Total
34253 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-3869 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 5.3 Medium |
| An issue existed in the handling of the local user's self-view. The issue was corrected with improved logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A remote FaceTime user may be able to cause the local user's camera self-view to display the incorrect camera. | ||||
| CVE-2020-3866 | 1 Apple | 1 Mac Os X | 2024-11-21 | 5.5 Medium |
| This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Catalina 10.15.3. Searching for and opening a file from an attacker controlled NFS mount may bypass Gatekeeper. | ||||
| CVE-2020-3862 | 3 Apple, Opensuse, Redhat | 8 Icloud, Ipados, Iphone Os and 5 more | 2024-11-21 | 6.5 Medium |
| A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. | ||||
| CVE-2020-3861 | 1 Apple | 1 Itunes | 2024-11-21 | 7.1 High |
| The issue was addressed with improved permissions logic. This issue is fixed in iTunes for Windows 12.10.4. A user may gain access to protected parts of the file system. | ||||
| CVE-2020-3859 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 2.4 Low |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen. | ||||
| CVE-2020-3855 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.1 High |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. A malicious application may be able to overwrite arbitrary files. | ||||
| CVE-2020-3844 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 3.3 Low |
| This issue was addressed with improved checks. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Users removed from an iMessage conversation may still be able to alter state. | ||||
| CVE-2020-3836 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 5.5 Medium |
| An access issue was addressed with improved memory management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to determine kernel memory layout. | ||||
| CVE-2020-3828 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 2.4 Low |
| A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen. | ||||
| CVE-2020-3798 | 2 Adobe, Microsoft | 2 Digital Editions, Windows | 2024-11-21 | 6.5 Medium |
| Adobe Digital Editions versions 4.5.11.187212 and below have a file enumeration (host or local network) vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2020-3796 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 6.5 Medium |
| ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure. | ||||
| CVE-2020-3763 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 9.8 Critical |
| Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write. | ||||
| CVE-2020-3762 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 9.8 Critical |
| Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write. | ||||
| CVE-2020-3761 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 7.5 High |
| ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory. | ||||
| CVE-2020-3759 | 1 Adobe | 1 Digital Editions | 2024-11-21 | 7.5 High |
| Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2020-3718 | 1 Magento | 1 Magento | 2024-11-21 | 9.8 Critical |
| Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2020-3679 | 1 Qualcomm | 34 Bitra, Bitra Firmware, Kamorta and 31 more | 2024-11-21 | 5.5 Medium |
| u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address including code segments' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Bitra, Kamorta, Nicobar, QCS404, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | ||||
| CVE-2020-3638 | 1 Qualcomm | 32 Agatti, Agatti Firmware, Bitra and 29 more | 2024-11-21 | 7.8 High |
| u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access control' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Bitra, Kamorta, QCA6390, QCS404, QCS610, Rennell, SA515M, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | ||||
| CVE-2020-3628 | 1 Qualcomm | 6 Apq8053, Apq8053 Firmware, Rennell and 3 more | 2024-11-21 | 9.8 Critical |
| Improper access due to socket opened by the logging application without specifying localhost address in Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, Rennell, SDX20 | ||||
| CVE-2020-3611 | 1 Qualcomm | 30 Apq8098, Apq8098 Firmware, Kamorta and 27 more | 2024-11-21 | 7.8 High |
| u'XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130 | ||||