Page 13 of 448 results (0.018 seconds)

CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 1

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. En SQLite versiones anteriores a 3.32.3, el archivo select.c maneja inapropiadamente la optimización query-flattener, conllevando a un desbordamiento de la pila de multiSelectOrderBy debido al uso inapropiado de las propiedades transitivas para la propagación constante A heap buffer overflow was found in SQLite in the query flattening optimization technique. This flaw allows an attacker to execute SQL statements to crash the application, resulting in a denial of service. • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2020/Nov/19 http://seclists.org/fulldisclosure/2020/Nov/20 http://seclists.org/fulldisclosure/2020/Nov/22 http://seclists.org/fulldisclosure/2021/Feb/14 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://security.gentoo.org/glsa/202007-26 https://security.netapp.com/advisory/ntap-20200709-0001 https://support.apple.com/kb/HT211843 https://support.apple.com/kb/HT211844 https • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. Se abordó un problema de comprobación de entrada con una comprobación de entrada mejorada. Este problema es corregido en iOS versión 13.5 y iPadOS versión 13.5, tvOS versión 13.4.5, watchOS versión 6.2.5, Safari versión 13.1.1, iTunes versión 12.10.7 para Windows, iCloud para Windows versión 11.2, iCloud para Windows versión 7.19. • https://support.apple.com/HT211168 https://support.apple.com/HT211171 https://support.apple.com/HT211175 https://support.apple.com/HT211177 https://support.apple.com/HT211178 https://support.apple.com/HT211179 https://support.apple.com/HT211181 https://access.redhat.com/security/cve/CVE-2020-9843 https://bugzilla.redhat.com/show_bug.cgi?id=1879566 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 59%CPEs: 8EXPL: 1

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema lógico con restricciones mejoradas. Este problema es corregido en iOS versión 13.5 y iPadOS versión 13.5, tvOS versión 13.4.5, watchOS versión 6.2.5, Safari versión 13.1.1, iTunes versión 12.10.7 para Windows, iCloud para Windows versión 11.2, iCloud para Windows versión 7.19. • https://github.com/khcujw/CVE-2020-9802 https://support.apple.com/HT211168 https://support.apple.com/HT211171 https://support.apple.com/HT211175 https://support.apple.com/HT211177 https://support.apple.com/HT211178 https://support.apple.com/HT211179 https://support.apple.com/HT211181 https://access.redhat.com/security/cve/CVE-2020-9802 https://bugzilla.redhat.com/show_bug.cgi?id=1879545 • CWE-841: Improper Enforcement of Behavioral Workflow •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de corrupción de la memoria con una administración de estado mejorada. Este problema es corregido en iOS versión 13.5 y iPadOS versión 13.5, tvOS versión 13.4.5, watchOS versión 6.2.5, Safari versión 13.1.1, iTunes versión 12.10.7 para Windows, iCloud para Windows versión 11.2, iCloud para Windows versión 7.19. • https://support.apple.com/HT211168 https://support.apple.com/HT211171 https://support.apple.com/HT211175 https://support.apple.com/HT211177 https://support.apple.com/HT211178 https://support.apple.com/HT211179 https://support.apple.com/HT211181 https://access.redhat.com/security/cve/CVE-2020-9806 https://bugzilla.redhat.com/show_bug.cgi?id=1879563 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. Se abordó un problema lógico con restricciones mejoradas. Este problema es corregido en iOS versión 13.5 y iPadOS versión 13.5, tvOS versión 13.4.5, watchOS versión 6.2.5, Safari versión 13.1.1, iTunes versión 12.10.7 para Windows, iCloud para Windows versión 11.2, iCloud para Windows versión 7.19. • https://support.apple.com/HT211168 https://support.apple.com/HT211171 https://support.apple.com/HT211175 https://support.apple.com/HT211177 https://support.apple.com/HT211178 https://support.apple.com/HT211179 https://support.apple.com/HT211181 https://access.redhat.com/security/cve/CVE-2020-9805 https://bugzilla.redhat.com/show_bug.cgi?id=1879559 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •