Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-452
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | iOS versions antérieures à 13.6 | ||
| Apple | macOS | macOS Catalina versions antérieures à 10.15.6 | ||
| Apple | macOS | macOS High Sierra sans le correctif de sécurité 2020-004 | ||
| Apple | N/A | iPadOS versions antérieures à 13.6 | ||
| Apple | macOS | macOS Mojave sans le correctif de sécurité 2020-004 | ||
| Apple | N/A | tvOS versions antérieures à 13.4.8 | ||
| Apple | Safari | Safari versions antérieures à 13.1.2 | ||
| Apple | N/A | watchOS versions antérieures à 6.2.8 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions ant\u00e9rieures \u00e0 13.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.6",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS High Sierra sans le correctif de s\u00e9curit\u00e9 2020-004",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 13.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Mojave sans le correctif de s\u00e9curit\u00e9 2020-004",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 13.4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 13.1.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 6.2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-9885",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9885"
},
{
"name": "CVE-2020-9878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9878"
},
{
"name": "CVE-2019-19906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19906"
},
{
"name": "CVE-2020-9933",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9933"
},
{
"name": "CVE-2020-9870",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9870"
},
{
"name": "CVE-2020-9890",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9890"
},
{
"name": "CVE-2020-9934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9934"
},
{
"name": "CVE-2020-9910",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9910"
},
{
"name": "CVE-2019-20807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20807"
},
{
"name": "CVE-2020-9936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9936"
},
{
"name": "CVE-2020-9911",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9911"
},
{
"name": "CVE-2020-9865",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9865"
},
{
"name": "CVE-2020-9799",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9799"
},
{
"name": "CVE-2020-9894",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9894"
},
{
"name": "CVE-2020-9895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9895"
},
{
"name": "CVE-2020-9914",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9914"
},
{
"name": "CVE-2020-9931",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9931"
},
{
"name": "CVE-2020-9866",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9866"
},
{
"name": "CVE-2020-9916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9916"
},
{
"name": "CVE-2020-9923",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9923"
},
{
"name": "CVE-2019-14899",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14899"
},
{
"name": "CVE-2020-9912",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9912"
},
{
"name": "CVE-2020-9893",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9893"
},
{
"name": "CVE-2020-9922",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9922"
},
{
"name": "CVE-2020-9862",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9862"
},
{
"name": "CVE-2020-9864",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9864"
},
{
"name": "CVE-2020-9925",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9925"
},
{
"name": "CVE-2020-9913",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9913"
},
{
"name": "CVE-2020-9888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9888"
},
{
"name": "CVE-2020-9907",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9907"
},
{
"name": "CVE-2020-9917",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9917"
},
{
"name": "CVE-2020-9889",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9889"
},
{
"name": "CVE-2020-9909",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9909"
},
{
"name": "CVE-2020-9891",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9891"
},
{
"name": "CVE-2020-9903",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9903"
},
{
"name": "CVE-2020-9918",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9918"
},
{
"name": "CVE-2020-9884",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9884"
},
{
"name": "CVE-2020-9915",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9915"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-452",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-20T00:00:00.000000"
},
{
"description": "Ajout de l\u0027identifiant CVE-2020-9922.",
"revision_date": "2021-04-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT211289 du 15 juillet 2020",
"url": "https://support.apple.com/en-us/HT211289"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT211288 du 15 juillet 2020",
"url": "https://support.apple.com/en-us/HT211288"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT211292 du 15 juillet 2020",
"url": "https://support.apple.com/en-us/HT211292"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT211291 du 15 juillet 2020",
"url": "https://support.apple.com/en-us/HT211291"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT211290 du 15 juillet 2020",
"url": "https://support.apple.com/en-us/HT211290"
}
]
}
CVE-2020-9934 (GCVE-0-2020-9934)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:51 – Updated: 2025-10-21 23:35
VLAI?
EPSS
Summary
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.
Severity ?
