne-AL00 is a smartphone. Honor 10 Lite is a smartphone. Huawei TC5200-16 is a wireless router
VAR-202005-0877 CVE-2020-9409 plural TIBCO JasperReports Server Inappropriate default permissions in the product CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below. (DoS) It may be put into a state. TIBCO Software JasperReports Server is an embeddable report server from TIBCO Software in the United States. It provides reporting and analysis functions that can be embedded in Web or mobile devices. An attacker could use this vulnerability to obtain the superuser privileges of JasperReports Server and execute arbitrary code
VAR-202005-0620 CVE-2020-1799 E6878-370 Vulnerability in using free memory in CVSS V2: 5.4
CVSS V3: 7.5
Severity: HIGH
E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00), 10.0.3.1(H563SP1C233) has a use after free vulnerability. The software references memory after it has been freed in certain scenario, the attacker does a series of crafted operations through web portal, successful exploit could cause a use after free condition which may lead to malicious code execution. E6878-370 Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei E6878-370 is a portable 5G router from China's Huawei company. There are security vulnerabilities in Huawei E6878-370 version 10.0.3.1 (H557SP27C233), 10.0.0.1 (H563SP1C00) and 10.0.0.1 (H563SP1C233). Attackers can use this vulnerability to execute malicious code via the web interface
VAR-202005-0683 CVE-2020-3184 Cisco Prime Collaboration Provisioning In software SQL Injection vulnerabilities CVSS V2: 6.5
CVSS V3: 7.2
Severity: HIGH
A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates user input for specific SQL queries. An attacker could exploit this vulnerability by authenticating to the application with valid administrative credentials and sending malicious requests to an affected system. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, or delete information from the database that they are not authorized to delete. (DoS) It may be put into a state. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments
VAR-202005-0698 CVE-2020-3280 Cisco Unified Contact Center Express Unreliable data deserialization vulnerability in CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device. Cisco Unified Contact Center Express Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This component supports functions such as self-service voice service, call distribution, and customer access control
VAR-202005-0697 CVE-2020-3272 Cisco Prime Network Registrar Input verification vulnerability in CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this vulnerability by sending a crafted DHCP request to an affected device. A successful exploit could allow the attacker to cause a restart of the DHCP server process, causing a DoS condition. The product provides services such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS) and IP Address Management (IPAM)
VAR-202005-1052 CVE-2020-9484 Debian Security Advisory 4727-1 CVSS V2: 4.4
CVSS V3: 7.0
Severity: HIGH
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. The program implements support for Servlet and JavaServer Page (JSP). The following products and versions are affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to Version 7.0.103. A deserialization flaw exists in Apache Tomcat's use of a FileStore. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-9484) The fix for CVE-2020-9484 was incomplete. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329). For the stable distribution (buster), these problems have been fixed in version 9.0.31-1~deb10u2. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8R6BwACgkQEMKTtsN8 TjbUrw//fOLw1bfjQwHr4fug5xgGtIjccQvMgZ6r4jVWDNUWGns/n0HBIg7IFANW 1LTBXunNygapGke96Cexs/mimcs47wr9Xj6B9R7935NgF7dbXiDPhX99fmMSu4qE mpt9GmynGSOqr2qt+bHMZSIrZ2rpT/WoDbmnVvK0h30Il7VZ2pMEbzq7gd7sfsbO 0FbQr9kza5d5kvih7DLfq/7plhLouyUhzAab3UUJvI1B3ASD4pfEFDSmBJusHJGG 2CTtrO8IFUyYW0ev4/I2KT6rrFiXccEtFhUlpU09SLpy96FP161UVoHILkPHhfqI 9XILKEf0mKVlDfq5q2TOY5WVl8palc5o/Z3xefO4/wZc7/qNNnyzwcNHl6s14czv REID8Llfbro3/XWHkwLXPNFr1VzYXZSX1XhTwKWPWaH+L5WsUSr5uryqIUvSQ96L tTWv3G7KZDwVlio1XJ1t7ZxMkKqEBjvucShFgaOIw1nVD1IrssMKMz9UJQCd4fH5 RtUakyBzUuPbAhUcunMj23n2slZ9WbCANIGKy56O6R71rYI9mYOG2nF2IuUct/F2 iG3/SLJCe2ghVx2Lgz8/nBhZfPEF5FZ2kPHb9KpjjyZ+vl8ZXH83heaYDlDAknXS bTsyFezxJiAwaa9xozjItZPdIBFP9lG8Txmv1AotH7WV/8dRsOU= =E8Ei -----END PGP SIGNATURE----- . The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse 7.9.