CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2020/10/22 5:59 p.m.•93 views

CVE-2020-9873

CVE-2020-9873 describes an out-of-bounds read in the Apple ImageIO component that could lead to arbitrary code execution when processing a malicious image. The vulnerability is fixed in multiple Apple platform updates, including iOS 13.6 / iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS...

7.8CVSS8.1AI score0.01279EPSS

Cvelist•added 2020/10/22 5:58 p.m.•21 views

CVE-2020-9877

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to...

8.2AI score0.01279EPSS

CVE•added 2020/10/22 5:58 p.m.•107 views

CVE-2020-9877

CVE-2020-9877 concerns an out-of-bounds read that was addressed in Apple’s security updates. According to the vendor-supplied details, processing a maliciously crafted image could lead to arbitrary code execution. The fixed versions across affected platforms include iOS 13.6 and iPadOS 13.6, macO...

7.8CVSS8.1AI score0.01279EPSS

CVE•added 2020/10/22 5:58 p.m.•101 views

CVE-2020-9875

CVE-2020-9875 concerns an integer overflow that was addressed by improving input validation. The published details indicate the issue affects Apple’s ImageIO (and related image-processing paths) across macOS/iOS/watchOS/tvOS platforms and associated Windows/iCloud components. The vulnerability co...

7.8CVSS8.3AI score0.01246EPSS

CVE•added 2020/10/22 5:58 p.m.•112 views

CVE-2020-9876

CVE-2020-9876 is an out-of-bounds write in Apple's ImageIO component that can be triggered by processing a malicious PDF. Affected products include macOS/iOSwatch/tvOS/watchOS families via ImageIO, and Windows (iCloud for Windows, iTunes for Windows) and tvOS updates. Public details in connected ...

7.8CVSS7.9AI score0.01946EPSS

Exploits0References17Affected Software8

Cvelist•added 2020/10/22 5:58 p.m.•18 views

CVE-2020-9874

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may...

8.3AI score0.01241EPSS

CVE•added 2020/10/22 5:54 p.m.•85 views

CVE-2020-9871

CVE-2020-9871: An out-of-bounds write in ImageIO (openEXR handling) may allow arbitrary code execution when processing a malicious image. Affected products include Apple OSes and related apps; Apple’s mitigations are in security updates. Remediation: patch in iOS 13.6/iPadOS 13.6, macOS Catalina ...

7.8CVSS8.2AI score0.01273EPSS

Cvelist•added 2020/10/22 5:54 p.m.•21 views

CVE-2020-9871

8.3AI score0.01273EPSS

Positive Technologies•added 2020/10/22 12:0 a.m.•3 views

PT-2020-20828 · Apple · Itunes For Windows +7

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.6 iPadOS versions prior to 13.6 macOS Catalina versions prior to 10.15.6 tvOS versions prior to 13.4.8 watchOS versions prior to 6.2.8 iTunes for Windows versions prior to 12.10.8 iCloud for Windows versions prior to...

7.8CVSS7.2AI score0.01279EPSS

Positive Technologies•added 2020/10/22 12:0 a.m.•4 views

PT-2020-20824 · Apple · Itunes For Windows +7

7.8CVSS7.2AI score0.01279EPSS

BDU FSTEC•added 2020/10/22 12:0 a.m.•8 views

Vulnerabilities of operating systems tvOS, iOS, iCloud for Windows service, Safari browser, and iTunes multimedia player, related to the use of memory after its release, allowing attackers to execute arbitrary code.

Vulnerabilities of operating systems such as tvOS and iOS, the iCloud for Windows service, the Safari browser, and the multimedia player iTunes are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow a malicious actor to execute arbitrary code remotely...

9.3CVSS7.2AI score0.0198EPSS

Exploits0References9Affected Software12

Positive Technologies•added 2020/10/22 12:0 a.m.•3 views

PT-2020-20880 · Apple · Itunes For Windows +7

7.8CVSS7.2AI score0.01273EPSS

Positive Technologies•added 2020/10/22 12:0 a.m.•4 views

PT-2020-20822 · Apple · Itunes For Windows +7

7.8CVSS7.3AI score0.01273EPSS

NVD•added 2020/10/16 5:15 p.m.•33 views

CVE-2020-9952

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack...

7.1CVSS0.01479EPSS

Exploits0References12

NVD•added 2020/10/16 5:15 p.m.•18 views

CVE-2020-9916

A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the...

5.3CVSS0.01361EPSS

NVD•added 2020/10/16 5:15 p.m.•19 views

CVE-2020-9936

7.8CVSS0.01268EPSS

NVD•added 2020/10/16 5:15 p.m.•24 views

CVE-2020-9925

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal...

6.1CVSS0.01121EPSS