EUVD-2020-25111

Malware in sbrugna...

Pixar OpenUSD binary file format offset seek information leak vulnerability

Summary An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used...

Pixar OpenUSD binary file format index type values information leak vulnerability

Talos Vulnerability Report TALOS-2020-1105 Pixar OpenUSD binary file format index type values information leak vulnerability November 12, 2020 CVE Number CVE-2020-13498,CVE-2020-13496,CVE-2020-13497 SUMMARY An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain...

Pixar OpenUSD Binary File Format Compressed Value Reps Code Execution Vulnerabilities

Summary A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to acce...

Unspecified Vulnerability in Apple macOS Catalina System Component

Apple macOS Catalina is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in the System component of Apple macOS Catalina prior to version 10.15.3. An attacker can exploit the vulnerability to overwrite arbitrary files...

CVE-2020-3863

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to execute arbitrary code with system privileges...

CVE-2020-9774

An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed...

CVE-2020-3849

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution...

CVE-2020-3848

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution...

Input validation

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory...

CVE-2020-3847

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory...

CVE-2020-3848

CVE-2020-3848 affects macOS Catalina CoreBluetooth. It is described as a memory corruption issue resolved by improved input validation and fixed in macOS Catalina 10.15.3. Impact: remote attacker could cause an application termination or arbitrary code execution. Remediation: apply the macOS Cata...

Apple macOS Catalina memory corruption vulnerability (CNVD-2020-14695)

Apple macOS Catalina is a specialized operating system developed by Apple Inc. for Mac computers. A memory corruption vulnerability exists in Apple macOS Catalina versions prior to 10.15.3. The vulnerability can be exploited by an application to execute arbitrary code with system privileges...

CVE-2020-3877

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution...

CVE-2020-3870

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution...

CVE-2020-3872

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory...

CVE-2020-3875

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory...

CVE-2020-3853

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to execute arbitrary code with system privileges...

CVE-2020-3846

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted XML may lead to an...

CVE-2020-3836

An access issue was addressed with improved memory management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to determine kernel memory layout...