VYPR

CVEs

101,963 total · page 1401 of 2,040

  • CVE-2020-27918HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.01

    A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may…

  • CVE-2020-27752HigDec 8, 2020
    risk 0.46cvss 7.1epss 0.01

    A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an…

  • CVE-2020-27932HigKEVDec 8, 2020
    risk 0.64cvss 7.8epss 0.10

    A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina…

  • CVE-2020-27930HigKEVDec 8, 2020
    risk 0.64cvss 7.8epss 0.22

    A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS…

  • CVE-2020-27927HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted font file may lead to arbitrary code execution.

  • CVE-2020-27926HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.01

    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2020-27917HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.02

    A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to code…

  • CVE-2020-27916HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.02

    An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.

  • CVE-2020-27912HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.02

    An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary…

  • CVE-2020-27911HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.03

    An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A remote attacker may be able to cause unexpected application…

  • CVE-2020-27910HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.02

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.

  • CVE-2020-27909HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.02

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.

  • CVE-2020-27906HigDec 8, 2020
    risk 0.57cvss 8.8epss 0.03

    Multiple integer overflows were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to cause unexpected application termination or heap corruption.

  • CVE-2020-27905HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to execute arbitrary code with system privileges.

  • CVE-2020-27904HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.03

    A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2020-27903HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.01

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to gain elevated privileges.

  • CVE-2020-10017HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.

  • CVE-2020-9999HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.08

    A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution.

  • CVE-2020-9996HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.01

    A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges.

  • CVE-2020-9981HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.01

    A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update…

  • CVE-2020-9972HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.01

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

  • CVE-2020-9966HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2020-9965HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2020-9954HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.01

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 7.0, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Playing a malicious audio file may lead to…

  • CVE-2020-9950HigDec 8, 2020
    risk 0.57cvss 8.8epss 0.01

    A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2020-9949HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.01

    A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, tvOS 14.0. An application may…

  • CVE-2020-9947HigDec 8, 2020
    risk 0.57cvss 8.8epss 0.02

    A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code…

  • CVE-2020-28946HigDec 8, 2020
    risk 0.49cvss 7.5epss 0.01

    An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker (with network access to the device) to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data…

  • CVE-2020-26233HigDec 8, 2020
    risk 0.00cvss 7.3epss 0.06

    Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the…

  • CVE-2020-10016HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.02

    A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2020-10013HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2020-10011HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted USD file may lead to unexpected…

  • CVE-2020-10010HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.00

    A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.

  • CVE-2020-10004HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

  • CVE-2020-10003HigDec 8, 2020
    risk 0.51cvss 7.8epss 0.00

    An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.

  • CVE-2020-26254HigDec 8, 2020
    risk 0.43cvss 7.7epss 0.01

    omniauth-apple is the OmniAuth strategy for "Sign In with Apple" (RubyGem omniauth-apple). In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth…

  • CVE-2020-29540HigDec 8, 2020
    risk 0.49cvss 7.5epss 0.01

    API calls in the Translation API feature in Systran Pure Neural Server before 9.7.0 allow a threat actor to use the Systran Pure Neural Server as a Denial-of-Service proxy by sending a large amount of translation requests to a destination host on any given TCP port regardless of…

  • CVE-2020-25692HigDec 8, 2020
    risk 0.49cvss 7.5epss 0.02

    A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.

  • CVE-2020-25630HigDec 8, 2020
    risk 0.49cvss 7.5epss 0.01

    A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and…

  • CVE-2020-25629HigDec 8, 2020
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5…

  • CVE-2020-29599HigDec 7, 2020
    risk 0.51cvss 7.8epss 0.08

    ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell…

  • CVE-2020-26122HigDec 7, 2020
    risk 0.47cvss 7.2epss 0.01

    Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller (BMC) program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker…

  • CVE-2020-27151HigDec 7, 2020
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. The runtime will execute binaries given using annotations without any kind of validation. Someone who is granted access rights to a cluster will be able to have kata-runtime execute arbitrary…

  • CVE-2020-9247HigDec 7, 2020
    risk 0.51cvss 7.8epss 0.01

    There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious…

  • CVE-2020-5798HigDec 7, 2020
    risk 0.51cvss 7.8epss 0.00

    inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions.

  • CVE-2020-29573HigDec 6, 2020
    risk 0.49cvss 7.5epss 0.03

    sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a…

  • CVE-2020-28950HigDec 4, 2020
    risk 0.51cvss 7.8epss 0.00

    The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.

  • CVE-2020-25465HigDec 4, 2020
    risk 0.49cvss 7.5epss 0.02

    Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV).

  • CVE-2020-25464HigDec 4, 2020
    risk 0.49cvss 7.5epss 0.01

    Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. This leads to a crash in the code sending the stack frame to the debugger.

  • CVE-2020-25463HigDec 4, 2020
    risk 0.49cvss 7.5epss 0.01

    Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV).