CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1451 CVE-2019-8828 119 Exec Code Overflow Mem. Corr. 2020-10-27 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.
1452 CVE-2019-8827 2020-10-27 2020-10-29
4.3
None Remote Medium Not required Partial None None
The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a user has visited.
1453 CVE-2019-8826 119 Exec Code Overflow Mem. Corr. 2020-10-27 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15. Processing maliciously crafted web content may lead to arbitrary code execution.
1454 CVE-2019-8825 119 Exec Code Overflow Mem. Corr. 2020-10-27 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 10.7, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
1455 CVE-2019-8824 119 Exec Code Overflow Mem. Corr. 2020-10-27 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with kernel privileges.
1456 CVE-2019-8809 2020-10-27 2020-10-30
2.1
None Local Low Not required Partial None None
A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier.
1457 CVE-2019-8799 922 2020-10-27 2021-07-21
2.1
None Local Low Not required Partial None None
This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications.
1458 CVE-2019-8796 2020-10-27 2020-10-29
4.3
None Remote Medium Not required Partial None None
A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode.
1459 CVE-2019-8790 922 2020-10-27 2020-11-03
2.1
None Local Low Not required Partial None None
This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure.
1460 CVE-2019-8780 2020-10-27 2020-10-30
7.1
None Remote Medium Not required Complete None None
The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13. A malicious application may be able to determine kernel memory layout.
1461 CVE-2019-8777 276 2020-10-27 2020-10-30
2.1
None Local Low Not required Partial None None
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local attacker may be able to view contacts from the lock screen.
1462 CVE-2019-8776 119 Exec Code Overflow Mem. Corr. 2020-10-27 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.
1463 CVE-2019-8774 400 2020-10-27 2021-07-21
4.3
None Remote Medium Not required None None Partial
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service.
1464 CVE-2019-8773 Exec Code Mem. Corr. 2020-10-27 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
1465 CVE-2019-8771 1021 2020-10-27 2020-10-30
4.3
None Remote Medium Not required None Partial None
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy.
1466 CVE-2019-8767 787 Mem. Corr. 2020-10-27 2020-10-29
7.5
None Remote Low Not required Partial Partial Partial
A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Processing a maliciously crafted string may lead to heap corruption.
1467 CVE-2019-8762 79 XSS 2020-10-27 2020-10-30
4.3
None Remote Medium Not required None Partial None
A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting.
1468 CVE-2019-8761 200 +Info 2020-10-27 2021-07-21
4.3
None Remote Medium Not required Partial None None
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information.
1469 CVE-2019-8759 125 2020-10-27 2020-10-29
6.6
None Local Low Not required Complete None Complete
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. A local user may be able to cause unexpected system termination or read kernel memory.
1470 CVE-2019-8756 20 Mem. Corr. 2020-10-27 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.
1471 CVE-2019-8754 346 2020-10-27 2020-10-29
4.3
None Remote Medium Not required Partial None None
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user information.
1472 CVE-2019-8753 79 XSS 2020-10-27 2020-10-29
4.3
None Remote Medium Not required None Partial None
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack.
1473 CVE-2019-8752 Exec Code Mem. Corr. 2020-10-27 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
1474 CVE-2019-8751 Exec Code Mem. Corr. 2020-10-27 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
1475 CVE-2019-8749 20 Mem. Corr. 2020-10-27 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.
1476 CVE-2019-8746 125 Exec Code 2020-10-27 2020-10-29
7.5
None Remote Low Not required Partial Partial Partial
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
1477 CVE-2019-8744 Mem. Corr. 2020-10-27 2021-07-21
4.3
None Remote Medium Not required Partial None None
A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout.
1478 CVE-2019-8740 Exec Code Mem. Corr. 2020-10-27 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 13.1 and iPadOS 13.1, watchOS 6, tvOS 13. An application may be able to execute arbitrary code with kernel privileges.
1479 CVE-2019-8737 20 DoS 2020-10-27 2020-10-29
4.0
None Remote Low ??? None None Partial
A denial of service issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged position may be able to perform a denial of service attack.
1480 CVE-2019-8736 20 +Info 2020-10-27 2020-10-29
4.0
None Remote Low ??? Partial None None
An input validation issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged network position may be able to leak sensitive user information.
1481 CVE-2019-8734 Exec Code Mem. Corr. 2020-10-27 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
1482 CVE-2019-8732 200 +Info 2020-10-27 2021-07-21
2.1
None Local Low Not required Partial None None
The issue was addressed with improved data deletion. This issue is fixed in iOS 13. Deleted calls remained visible on the device.
1483 CVE-2019-8728 Exec Code Mem. Corr. 2020-10-27 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
1484 CVE-2019-8718 Exec Code Mem. Corr. 2020-10-27 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with kernel privileges.
1485 CVE-2019-8716 Exec Code Mem. Corr. 2020-10-27 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges.
1486 CVE-2019-8715 Exec Code Mem. Corr. 2020-10-27 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. An application may be able to execute arbitrary code with system privileges.
1487 CVE-2019-8712 Exec Code Mem. Corr. 2020-10-27 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges.
1488 CVE-2019-8709 Exec Code Mem. Corr. 2020-10-27 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. An application may be able to execute arbitrary code with kernel privileges.
1489 CVE-2019-8708 2020-10-27 2020-10-30
2.1
None Local Low Not required Partial None None
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. A local user may be able to check for the existence of arbitrary files.
1490 CVE-2019-8706 Exec Code Mem. Corr. 2020-10-27 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may lead to arbitrary code execution.
1491 CVE-2019-8696 120 Exec Code Overflow 2020-10-27 2020-10-30
6.5
None Remote Low ??? Partial Partial Partial
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.
1492 CVE-2019-8675 120 Exec Code Overflow 2020-10-27 2020-10-29
6.5
None Remote Low ??? Partial Partial Partial
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.
1493 CVE-2019-8668 20 DoS 2020-10-27 2020-10-29
4.3
None Remote Medium Not required None None Partial
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. Processing a maliciously crafted image may lead to a denial of service.
1494 CVE-2019-8664 20 DoS 2020-10-27 2020-10-29
4.3
None Remote Medium Not required None None Partial
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service.
1495 CVE-2019-8656 Bypass 2020-10-27 2020-11-04
4.3
None Remote Medium Not required None Partial None
This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper.
1496 CVE-2019-8645 2020-10-27 2020-11-02
4.0
None Remote Low ??? Partial None None
An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail.
1497 CVE-2019-8642 295 2020-10-27 2020-11-02
4.3
None Remote Medium Not required None Partial None
An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing.
1498 CVE-2019-8640 20 2020-10-27 2020-11-02
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra. A sandboxed process may be able to circumvent sandbox restrictions.
1499 CVE-2019-8639 Exec Code Mem. Corr. 2020-10-27 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution.
1500 CVE-2019-8638 Exec Code Mem. Corr. 2020-10-27 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution.
Total number of vulnerabilities : 1563   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 (This Page)31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.