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1758619 - CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers 1764640 - CVE-2019-12402 apache-commons-compress: Infinite loop in name encoding algorithm 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1785376 - CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature 1790309 - CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapperImpl 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability 1806835 - CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 1845626 - CVE-2020-5410 spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack 1851420 - CVE-2020-11996 tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857024 - CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS 1857040 - CVE-2020-13934 tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS 1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl 1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS 1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling 1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack 1881158 - CVE-2020-5421 springframework: RFD protection bypass via jsessionid 1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used 1881637 - CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error 1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL 1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 1887257 - CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution 1891132 - CVE-2020-27216 jetty: local temporary directory hijacking vulnerability 1898235 - CVE-2020-13954 cxf: XSS via the styleSheetPath 1903727 - CVE-2020-17510 shiro: specially crafted HTTP request may cause an authentication bypass 1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling 1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible 1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file 1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file 1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame 5. ========================================================================== Ubuntu Security Notice USN-6943-1 August 01, 2024 tomcat8, tomcat9 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Tomcat. Software Description: - tomcat9: Servlet and JSP engine - tomcat8: Servlet and JSP engine Details: It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS (CVE-2020-9484) It was discovered that Tomcat incorrectly handled certain HTTP/2 connection requests. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. This issue only affected tomcat8 for Ubuntu 18.04 LTS (CVE-2021-25122) Thomas Wozenilek discovered that Tomcat incorrectly handled certain TLS packets. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected tomcat8 for Ubuntu 18.04 LTS (CVE-2021-41079) Trung Pham discovered that a race condition existed in Tomcat when handling session files with FileStore. A remote attacker could possibly use this issue to execute arbitrary code. This issue affected tomcat8 for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS, and tomcat9 for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS (CVE-2022-23181) It was discovered that Tomcat's documentation incorrectly stated that EncryptInterceptor provided availability protection when running over an untrusted network. A remote attacker could possibly use this issue to cause a denial of service even if EncryptInterceptor was being used. This issue affected tomcat8 for Ubuntu 18.04 LTS, and tomcat9 for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS (CVE-2022-29885) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS tomcat9-docs 9.0.58-1ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS libtomcat9-java 9.0.31-1ubuntu0.6 tomcat9 9.0.31-1ubuntu0.6 tomcat9-docs 9.0.31-1ubuntu0.6 Ubuntu 18.04 LTS libtomcat8-java 8.5.39-1ubuntu1~18.04.3+esm2 Available with Ubuntu Pro libtomcat9-java 9.0.16-3ubuntu0.18.04.2+esm2 Available with Ubuntu Pro tomcat8 8.5.39-1ubuntu1~18.04.3+esm2 Available