Cross site scripting

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox...

UBUNTU-CVE-2020-9794

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of servi...

CVE-2020-9847

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox...

CVE-2020-9838

CVE-2020-9838 is supported by connected Apple advisories: it is an out-of-bounds read in the Bluetooth component of iOS/iPadOS fixed in 13.5. The Apple bulletin notes a remote attacker could cause arbitrary code execution, and remediation is to update to iOS 13.5/iPadOS 13.5. Other sources corrob...

CVE-2020-9837

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory...

CVE-2020-9837

CVE-2020-9837 is an out-of-bounds read vulnerability that could allow a remote attacker to leak memory. The issue is fixed in Apple platforms: iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, and tvOS 13.4.5. The public description across connected sources confirms the root cause as an out-of-bo...

CVE-2020-9831

CVE-2020-9831 is an out-of-bounds read in macOS Catalina’s Bluetooth component that could allow a malicious/local attacker to determine the kernel memory layout. Apple reports the fix in macOS Catalina 10.15.5 via Security Update 2020-003 Mojave/High Sierra lines; impact is limited to memory layo...

CVE-2020-9789

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may...

CVE-2020-9818

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination...

CVE-2020-9818

CVE-2020-9818 describes an out‑of‑bounds write in the Mail component of Apple iOS/iPadOS/watchOS. Affected versions: iOS 13.5 and iPadOS 13.5, iOS 12.4.7, and watchOS 6.2.5. Root cause: improved bounds checking in handling of malicious mail messages may prevent memory corruption. Impact as stated...

CVE-2020-9818

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination...

CVE-2020-9816

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution...

CVE-2020-9815

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution...

CVE-2020-9794

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of servi...

CVE-2020-10070 MQTT buffer overflow on receive buffer

In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost is a proof-of-concept exploit for a bug in Windows 10 1903/1909's new SMB3 compression capability. The bug is caused by a lack of bounds checking in the offset size of the SMB2CompressionTransformHeader, which leads to a buffer overflow and kernel cra...

Updated clamav packages fix security vulnerabilities

Updated clamav packages fix security vulnerabilities: Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 that could cause a denial-of-service condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to...

About the security content of tvOS 13.4.5

About the security content of tvOS 13.4.5 This document describes the security content of tvOS 13.4.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

Naver Whale Browser Installer Data Forgery Issue Vulnerability

Naver Whale Browser is a web browser with a user-defined interface from Naver, Korea.Installer is the installer. A data forgery vulnerability exists in Naver Whale Browser Installer versions prior to 1.2.0.5, which originates from a Flash installer that does not support signature checking. An...

About the security content of watchOS 6.2.5

About the security content of watchOS 6.2.5 This document describes the security content of watchOS 6.2.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...