Lista CVE - 2020 / Dicembre
Visualizzazione 201 - 300 di 1538 CVE per Dicembre 2020 (Pagina 3 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-29578 | 2020-12-08 | The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker... |
| CVE-2020-29579 | 2020-12-08 | The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker... |
| CVE-2020-29581 | 2020-12-08 | The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may... |
| CVE-2020-29601 | 2020-12-08 | The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may... |
| CVE-2020-29602 | 2020-12-08 | The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. System using the irssi docker container deployed by affected versions of the Docker... |
| CVE-2020-29580 | 2020-12-08 | The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may... |
| CVE-2020-29577 | 2020-12-08 | The official znc docker images before 1.7.1-slim contain a blank password for a root user. Systems using the znc docker container deployed by affected versions of the Docker image may... |
| CVE-2020-29575 | 2020-12-08 | The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the... |
| CVE-2020-29564 | 2020-12-08 | The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user. System using the Consul Docker container deployed by affected versions of the Docker image... |
| CVE-2020-29576 | 2020-12-08 | The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may... |
| CVE-2020-1971 | 2020-12-08 | EDIPARTYNAME NULL pointer dereference |
| CVE-2020-9942 | 2020-12-08 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address... |
| CVE-2020-9922 | 2020-12-08 | A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted... |
| CVE-2020-9944 | 2020-12-08 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may... |
| CVE-2020-9945 | 2020-12-08 | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a... |
| CVE-2020-9849 | 2020-12-08 | An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9,... |
| CVE-2020-9954 | 2020-12-08 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 7.0, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005... |
| CVE-2020-9950 | 2020-12-08 | A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted... |
| CVE-2020-9966 | 2020-12-08 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may... |
| CVE-2020-9947 | 2020-12-08 | A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows... |
| CVE-2020-9943 | 2020-12-08 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A malicious application... |
| CVE-2020-9972 | 2020-12-08 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected... |
| CVE-2020-9949 | 2020-12-08 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6,... |
| CVE-2020-9963 | 2020-12-08 | The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able... |
| CVE-2020-9977 | 2020-12-08 | A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0... |
| CVE-2020-9981 | 2020-12-08 | A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows... |
| CVE-2020-9988 | 2020-12-08 | The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a... |
| CVE-2020-9987 | 2020-12-08 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing. |
| CVE-2020-9969 | 2020-12-08 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user... |
| CVE-2020-9965 | 2020-12-08 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may... |
| CVE-2020-9993 | 2020-12-08 | The issue was addressed with improved UI handling. This issue is fixed in watchOS 7.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Visiting a malicious website may lead to address... |
| CVE-2020-9999 | 2020-12-08 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may... |
| CVE-2020-28946 | 2020-12-08 | An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker (with network access to the device) to obtain the configuration file, including hashed credential data.... |
| CVE-2020-14205 | 2020-12-08 | The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue... |
| CVE-2020-14206 | 2020-12-08 | The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XSS within the filter function (via an arbitrary parameter). |
| CVE-2020-14207 | 2020-12-08 | The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filter_diver parameter. |
| CVE-2020-26233 | 2020-12-08 | Remote Code Execution in Git Credential Manager Core |
| CVE-2020-10002 | 2020-12-08 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS... |
| CVE-2020-9974 | 2020-12-08 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application... |
| CVE-2020-9989 | 2020-12-08 | The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to... |
| CVE-2020-10006 | 2020-12-08 | This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files. |
| CVE-2020-9996 | 2020-12-08 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be... |
| CVE-2020-10009 | 2020-12-08 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions. |
| CVE-2020-10010 | 2020-12-08 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker... |
| CVE-2020-10013 | 2020-12-08 | A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code... |
| CVE-2020-10004 | 2020-12-08 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2. Opening a maliciously crafted file may lead... |
| CVE-2020-10003 | 2020-12-08 | An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and... |
| CVE-2020-10011 | 2020-12-08 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005... |
| CVE-2020-10007 | 2020-12-08 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to determine kernel memory layout. |
| CVE-2020-10012 | 2020-12-08 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted document may lead to a cross site scripting... |