with Ubuntu Pro tomcat8-docs 8.5.39-1ubuntu1~18.04.3+esm2 Available with Ubuntu Pro tomcat9 9.0.16-3ubuntu0.18.04.2+esm2 Available with Ubuntu Pro tomcat9-docs 9.0.16-3ubuntu0.18.04.2+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS libtomcat8-java 8.0.32-1ubuntu1.13+esm1 Available with Ubuntu Pro tomcat8 8.0.32-1ubuntu1.13+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 3.1 Service Pack 9 security update Advisory ID: RHSA-2020:2483-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2020:2483 Issue date: 2020-06-10 CVE Names: CVE-2020-9484 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 3.1 for RHEL 6 - i386, noarch, x86_64 Red Hat JBoss Web Server 3.1 for RHEL 7 - noarch, x86_64 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 9 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * tomcat: Apache Tomcat Remote Code Execution via session persistence (CVE-2020-9484) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 6. Package List: Red Hat JBoss Web Server 3.1 for RHEL 6: Source: tomcat-native-1.2.23-22.redhat_22.ep7.el6.src.rpm tomcat7-7.0.70-40.ep7.el6.src.rpm tomcat8-8.0.36-44.ep7.el6.src.rpm i386: tomcat-native-1.2.23-22.redhat_22.ep7.el6.i686.rpm tomcat-native-debuginfo-1.2.23-22.redhat_22.ep7.el6.i686.rpm noarch: tomcat7-7.0.70-40.ep7.el6.noarch.rpm tomcat7-admin-webapps-7.0.70-40.ep7.el6.noarch.rpm tomcat7-docs-webapp-7.0.70-40.ep7.el6.noarch.rpm tomcat7-el-2.2-api-7.0.70-40.ep7.el6.noarch.rpm tomcat7-javadoc-7.0.70-40.ep7.el6.noarch.rpm tomcat7-jsp-2.2-api-7.0.70-40.ep7.el6.noarch.rpm tomcat7-jsvc-7.0.70-40.ep7.el6.noarch.rpm tomcat7-lib-7.0.70-40.ep7.el6.noarch.rpm tomcat7-log4j-7.0.70-40.ep7.el6.noarch.rpm tomcat7-selinux-7.0.70-40.ep7.el6.noarch.rpm tomcat7-servlet-3.0-api-7.0.70-40.ep7.el6.noarch.rpm tomcat7-webapps-7.0.70-40.ep7.el6.noarch.rpm tomcat8-8.0.36-44.ep7.el6.noarch.rpm tomcat8-admin-webapps-8.0.36-44.ep7.el6.noarch.rpm tomcat8-docs-webapp-8.0.36-44.ep7.el6.noarch.rpm tomcat8-el-2.2-api-8.0.36-44.ep7.el6.noarch.rpm tomcat8-javadoc-8.0.36-44.ep7.el6.noarch.rpm tomcat8-jsp-2.3-api-8.0.36-44.ep7.el6.noarch.rpm tomcat8-jsvc-8.0.36-44.ep7.el6.noarch.rpm tomcat8-lib-8.0.36-44.ep7.el6.noarch.rpm tomcat8-log4j-8.0.36-44.ep7.el6.noarch.rpm tomcat8-selinux-8.0.36-44.ep7.el6.noarch.rpm tomcat8-servlet-3.1-api-8.0.36-44.ep7.el6.noarch.rpm tomcat8-webapps-8.0.36-44.ep7.el6.noarch.rpm x86_64: tomcat-native-1.2.23-22.redhat_22.ep7.el6.x86_64.rpm tomcat-native-debuginfo-1.2.23-22.redhat_22.ep7.el6.x86_64.rpm Red Hat JBoss Web Server 3.1 for RHEL 7: Source: tomcat-native-1.2.23-22.redhat_22.ep7.el7.src.rpm tomcat7-7.0.70-40.ep7.el7.src.rpm tomcat8-8.0.36-44.ep7.el7.src.rpm noarch: tomcat7-7.0.70-40.ep7.el7.noarch.rpm tomcat7-admin-webapps-7.0.70-40.ep7.el7.noarch.rpm tomcat7-docs-webapp-7.0.70-40.ep7.el7.noarch.rpm tomcat7-el-2.2-api-7.0.70-40.ep7.el7.noarch.rpm tomcat7-javadoc-7.0.70-40.ep7.el7.noarch.rpm tomcat7-jsp-2.2-api-7.0.70-40.ep7.el7.noarch.rpm tomcat7-jsvc-7.0.70-40.ep7.el7.noarch.rpm tomcat7-lib-7.0.70-40.ep7.el7.noarch.rpm tomcat7-log4j-7.0.70-40.ep7.el7.noarch.rpm tomcat7-selinux-7.0.70-40.ep7.el7.noarch.rpm tomcat7-servlet-3.0-api-7.0.70-40.ep7.el7.noarch.rpm tomcat7-webapps-7.0.70-40.ep7.el7.noarch.rpm tomcat8-8.0.36-44.ep7.el7.noarch.rpm tomcat8-admin-webapps-8.0.36-44.ep7.el7.noarch.rpm tomcat8-docs-webapp-8.0.36-44.ep7.el7.noarch.rpm tomcat8-el-2.2-api-8.0.36-44.ep7.el7.noarch.rpm tomcat8-javadoc-8.0.36-44.ep7.el7.noarch.rpm tomcat8-jsp-2.3-api-8.0.36-44.ep7.el7.noarch.rpm tomcat8-jsvc-8.0.36-44.ep7.el7.noarch.rpm tomcat8-lib-8.0.36-44.ep7.el7.noarch.rpm tomcat8-log4j-8.0.36-44.ep7.el7.noarch.rpm tomcat8-selinux-8.0.36-44.ep7.el7.noarch.rpm tomcat8-servlet-3.1-api-8.0.36-44.ep7.el7.noarch.rpm tomcat8-webapps-8.0.36-44.ep7.el7.noarch.rpm x86_64: tomcat-native-1.2.23-22.redhat_22.ep7.el7.x86_64.rpm tomcat-native-debuginfo-1.2.23-22.redhat_22.ep7.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-9484 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXuDzktzjgjWX9erEAQgi/w//Xj/qCl98tBEg+2ffj+TA0Is16FtznlWO xIScyhvleDsX7AZ/o+Fd/8bqePrC4fPYmrPwe29i6IkcbOK1oQY786YLZsD78KTV 0M4QIR5JserxNzylp29q2R6xQdH0mTLTK1BfYLSoi63Fx/XdFz8dnkWs6PxJLEan mM0ioyWz3rPlA133UMX6gr6LEWNcV36+DeOuDt6xwtPCwFsG9Uh95XV0yYkPyUa+ k6N1bl0Z1gAb8CDA0Bb9ACT/wNIFj2Ops1d5gr0X6uxhhieGRYMKFqyJ7amEcpCW WkiVL3Jr4cCI3JgVLJ+9VwK9ifqiFPT/uFBFqukodeUi4jt5B6MCutWjg5MMlyjk zYJFaOtzpYdN94XLQliHpUnFcwgqNzl7D1aAhianL/SYC7im9embS+os0h8r0y/K zh2FkLbtb+hrxGQKbaCJXlHhXbng6ke1xxnT6JeKIqFnJhl3WOisDSQBVwtJqTjW gtdHIPSUVRaA1Q62xN+ERDAWKcXGh1r/B7RnX8e7mjmVBj8sw33rLJtz8XAIwztI dQDrF6NZsO6sozXsd8tODjgTaXHRqXv4gDp2BqJRCYGf3CjlvCtRcEkgK7WN8B1o Nbgz9YN9a5MRSU/tvViPZ97jtTi376HAxZb8hrEIq43CgKdGdYeD9nGp/PXrFT3Z T4TlPOipQc8=m5kE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform
