| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability. |
| Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users. |
| Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. |
| Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. |
| A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges. |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. |
| An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution. |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges. |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted string may lead to heap corruption. |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory. |
| A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution. |
| A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.3. An application may be able to read restricted memory. |
| Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. |
| Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory address leak vulnerability. Successful exploitation could lead to information disclosure . |
| ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos). |