5.5 (Medium)
CWE
- A local user may be able to view sensitive user information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:56.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-9934",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:38:08.647380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-09-08",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9934"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:35.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9934"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-09-08T00:00:00+00:00",
"value": "CVE-2020-9934 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Catalina 10.15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A local user may be able to view sensitive user information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:51:05.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Catalina 10.15.6"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A local user may be able to view sensitive user information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211289",
"refsource": "MISC",
"url": "https://support.apple.com/HT211289"
},
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9934",
"datePublished": "2020-10-16T16:51:05.000Z",
"dateReserved": "2020-03-02T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:35.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9931 (GCVE-0-2020-9931)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:50 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination.
Severity ?
No CVSS data available.
CWE
- A remote attacker may cause an unexpected application termination
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A remote attacker may cause an unexpected application termination",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:50:16",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A remote attacker may cause an unexpected application termination"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9931",
"datePublished": "2020-10-16T16:50:16",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9910 (GCVE-0-2020-9910)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:44 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
Severity ?
No CVSS data available.
CWE
- A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Apple | iOS |
Affected:
unspecified , < iOS 13.6 and iPadOS 13.6
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211292"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 13.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iTunes for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iTunes 12.10.8 for Windows",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 11.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows (Legacy)",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 7.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:44:17",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211292"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211295"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 13.1.2"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iTunes 12.10.8 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 11.3"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 7.20"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
},
{
"name": "https://support.apple.com/HT211292",
"refsource": "MISC",
"url": "https://support.apple.com/HT211292"
},
{
"name": "https://support.apple.com/HT211293",
"refsource": "MISC",
"url": "https://support.apple.com/HT211293"
},
{
"name": "https://support.apple.com/HT211294",
"refsource": "MISC",
"url": "https://support.apple.com/HT211294"
},
{
"name": "https://support.apple.com/HT211295",
"refsource": "MISC",
"url": "https://support.apple.com/HT211295"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9910",
"datePublished": "2020-10-16T16:44:17",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19906 (GCVE-0-2019-19906)
Vulnerability from cvelistv5 – Published: 2019-12-19 17:39 – Updated: 2024-08-05 02:32
VLAI?
EPSS
Summary
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:09.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cyrusimap/cyrus-sasl/issues/587"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openldap.org/its/index.cgi/Incoming?id=9123"
},
{
"name": "[debian-lts-announce] 20191220 [SECURITY] [DLA 2044-1] cyrus-sasl2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html"
},
{
"name": "DSA-4591",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4591"
},
{
"name": "20191225 [SECURITY] [DSA 4591-1] cyrus-sasl2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/42"
},
{
"name": "USN-4256-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4256-1/"
},
{
"name": "FEDORA-2020-51d591d035",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MW6GZCLECGL2PBNHVNPJIX4RPVRVFR7R/"
},
{
"name": "FEDORA-2020-bf829f9a84",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OB4GSVOJ6ESHQNT5GSV63OX5D4KPSTGT/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211289"
},
{
"name": "20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/24"
},
{
"name": "20200717 APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/23"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[oss-security] 20220223 Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 \u0026 CVE-2019-19906]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/23/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-23T21:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cyrusimap/cyrus-sasl/issues/587"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openldap.org/its/index.cgi/Incoming?id=9123"
},
{
"name": "[debian-lts-announce] 20191220 [SECURITY] [DLA 2044-1] cyrus-sasl2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html"
},
{
"name": "DSA-4591",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4591"
},
{
"name": "20191225 [SECURITY] [DSA 4591-1] cyrus-sasl2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/42"
},
{
"name": "USN-4256-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4256-1/"
},
{
"name": "FEDORA-2020-51d591d035",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MW6GZCLECGL2PBNHVNPJIX4RPVRVFR7R/"
},
{
"name": "FEDORA-2020-bf829f9a84",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OB4GSVOJ6ESHQNT5GSV63OX5D4KPSTGT/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211289"
},
{
"name": "20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/24"
},
{
"name": "20200717 APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/23"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[oss-security] 20220223 Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 \u0026 CVE-2019-19906]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/23/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cyrusimap/cyrus-sasl/issues/587",