VAR-202006-1639 CVE-2020-9848 iOS and iPadOS Authentication vulnerabilities in CVSS V2: 2.1
CVSS V3: 2.4
Severity: LOW
An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5. A person with physical access to an iOS device may be able to view notification contents from the lockscreen. iOS and iPadOS Is vulnerable to authentication due to poor state management.The content of the notification may be displayed from the lock screen by a person who can physically operate the terminal. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Notifications is one of the notification push components. An information disclosure vulnerability exists in the Notifications component of Apple iOS versions prior to 13.5 and iPadOS versions prior to 13.5
VAR-202006-1632 CVE-2020-9838 iOS and iPadOS Out-of-bounds read vulnerability in CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to cause arbitrary code execution. iOS and iPadOS Exists in an out-of-bounds read vulnerability due to a flaw in the handling of bounds checks.Arbitrary code could be executed by a remote attacker. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Bluetooth is one of the Bluetooth components. A buffer error vulnerability exists in the Bluetooth component in Apple iOS versions prior to 13.5 and iPadOS versions prior to 13.5
VAR-202006-1630 CVE-2020-9835 iOS and iPadOS In FaceTime Video Pause Vulnerability CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 13.5 and iPadOS 13.5. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in the FaceTime component of Apple iOS versions prior to 13.5 and iPadOS versions prior to 13.5. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
VAR-202006-1624 CVE-2020-9829 plural Apple Product validation vulnerabilities CVSS V2: 4.3
CVSS V3: 6.5
Severity: MEDIUM
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted text message may lead to application denial of service. plural Apple The product contains a validation vulnerability due to a flawed input sanitization process.Interfere with application operations through the processing of maliciously created text messages (DoS) It may be put into a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. CoreText is one of the typesetting engine components. A security vulnerability exists in the CoreText component of several Apple products. The following products and versions are affected: Apple iOS prior to 13.5; iPadOS prior to 13.5; tvOS prior to 13.4.5; watchOS prior to 6.2.5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-05-26-4 tvOS 13.4.5 tvOS 13.4.5 addresses the following: Accounts Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt AppleMobileFileIntegrity Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-9842: Linus Henze (pinauten.de) Audio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative Audio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative CoreText Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted text message may lead to application denial of service Description: A validation issue was addressed with improved input sanitization. CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com FontParser Available for: Apple TV 4K and Apple TV HD Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3878: Samuel Groß of Google Project Zero ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9789: Wenchao Li of VARAS@IIE CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab IPSec Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9837: Thijs Alkemade of Computest Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to determine another application's memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2020-9797: an anonymous