Page 178 of 893 results (0.019 seconds)

CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-9992

https://notcve.org/view.php?id=CVE-2020-9992

This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network. Este problema es corregido cifrando las comunicaciones a través de la red para los dispositivos que ejecutan iOS versión 14, iPadOS versión 14, tvOS versión 14 y watchOS versión 7. Este problema es corregido en iOS versión 14.0 e iPadOS versión 14.0, Xcode versión 12.0. • http://seclists.org/fulldisclosure/2020/Nov/20 https://support.apple.com/HT211848 https://support.apple.com/HT211850 •

CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0

CVE-2020-9876 – Apple macOS ImageIO TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2020-9876

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en iOS versión 13.6 y iPadOS versión 13.6, macOS Catalina versión 10.15.6, tvOS versión 13.4.8, watchOS versión 6.2.8, iTunes versión 12.10.8 para Windows, iCloud para Windows versión 11.3, iCloud para Windows versión 7.20. • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2020/Nov/19 http://seclists.org/fulldisclosure/2020/Nov/20 http://seclists.org/fulldisclosure/2020/Nov/22 https://support.apple.com/kb/HT211288 https://support.apple.com/kb/HT211289 https://support.apple.com/kb/HT211290 https://support.apple.com/kb/HT211291 https://support.apple.com/kb/HT211293 https://support.apple.com/kb/HT211294 https://support.apple.com/kb/HT211295 https://supp • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 1

CVE-2020-15358 – sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c

https://notcve.org/view.php?id=CVE-2020-15358

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. En SQLite versiones anteriores a 3.32.3, el archivo select.c maneja inapropiadamente la optimización query-flattener, conllevando a un desbordamiento de la pila de multiSelectOrderBy debido al uso inapropiado de las propiedades transitivas para la propagación constante A heap buffer overflow was found in SQLite in the query flattening optimization technique. This flaw allows an attacker to execute SQL statements to crash the application, resulting in a denial of service. • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2020/Nov/19 http://seclists.org/fulldisclosure/2020/Nov/20 http://seclists.org/fulldisclosure/2020/Nov/22 http://seclists.org/fulldisclosure/2021/Feb/14 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://security.gentoo.org/glsa/202007-26 https://security.netapp.com/advisory/ntap-20200709-0001 https://support.apple.com/kb/HT211843 https://support.apple.com/kb/HT211844 https • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.0EPSS: 0%CPEs: 25EXPL: 0

CVE-2020-13630 – sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c

https://notcve.org/view.php?id=CVE-2020-13630

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. El archivo ext/fts3/fts3.c en SQLite versiones anteriores a la versión 3.32.0, tiene un uso de la memoria previamente liberada en la función fts3EvalNextRow, relacionado con la funcionalidad snippet. A use-after-free vulnerability was found in the SQLite FTS3 extension module in the way it implemented the snippet function. This flaw allows an attacker who can execute SQL statements to crash the application or potentially execute arbitrary code. • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2020/Nov/19 http://seclists.org/fulldisclosure/2020/Nov/20 http://seclists.org/fulldisclosure/2020/Nov/22 https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXY • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0

CVE-2020-13631 – sqlite: Virtual table can be renamed into the name of one of its shadow tables

https://notcve.org/view.php?id=CVE-2020-13631

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. SQLite versiones anteriores a la versión 3.32.0, permite que una tabla virtual sea renombrada con el nombre de una de sus tablas shadow, relacionada con los archivos alter.c y build.c. A flaw was found in the virtual table implementation of SQLite. This flaw allows an attacker who can execute SQL statements to rename a virtual table to the name of one of its shadow tables, leading to potential data corruption. • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2020/Nov/19 http://seclists.org/fulldisclosure/2020/Nov/20 http://seclists.org/fulldisclosure/2020/Nov/22 https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E https://lists.fedoraproject.org/archives/list/package-announce%40lists&# • CWE-20: Improper Input Validation •