"refsource": "MISC",
"url": "https://github.com/cyrusimap/cyrus-sasl/issues/587"
},
{
"name": "https://www.openldap.org/its/index.cgi/Incoming?id=9123",
"refsource": "MISC",
"url": "https://www.openldap.org/its/index.cgi/Incoming?id=9123"
},
{
"name": "[debian-lts-announce] 20191220 [SECURITY] [DLA 2044-1] cyrus-sasl2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html"
},
{
"name": "DSA-4591",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4591"
},
{
"name": "20191225 [SECURITY] [DSA 4591-1] cyrus-sasl2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/42"
},
{
"name": "USN-4256-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4256-1/"
},
{
"name": "FEDORA-2020-51d591d035",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MW6GZCLECGL2PBNHVNPJIX4RPVRVFR7R/"
},
{
"name": "FEDORA-2020-bf829f9a84",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OB4GSVOJ6ESHQNT5GSV63OX5D4KPSTGT/"
},
{
"name": "https://support.apple.com/kb/HT211288",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211288"
},
{
"name": "https://support.apple.com/kb/HT211289",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211289"
},
{
"name": "20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Jul/24"
},
{
"name": "20200717 APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Jul/23"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[oss-security] 20220223 Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 \u0026 CVE-2019-19906]",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/02/23/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19906",
"datePublished": "2019-12-19T17:39:13",
"dateReserved": "2019-12-19T00:00:00",
"dateUpdated": "2024-08-05T02:32:09.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9895 (GCVE-0-2020-9895)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:40 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Apple | iOS |
Affected:
unspecified , < iOS 13.6 and iPadOS 13.6
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211292"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 13.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iTunes for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iTunes 12.10.8 for Windows",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 11.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows (Legacy)",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 7.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:40:54",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211292"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211295"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 13.1.2"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iTunes 12.10.8 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 11.3"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 7.20"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
},
{
"name": "https://support.apple.com/HT211292",
"refsource": "MISC",
"url": "https://support.apple.com/HT211292"
},
{
"name": "https://support.apple.com/HT211293",
"refsource": "MISC",
"url": "https://support.apple.com/HT211293"
},
{
"name": "https://support.apple.com/HT211294",
"refsource": "MISC",
"url": "https://support.apple.com/HT211294"
},
{
"name": "https://support.apple.com/HT211295",
"refsource": "MISC",
"url": "https://support.apple.com/HT211295"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9895",
"datePublished": "2020-10-16T16:40:54",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9918 (GCVE-0-2020-9918)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:48 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
Severity ?
No CVSS data available.
CWE
- A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Catalina 10.15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A remote attacker may be able to cause unexpected system termination or corrupt kernel memory",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-21T15:21:33",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Catalina 10.15.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A remote attacker may be able to cause unexpected system termination or corrupt kernel memory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211289",
"refsource": "MISC",
"url": "https://support.apple.com/HT211289"
},
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9918",
"datePublished": "2020-10-16T16:48:43",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9866 (GCVE-0-2020-9866)
Vulnerability from cvelistv5 – Published: 2020-10-27 20:42 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A buffer overflow may result in arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- A buffer overflow may result in arbitrary code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT211289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A buffer overflow may result in arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A buffer overflow may result in arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-27T20:42:18",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT211289"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.15"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A buffer overflow may result in arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A buffer overflow may result in arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT211289",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT211289"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9866",
"datePublished": "2020-10-27T20:42:18",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9799 (GCVE-0-2020-9799)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:13 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.
Severity ?
No CVSS data available.
CWE
- A malicious application may be able to execute arbitrary code with kernel privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Catalina 10.15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious application may be able to execute arbitrary code with kernel privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:13:56",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211289"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Catalina 10.15.6"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to execute arbitrary code with kernel privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211289",
"refsource": "MISC",
"url": "https://support.apple.com/HT211289"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9799",
"datePublished": "2020-10-16T16:13:56",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9936 (GCVE-0-2020-9936)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:51 – Updated: 2024-08-04 10:50
VLAI?