researcher Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab Kernel Available for: Apple TV 4K and Apple TV HD Impact: A local user may be able to read kernel memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9811: Tielei Wang of Pangu Lab CVE-2020-9812: Derrek (@derrekr6) Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue existed resulting in memory corruption. CVE-2020-9813: Xinru Chi of Pangu Lab CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed with improved state management. CVE-2020-9809: Benjamin Randazzo (@____benjamin) Python Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2020-9793 SQLite Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9794 System Preferences Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with improved state handling. CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved restrictions. CVE-2020-9805: an anonymous researcher WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A logic issue was addressed with improved restrictions. CVE-2020-9802: Samuel Groß of Google Project Zero WebKit Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause arbitrary code execution Description: A logic issue was addressed with improved restrictions. CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-9843: Ryan Pickren (ryanpickren.com) WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2020-9803: Wen Xu of SSLab at Georgia Tech WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-9806: Wen Xu of SSLab at Georgia Tech CVE-2020-9807: Wen Xu of SSLab at Georgia Tech WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative WebRTC Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An access issue was addressed with improved memory management. CVE-2019-20503: Natalie Silvanovich of Google Project Zero zsh Available for: Apple TV 4K and Apple TV HD Impact: A local attacker may be able to elevate their privileges Description: An authorization issue was addressed with improved state management. CVE-2019-20044: Sam Foxman Additional recognition CoreText We would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance. ImageIO We would like to acknowledge Lei Sun for their assistance. IOHIDFamily We would like to acknowledge Andy Davis of NCC Group for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Safari We would like to acknowledge Luke Walker of Manchester Metropolitan University for their assistance. WebKit We would like to acknowledge Aidan Dunlap of UT Austin for their assistance. Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64 iQIcBAEDCAAGBQJezV7eAAoJEAc+Lhnt8tDNGUEQAIqcHvrOcVu90wELj4q9d2Z/ LwyOmEKZu0s5QO5d2XuusXQig7etS+hQg4y4IEBc6+FbeHQ6geksjn4CEs0y1hs2 cIQHtXqOes5QRZx4joMGqC6rsS2U+DoSxtsxyKDrzhWCBJdz18JXG/5AdLQn9Zo4 QvUVVwNX61QiFGlUd5lL9QZWrh+FBxgilex7H9YpCVSzcTN5xcbe48zVjhpU/UFn KKKRK15aTzGqhmJ1zhvYUVLal4tfWV52QzWNbUW2UlPGxFORNpYKXCmQILk8eQGj FqIIjGrVcGYPnCDKbMfh24rEilYMzhDrQNg06uokgilPAUXC937lI88+G56Ayl9n ABOK/i04ni1FrmGkwRf/VEW6WV7k3bpXi5UTUZZCplfk19PoH8MIk1wUZ8AzActr lxK5DeHPKAG5Pl3dzkqKT8lQ/9aSozken7yQNz7AIo5Ib1ik88er4uu/SjV5CRka e0t8tkoL8MLIpMqUUpt7j+HgqB/R8VBQ6lBK0Jds2NI84XWXRTHF7UeeVo/BYoTj gdUqhL1B3vdIizxSemmbx70wVoHLU//JONHLJNE6dfGdNWeKHcqKfzZPbXo/4Hq/ ZDNj/cDOJTmChYqvG/Qi7AHlKACWpYMNnRsa6hMt99z24hdvPg2LP4ANf7Gi6Sq6 CnECyJL8Va3625vOipPF =ceKY -----END PGP SIGNATURE-----
VAR-202006-1619 CVE-2020-9823 iOS and iPadOS Vulnerability in CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5. Users removed from an iMessage conversation may still be able to alter state. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Messages is one of the application components for sending texts, photos and videos. A security vulnerability exists in the Messages component of Apple iOS versions prior to 13.5 and iPadOS versions prior to 13.5
VAR-202006-1616 CVE-2020-9820 iOS and iPadOS Logic vulnerabilities in CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to modify the file system. iOS and iPadOS Exists in a logic vulnerability due to a flaw in the processing of restrictions.A local attacker could modify the file system. apple's iPadOS and iOS Exists in unspecified vulnerabilities.Information may be tampered with. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. File System is one of the file system components