Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9851 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to modify protected parts of the file system.
|
|||||
| CVE-2020-9848 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5. A person with physical access to an iOS device may be able to view notification contents from the lockscreen.
|
|||||
| CVE-2020-9842 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions.
|
|||||
| CVE-2020-9835 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 13.5 and iPadOS 13.5. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.
|
|||||
| CVE-2020-9827 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.
|
|||||
| CVE-2020-9825 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A malicious application may be able to bypass Privacy preferences.
|
|||||
| CVE-2020-9824 | 1 Apple | 1 Mac Os X | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings.
|
|||||
| CVE-2020-9823 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5. Users removed from an iMessage conversation may still be able to alter state.
|
|||||
| CVE-2020-9820 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to modify the file system.
|
|||||
| CVE-2020-9812 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.
|
|||||
| CVE-2020-9811 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.
|
|||||
| CVE-2020-9810 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A person with physical access to a Mac may be able to bypass Login Window.
|
|||||
| CVE-2020-9809 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine kernel memory layout.
|
|||||
| CVE-2020-9804 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
|
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. Inserting a USB device that sends invalid messages may cause a kernel panic.
|
|||||
| CVE-2020-9801 | 1 Apple | 1 Safari | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
|
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may cause Safari to launch an application.
|
|||||
| CVE-2020-9797 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine another application's memory layout.
|
|||||
| CVE-2020-9786 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
This issue was addressed with improved checks This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. An application may be able to trigger a sysdiagnose.
|
|||||
| CVE-2020-9777 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. This issue is fixed in iOS 13.4 and iPadOS 13.4. Cropped videos may not be shared properly via Mail.
|
|||||
| CVE-2020-9776 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to access a user's call history.
|
|||||
| CVE-2020-9773 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
The issue was addressed with improved handling of icon caches. This issue is fixed in iOS 14.0 and iPadOS 14.0. A malicious application may be able to identify what other applications a user has installed.
|
|||||
| CVE-2020-9772 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A sandboxed process may be able to circumvent sandbox restrictions.
|
|||||
| CVE-2020-9771 | 1 Apple | 1 Mac Os X | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A user may gain access to protected parts of the file system.
|
|||||
| CVE-2020-9770 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic.
|
|||||
| CVE-2020-9769 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple issues were addressed by updating to version 8.1.1850. This issue is fixed in macOS Catalina 10.15.4. Multiple issues in Vim.
|
|||||
| CVE-2020-9761 | 1 Unctad | 1 Asycuda World | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The Java RMI Server has an Insecure Default Configuration, leading to Java Code Execution from a remote URL because an RMI Distributed Garbage Collector method is called.
|
|||||
| CVE-2020-9756 | 1 Patriotmemory | 2 Viper Rgb, Viper Rgb Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insufficient access control. The IOCTL Codes 0x80102050 and 0x80102054 allows a local user with low privileges to read/write 1/2/4 bytes from or to an IO port. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
|
|||||
| CVE-2020-9754 | 1 Navercorp | 1 Whale | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.
|
|||||
| CVE-2020-9714 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation .
|
|||||
| CVE-2020-9696 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.
|
|||||
| CVE-2020-9692 | 1 Magento | 1 Magento | 2024-11-21 | 8.5 HIGH | 6.5 MEDIUM |
|
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
|
|||||
| CVE-2020-9632 | 1 Magento | 1 Magento | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
|
|||||
| CVE-2020-9631 | 1 Magento | 1 Magento | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
|
|||||
| CVE-2020-9630 | 1 Magento | 1 Magento | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation.
|
|||||
| CVE-2020-9614 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.
|
|||||
| CVE-2020-9613 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.
|
|||||
| CVE-2020-9596 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.
|
|||||
| CVE-2020-9592 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.
|
|||||
| CVE-2020-9591 | 1 Magento | 1 Magento | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel.
|
|||||
| CVE-2020-9587 | 1 Magento | 1 Magento | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.
|
|||||
| CVE-2020-9585 | 1 Magento | 1 Magento | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.
|
|||||