EPSS
Summary
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- Processing a maliciously crafted image may lead to arbitrary code execution
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Apple | iOS |
Affected:
unspecified , < iOS 13.6 and iPadOS 13.6
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:56.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Catalina 10.15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iTunes for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iTunes 12.10.8 for Windows",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 11.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows (Legacy)",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 7.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted image may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:51:26",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211295"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Catalina 10.15.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iTunes 12.10.8 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 11.3"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 7.20"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted image may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211289",
"refsource": "MISC",
"url": "https://support.apple.com/HT211289"
},
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
},
{
"name": "https://support.apple.com/HT211293",
"refsource": "MISC",
"url": "https://support.apple.com/HT211293"
},
{
"name": "https://support.apple.com/HT211294",
"refsource": "MISC",
"url": "https://support.apple.com/HT211294"
},
{
"name": "https://support.apple.com/HT211295",
"refsource": "MISC",
"url": "https://support.apple.com/HT211295"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9936",
"datePublished": "2020-10-16T16:51:26",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:50:56.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9893 (GCVE-0-2020-9893)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:39 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Apple | iOS |
Affected:
unspecified , < iOS 13.6 and iPadOS 13.6
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211292"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 13.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iTunes for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iTunes 12.10.8 for Windows",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 11.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows (Legacy)",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 7.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:39:56",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211292"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211295"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 13.1.2"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iTunes 12.10.8 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 11.3"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 7.20"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
},
{
"name": "https://support.apple.com/HT211292",
"refsource": "MISC",
"url": "https://support.apple.com/HT211292"
},
{
"name": "https://support.apple.com/HT211293",
"refsource": "MISC",
"url": "https://support.apple.com/HT211293"
},
{
"name": "https://support.apple.com/HT211294",
"refsource": "MISC",
"url": "https://support.apple.com/HT211294"
},
{
"name": "https://support.apple.com/HT211295",
"refsource": "MISC",
"url": "https://support.apple.com/HT211295"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9893",
"datePublished": "2020-10-16T16:39:56",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9911 (GCVE-0-2020-9911)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:44 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy.
Severity ?
No CVSS data available.
CWE
- An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211292"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 13.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:44:40",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211292"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 13.1.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211292",
"refsource": "MISC",
"url": "https://support.apple.com/HT211292"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9911",
"datePublished": "2020-10-16T16:44:40",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9865 (GCVE-0-2020-9865)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:33 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox.
Severity ?
No CVSS data available.
CWE
- A malicious application may be able to break out of its sandbox
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Catalina 10.15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious application may be able to break out of its sandbox",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:33:35",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Catalina 10.15.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to break out of its sandbox"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211289",
"refsource": "MISC",
"url": "https://support.apple.com/HT211289"
},
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9865",
"datePublished": "2020-10-16T16:33:35",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9890 (GCVE-0-2020-9890)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:39 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- Processing a maliciously crafted audio file may lead to arbitrary code execution
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Catalina 10.15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted audio file may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:39:02",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Catalina 10.15.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted audio file may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211289",
"refsource": "MISC",
"url": "https://support.apple.com/HT211289"
},
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9890",
"datePublished": "2020-10-16T16:39:02",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9885 (GCVE-0-2020-9885)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:36 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group.
Severity ?
No CVSS data available.
CWE
- A user that is removed from an iMessage group could rejoin the group
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Catalina 10.15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A user that is removed from an iMessage group could rejoin the group",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:36:40",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Catalina 10.15.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A user that is removed from an iMessage group could rejoin the group"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211289",
"refsource": "MISC",
"url": "https://support.apple.com/HT211289"
},
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9885",
"datePublished": "2020-10-16T16:36:40",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9923 (GCVE-0-2020-9923)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:49 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges.
