CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 1CVE-2020-11764 – OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp
https://notcve.org/view.php?id=CVE-2020-11764
14 Apr 2020 — An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una escritura fuera de límites en la función copyIntoFrameBuffer en el archivo ImfMisc.cpp. OpenEXR is a high dynamic-range image file format developed by Industrial Light & Magic for use in computer imaging applications. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 1CVE-2020-11765 – Debian Security Advisory 4755-1
https://notcve.org/view.php?id=CVE-2020-11765
14 Apr 2020 — An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta un error por un paso en el uso de la función de lectura del archivo ImfXdr.h por DwaCompressor::Classifier::Classifier, conllevando a una lectura fuera de límites. Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR i... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9773 – Apple Security Advisory 2020-11-13-3
https://notcve.org/view.php?id=CVE-2020-9773
25 Mar 2020 — The issue was addressed with improved handling of icon caches. This issue is fixed in iOS 14.0 and iPadOS 14.0. A malicious application may be able to identify what other applications a user has installed. Se abordó el problema con un manejo mejorado de las cachés de iconos. Este problema es corregido en iOS versión 14.0 y iPadOS versión 14.0. • http://seclists.org/fulldisclosure/2020/Nov/20 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3890 – Apple Security Advisory 2020-03-24-1
https://notcve.org/view.php?id=CVE-2020-3890
25 Mar 2020 — The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion. Se abordó el problema con una eliminación mejorada. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4. • https://support.apple.com/HT211102 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-3914 – Apple Security Advisory 2020-03-24-4
https://notcve.org/view.php?id=CVE-2020-3914
25 Mar 2020 — A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory. Se abordó un problema de inicialización de memoria con un manejo de la memoria mejorado. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, macOS Catalina versión 10.15.4, tvOS versión 13.4, watchOS versión 6.2. • https://support.apple.com/HT211100 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-3885 – webkitgtk: Incorrect processing of file URLs
https://notcve.org/view.php?id=CVE-2020-3885
25 Mar 2020 — A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. Se abordó un problema lógico con restricciones mejoradas. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, tvOS versión 13.4, Safari versión 13.1, iTunes para Windows versión 12.10.5, iCloud para Windows versión 10.9.3, iCloud para Windows v... • https://support.apple.com/HT211101 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 3.1EPSS: 0%CPEs: 6EXPL: 1CVE-2020-3894 – webkitgtk: Race condition allows reading of restricted memory
https://notcve.org/view.php?id=CVE-2020-3894
25 Mar 2020 — A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. Se abordó una condición de carrera con una comprobación adicional. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, tvOS versión 13.4, Safari versión 13.1, iTunes para Windows versión 12.10.5, iCloud para Windows versión 10.9... • https://packetstorm.news/files/id/157378 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 2.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3891 – Apple Security Advisory 2020-03-24-4
https://notcve.org/view.php?id=CVE-2020-3891
25 Mar 2020 — A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled. Se abordó un problema lógico con una gestión de estado mejorada. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, watchOS versión 6.2. • https://support.apple.com/HT211102 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3913 – Apple Security Advisory 2020-03-24-4
https://notcve.org/view.php?id=CVE-2020-3913
25 Mar 2020 — A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. A malicious application may be able to elevate privileges. Existía un problema de permisos. • https://support.apple.com/HT211100 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3888 – Apple Security Advisory 2020-03-24-1
https://notcve.org/view.php?id=CVE-2020-3888
25 Mar 2020 — A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4. A maliciously crafted page may interfere with other web contexts. Se abordó un problema lógico con restricciones mejoradas. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4. • https://support.apple.com/HT211102 •