CVE-2023-27558

IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected...

CVE-2023-40374

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575...

Privilege escalation

IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected...

CVE-2023-27558 IBM Db2 privilege escalation

IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected...

CVE-2023-27558 IBM Db2 privilege escalation

IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected...

CVE-2020-27912

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution...

CVE-2020-27917

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to code execution...

CVE-2020-9981

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave...

CVE-2020-9947

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2020-10002

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files...

CVE-2020-10002

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files...

Design/Logic Flaw

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave...

CVE-2020-9849

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory...

Design/Logic Flaw

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2020-9947

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2020-9849

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory...

Apple Security Update: iCloud for Windows 11.5

Apple recommends to install security update iCloud for Windows 11.5 on devices Windows 10 and later via the Microsoft Store...

About the security content of iCloud for Windows 11.5

About the security content of iCloud for Windows 11.5 This document describes the security content of iCloud for Windows 11.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

PT-2020-6110 · Xmlsoft +1 · Libxml2 +10

Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 7.0 iOS versions prior to 14.0 iPadOS versions prior to 14.0 iTunes for Windows versions prior to 12.10.9 iCloud for Windows versions prior to 11.5 tvOS versions prior to 14.0 macOS Catalina versions prior to 10.15.7...

Computer Associates BrightStor ARCserve Backup MediaSVR.EXE 191缓冲区溢出漏洞

Computer Associates BrightStor ARCserve Backup是一款企业级的备份解决方案。 Computer Associates BrightStor ARCserve Backup处理XDR过程的RPC数据存在设计错误，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 Mediasvr.exe导入的多个DLL在处理使用XDR过程的RPC数据时存在设计错误。4个来自RPC报文的字节作为特殊地址处理（xdrhandlet data会经过多次位移动和字节反转），最后装载到ECX中，在NULL字节后至少8字节NULL的191 0xbf过程成为可利用条件：...