Severity ?
No CVSS data available.
CWE
- A malicious application may be able to execute arbitrary code with system privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious application may be able to execute arbitrary code with system privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:49:23",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to execute arbitrary code with system privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9923",
"datePublished": "2020-10-16T16:49:23",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9933 (GCVE-0-2020-9933)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:50 – Updated: 2024-08-04 10:50
VLAI?
EPSS
Summary
An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information.
Severity ?
No CVSS data available.
CWE
- A malicious application may be able to read sensitive location information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:56.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious application may be able to read sensitive location information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:50:46",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to read sensitive location information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9933",
"datePublished": "2020-10-16T16:50:46",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:50:56.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9903 (GCVE-0-2020-9903)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:42 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain.
Severity ?
No CVSS data available.
CWE
- A malicious attacker may cause Safari to suggest a password for the wrong domain
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211292"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 13.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious attacker may cause Safari to suggest a password for the wrong domain",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:42:59",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211292"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 13.1.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious attacker may cause Safari to suggest a password for the wrong domain"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211292",
"refsource": "MISC",
"url": "https://support.apple.com/HT211292"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9903",
"datePublished": "2020-10-16T16:42:59",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9917 (GCVE-0-2020-9917)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:48 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service.
Severity ?
No CVSS data available.
CWE
- A remote attacker may be able to cause a denial of service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A remote attacker may be able to cause a denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:48:15",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A remote attacker may be able to cause a denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9917",
"datePublished": "2020-10-16T16:48:15",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9925 (GCVE-0-2020-9925)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:49 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting.
Severity ?
No CVSS data available.
CWE
- Processing maliciously crafted web content may lead to universal cross site scripting
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Apple | iOS |
Affected:
unspecified , < iOS 13.6 and iPadOS 13.6
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211292"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 13.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iTunes for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iTunes 12.10.8 for Windows",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 11.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows (Legacy)",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 7.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to universal cross site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:49:46",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211292"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211295"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 13.1.2"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iTunes 12.10.8 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 11.3"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 7.20"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to universal cross site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
},
{
"name": "https://support.apple.com/HT211292",
"refsource": "MISC",
"url": "https://support.apple.com/HT211292"
},
{
"name": "https://support.apple.com/HT211293",
"refsource": "MISC",
"url": "https://support.apple.com/HT211293"
},
{
"name": "https://support.apple.com/HT211294",
"refsource": "MISC",
"url": "https://support.apple.com/HT211294"
},
{
"name": "https://support.apple.com/HT211295",
"refsource": "MISC",
"url": "https://support.apple.com/HT211295"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9925",
"datePublished": "2020-10-16T16:49:46",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9909 (GCVE-0-2020-9909)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:43 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
Severity ?
No CVSS data available.
CWE
- An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:43:52",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9909",
"datePublished": "2020-10-16T16:43:52",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9915 (GCVE-0-2020-9915)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:47 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Severity ?
No CVSS data available.
CWE
- Processing maliciously crafted web content may prevent Content Security Policy from being enforced
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Apple | iOS |
Affected:
unspecified , < iOS 13.6 and iPadOS 13.6
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211292"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 13.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iTunes for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iTunes 12.10.8 for Windows",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 11.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows (Legacy)",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 7.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:47:00",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211292"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211295"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 13.1.2"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iTunes 12.10.8 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 11.3"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 7.20"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
},
{
"name": "https://support.apple.com/HT211292",
"refsource": "MISC",
"url": "https://support.apple.com/HT211292"
},
{
"name": "https://support.apple.com/HT211293",
"refsource": "MISC",
"url": "https://support.apple.com/HT211293"
},
{
"name": "https://support.apple.com/HT211294",
"refsource": "MISC",
"url": "https://support.apple.com/HT211294"
},
{
"name": "https://support.apple.com/HT211295",
"refsource": "MISC",
"url": "https://support.apple.com/HT211295"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9915",
"datePublished": "2020-10-16T16:47:00",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9914 (GCVE-0-2020-9914)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:46 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets.