| CVE-2020-10016 | 2020-12-08 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application... |
| CVE-2020-10014 | 2020-12-08 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able... |
| CVE-2020-27894 | 2020-12-08 | The issue was addressed with additional user controls. This issue is fixed in macOS Big Sur 11.0.1. Users may be unable to remove metadata indicating where files were downloaded from. |
| CVE-2020-27895 | 2020-12-08 | An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. This issue is fixed in iTunes 12.11 for Windows. A malicious... |
| CVE-2020-10017 | 2020-12-08 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously... |
| CVE-2020-27900 | 2020-12-08 | An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be... |
| CVE-2020-27903 | 2020-12-08 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to gain elevated privileges. |
| CVE-2020-27904 | 2020-12-08 | A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to... |
| CVE-2020-27898 | 2020-12-08 | A denial of service issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1. An attacker may be able to bypass Managed Frame Protection. |
| CVE-2020-27902 | 2020-12-08 | An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2. A person with physical access to an iOS device may be... |
| CVE-2020-27906 | 2020-12-08 | Multiple integer overflows were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to cause unexpected application termination or... |
| CVE-2020-27905 | 2020-12-08 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able... |
| CVE-2020-27910 | 2020-12-08 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously... |
| CVE-2020-27909 | 2020-12-08 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may... |
| CVE-2020-27912 | 2020-12-08 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS... |
| CVE-2020-27911 | 2020-12-08 | An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS... |
| CVE-2020-27925 | 2020-12-08 | An issue existed in the handling of incoming calls. The issue was addressed with additional state checks. This issue is fixed in iOS 14.2 and iPadOS 14.2. A user may... |
| CVE-2020-27927 | 2020-12-08 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a... |
| CVE-2020-27916 | 2020-12-08 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously... |
| CVE-2020-27926 | 2020-12-08 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2. Processing maliciously crafted web content may lead to arbitrary... |
| CVE-2020-27917 | 2020-12-08 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows... |
| CVE-2020-27929 | 2020-12-08 | A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4.9. A user may send... |
| CVE-2020-27932 | 2020-12-08 | A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra,... |
| CVE-2020-27950 | 2020-12-08 | A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave,... |
| CVE-2020-27930 | 2020-12-08 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra,... |
| CVE-2020-25663 | 2020-12-08 | A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is... |
| CVE-2020-25664 | 2020-12-08 | In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes... |
| CVE-2020-25667 | 2020-12-08 | TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\""` within `profile` due to improper string handling |
| CVE-2020-27896 | 2020-12-08 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to modify the file system. |
| CVE-2020-9991 | 2020-12-08 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A... |
| CVE-2020-27918 | 2020-12-08 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows... |
| CVE-2020-28274 | 2020-12-08 | Prototype pollution vulnerability in 'deepref' versions 1.1.1 through 1.2.1 allows attacker to cause a denial of service and may lead to remote code execution. |
| CVE-2020-27821 | 2020-12-08 | A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the... |
| CVE-2020-26256 | 2020-12-08 | Denial of service in fast-csv |
| CVE-2020-27752 | 2020-12-08 | A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely... |
| CVE-2020-27753 | 2020-12-08 | There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could... |
| CVE-2020-27755 | 2020-12-08 | in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size... |
| CVE-2020-26234 | 2020-12-08 | Disabled Hostname Verification in OpenCast |
| CVE-2020-26249 | 2020-12-08 | Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability |
| CVE-2020-16587 | 2020-12-09 | A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file. |
| CVE-2020-16588 | 2020-12-09 | A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file. |
| CVE-2020-16589 | 2020-12-09 | A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file. |
| CVE-2020-27614 | 2020-12-09 | AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation. |
| CVE-2020-25627 | 2020-12-09 | The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. This affects versions 3.9 to 3.9.1. Fixed in 3.9.2. |
| CVE-2020-26950 | 2020-12-09 | In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird... |
| CVE-2020-26951 | 2020-12-09 | A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in... |
| CVE-2020-26952 | 2020-12-09 | Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox < 83. |
| CVE-2020-26953 | 2020-12-09 | It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user.... |
| CVE-2020-26954 | 2020-12-09 | When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used... |
| CVE-2020-26955 | 2020-12-09 | When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain,... |