Severity ?
No CVSS data available.
CWE
- An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:46:27",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9914",
"datePublished": "2020-10-16T16:46:27",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9889 (GCVE-0-2020-9889)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:38 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- Processing a maliciously crafted audio file may lead to arbitrary code execution
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1391/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Catalina 10.15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted audio file may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-03T15:06:10",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1391/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Catalina 10.15.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted audio file may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211289",
"refsource": "MISC",
"url": "https://support.apple.com/HT211289"
},
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1391/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1391/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9889",
"datePublished": "2020-10-16T16:38:22",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9870 (GCVE-0-2020-9870)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:33 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code.
Severity ?
No CVSS data available.
CWE
- An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Catalina 10.15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:33:44",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Catalina 10.15.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211289",
"refsource": "MISC",
"url": "https://support.apple.com/HT211289"
},
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9870",
"datePublished": "2020-10-16T16:33:44",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9862 (GCVE-0-2020-9862)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:32 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection.
Severity ?
No CVSS data available.
CWE
- Copying a URL from Web Inspector may lead to command injection
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Apple | iOS |
Affected:
unspecified , < iOS 13.6 and iPadOS 13.6
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211292"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 13.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iTunes for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iTunes 12.10.8 for Windows",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 11.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows (Legacy)",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 7.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Copying a URL from Web Inspector may lead to command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:32:39",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211292"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211295"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 13.1.2"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iTunes 12.10.8 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 11.3"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 7.20"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Copying a URL from Web Inspector may lead to command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
},
{
"name": "https://support.apple.com/HT211292",
"refsource": "MISC",
"url": "https://support.apple.com/HT211292"
},
{
"name": "https://support.apple.com/HT211293",
"refsource": "MISC",
"url": "https://support.apple.com/HT211293"
},
{
"name": "https://support.apple.com/HT211294",
"refsource": "MISC",
"url": "https://support.apple.com/HT211294"
},
{
"name": "https://support.apple.com/HT211295",
"refsource": "MISC",
"url": "https://support.apple.com/HT211295"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9862",
"datePublished": "2020-10-16T16:32:39",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9884 (GCVE-0-2020-9884)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:34 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- Processing a maliciously crafted audio file may lead to arbitrary code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Catalina 10.15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted audio file may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:34:49",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211289"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Catalina 10.15.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted audio file may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211289",
"refsource": "MISC",
"url": "https://support.apple.com/HT211289"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9884",
"datePublished": "2020-10-16T16:34:49",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9864 (GCVE-0-2020-9864)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:33 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.
Severity ?
No CVSS data available.
CWE
- An application may be able to execute arbitrary code with kernel privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Catalina 10.15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An application may be able to execute arbitrary code with kernel privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:33:21",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211289"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Catalina 10.15.6"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to execute arbitrary code with kernel privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211289",
"refsource": "MISC",
"url": "https://support.apple.com/HT211289"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9864",
"datePublished": "2020-10-16T16:33:21",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9907 (GCVE-0-2020-9907)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:43 – Updated: 2025-10-21 23:35
VLAI?
EPSS
Summary
A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges.
Severity ?
7.8 (High)
CWE
- An application may be able to execute arbitrary code with kernel privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-9907",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:38:34.668626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-06-27",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9907"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:35.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9907"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-06-27T00:00:00+00:00",
"value": "CVE-2020-9907 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An application may be able to execute arbitrary code with kernel privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:43:32.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to execute arbitrary code with kernel privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9907",
"datePublished": "2020-10-16T16:43:32.000Z",
"dateReserved": "2020-03-02T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:35.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9878 (GCVE-0-2020-9878)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:33 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Catalina 10.15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:33:57",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Catalina 10.15.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211289",
"refsource": "MISC",
"url": "https://support.apple.com/HT211289"
},
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9878",
"datePublished": "2020-10-16T16:33:57",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14899 (GCVE-0-2019-14899)
Vulnerability from cvelistv5 – Published: 2019-12-11 14:45 – Updated: 2024-08-05 00:26
VLAI?
EPSS
Summary
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.
Severity ?
7.4 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211289"
},
{
"name": "20200717 APPLE-SA-2020-07-15-3 tvOS 13.4.8",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/25"
},
{
"name": "20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/24"
},
{
"name": "20200717 APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/23"
},
{
"name": "[oss-security] 20200813 Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/08/13/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211850"
},
{
"name": "[oss-security] 20201007 Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/10/07/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211931"
},
{
"name": "20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/20"
},
{
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"name": "[oss-security] 20210704 Re: Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/05/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VPN",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "CWE-300",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-05T14:06:11",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211289"
},
{
"name": "20200717 APPLE-SA-2020-07-15-3 tvOS 13.4.8",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/25"
},
{
"name": "20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/24"
},
{
"name": "20200717 APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/23"
},
{
"name": "[oss-security] 20200813 Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/08/13/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211850"
},
{
"name": "[oss-security] 20201007 Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/10/07/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211931"
},
{
"name": "20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/20"
},
{
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"name": "[oss-security] 20210704 Re: Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/05/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14899",
"datePublished": "2019-12-11T14:45:12",
"dateReserved": "2019-08-10T00:00:00",
"dateUpdated": "2024-08-05T00:26:39.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9888 (GCVE-0-2020-9888)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:37 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- Processing a maliciously crafted audio file may lead to arbitrary code execution
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Catalina 10.15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted audio file may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:37:09",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Catalina 10.15.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted audio file may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211289",
"refsource": "MISC",
"url": "https://support.apple.com/HT211289"
},
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9888",
"datePublished": "2020-10-16T16:37:09",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20807 (GCVE-0-2019-20807)
Vulnerability from cvelistv5 – Published: 2020-05-28 13:05 – Updated: 2024-08-05 02:53
VLAI?
EPSS
Summary
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:53:09.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/releases/tag/v8.1.0881"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075"
},
{
"name": "openSUSE-SU-2020:0794",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211289"
},
{
"name": "20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/24"
},
{
"name": "USN-4582-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4582-1/"
},
{
"name": "[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.starwindsoftware.com/security/sw-20220812-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-15T11:39:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/releases/tag/v8.1.0881"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075"
},
{
"name": "openSUSE-SU-2020:0794",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211289"
},
{
"name": "20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/24"
},
{
"name": "USN-4582-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4582-1/"
},
{
"name": "[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.starwindsoftware.com/security/sw-20220812-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/vim/vim/releases/tag/v8.1.0881",
"refsource": "MISC",
"url": "https://github.com/vim/vim/releases/tag/v8.1.0881"
},
{
"name": "https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075"
},
{
"name": "openSUSE-SU-2020:0794",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html"
},
{
"name": "https://support.apple.com/kb/HT211289",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211289"
},
{
"name": "20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Jul/24"
},
{
"name": "USN-4582-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4582-1/"
},
{
"name": "[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html"
},
{
"name": "https://www.starwindsoftware.com/security/sw-20220812-0003/",
"refsource": "MISC",
"url": "https://www.starwindsoftware.com/security/sw-20220812-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20807",
"datePublished": "2020-05-28T13:05:50",
"dateReserved": "2020-05-28T00:00:00",
"dateUpdated": "2024-08-05T02:53:09.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9891 (GCVE-0-2020-9891)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:39 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- Processing a maliciously crafted audio file may lead to arbitrary code execution
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Catalina 10.15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted audio file may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:39:35",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211289"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Catalina 10.15.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted audio file may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211289",
"refsource": "MISC",
"url": "https://support.apple.com/HT211289"
},
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9891",
"datePublished": "2020-10-16T16:39:35",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9912 (GCVE-0-2020-9912)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:45 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode.
Severity ?
No CVSS data available.
CWE
- A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211292"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 13.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:45:18",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211292"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 13.1.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211292",
"refsource": "MISC",
"url": "https://support.apple.com/HT211292"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9912",
"datePublished": "2020-10-16T16:45:18",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9916 (GCVE-0-2020-9916)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:47 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL.
Severity ?
No CVSS data available.
CWE
- A malicious attacker may be able to conceal the destination of a URL
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Apple | iOS |
Affected:
unspecified , < iOS 13.6 and iPadOS 13.6
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211292"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 13.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iTunes for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iTunes 12.10.8 for Windows",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 11.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows (Legacy)",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 7.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious attacker may be able to conceal the destination of a URL",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:47:48",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211292"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211295"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 13.1.2"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iTunes 12.10.8 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 11.3"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 7.20"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious attacker may be able to conceal the destination of a URL"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
},
{
"name": "https://support.apple.com/HT211292",
"refsource": "MISC",
"url": "https://support.apple.com/HT211292"
},
{
"name": "https://support.apple.com/HT211293",
"refsource": "MISC",
"url": "https://support.apple.com/HT211293"
},
{
"name": "https://support.apple.com/HT211294",
"refsource": "MISC",
"url": "https://support.apple.com/HT211294"
},
{
"name": "https://support.apple.com/HT211295",
"refsource": "MISC",
"url": "https://support.apple.com/HT211295"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9916",
"datePublished": "2020-10-16T16:47:48",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9922 (GCVE-0-2020-9922)
Vulnerability from cvelistv5 – Published: 2020-12-08 19:19 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files.
Severity ?
No CVSS data available.
CWE
- Processing a maliciously crafted email may lead to writing arbitrary files
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT211289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted email may lead to writing arbitrary files",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-08T19:19:04",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT211289"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.15"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted email may lead to writing arbitrary files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT211289",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT211289"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9922",
"datePublished": "2020-12-08T19:19:04",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9913 (GCVE-0-2020-9913)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:45 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information.
Severity ?
No CVSS data available.
CWE
- A local user may be able to leak sensitive user information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Catalina 10.15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A local user may be able to leak sensitive user information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:45:57",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211289"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Catalina 10.15.6"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A local user may be able to leak sensitive user information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211289",
"refsource": "MISC",
"url": "https://support.apple.com/HT211289"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9913",
"datePublished": "2020-10-16T16:45:57",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9894 (GCVE-0-2020-9894)
Vulnerability from cvelistv5 – Published: 2020-10-16 16:40 – Updated: 2024-08-04 10:43
VLAI?
EPSS
Summary
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Apple | iOS |
Affected:
unspecified , < iOS 13.6 and iPadOS 13.6
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211292"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT211295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.6 and iPadOS 13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 13.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 6.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 13.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iTunes for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iTunes 12.10.8 for Windows",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 11.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows (Legacy)",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 7.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:40:22",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211291"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211292"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT211295"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2020-9894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 6.2.8"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 13.1.2"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iTunes 12.10.8 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 11.3"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 7.20"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT211288",
"refsource": "MISC",
"url": "https://support.apple.com/HT211288"
},
{
"name": "https://support.apple.com/HT211290",
"refsource": "MISC",
"url": "https://support.apple.com/HT211290"
},
{
"name": "https://support.apple.com/HT211291",
"refsource": "MISC",
"url": "https://support.apple.com/HT211291"
},
{
"name": "https://support.apple.com/HT211292",
"refsource": "MISC",
"url": "https://support.apple.com/HT211292"
},
{
"name": "https://support.apple.com/HT211293",
"refsource": "MISC",
"url": "https://support.apple.com/HT211293"
},
{
"name": "https://support.apple.com/HT211294",
"refsource": "MISC",
"url": "https://support.apple.com/HT211294"
},
{
"name": "https://support.apple.com/HT211295",
"refsource": "MISC",
"url": "https://support.apple.com/HT211295"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2020-9894",
"datePublished": "2020-10-16T16:40:22",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…