Apple tvOS vulnerabilities

CVE-2020-9793 [HIGH] CWE-20 CVE-2020-9793: A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution.

CVE-2020-9802 [HIGH] CVE-2020-9802: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 1 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2020-9789 [HIGH] CWE-787 CVE-2020-9789: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2020-9812 [MEDIUM] CVE-2020-9812: An information disclosure issue was addressed with improved state management. This issue is fixed in An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.

CVE-2020-9829 [MEDIUM] CWE-20 CVE-2020-9829: A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 a A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted text message may lead to application denial of service.

CVE-2020-9797 [MEDIUM] CVE-2020-9797: An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed i An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine another application's memory layout.

CVE-2020-9809 [MEDIUM] CVE-2020-9809: An information disclosure issue was addressed with improved state management. This issue is fixed in An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine kernel memory layout.

CVE-2020-9811 [MEDIUM] CVE-2020-9811: An information disclosure issue was addressed with improved state management. This issue is fixed in An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.

CVE-2020-9859 [HIGH] CWE-415 CVE-2020-9859: A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 1 A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.

CVE-2020-13630 [HIGH] CWE-416 CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snip ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

CVE-2020-13631 [MEDIUM] CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, r SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

CVE-2020-13434 [MEDIUM] CWE-190 CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

CVE-2019-6203 [CRITICAL] CVE-2019-6203: A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS M A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic.

CVE-2020-11762 [MEDIUM] CWE-125 CVE-2020-11762: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaComp An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.

CVE-2020-11763 [MEDIUM] CWE-125 CVE-2020-11763: An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and writ An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.

CVE-2020-11764 [MEDIUM] CWE-787 CVE-2020-11764: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuf An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.

CVE-2020-11758 [MEDIUM] CWE-125 CVE-2020-11758: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixel An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.

CVE-2020-11759 [MEDIUM] CWE-190 CVE-2020-11759: An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLi An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.

CVE-2020-11760 [MEDIUM] CWE-125 CVE-2020-11760: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompres An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.

CVE-2020-11761 [MEDIUM] CWE-125 CVE-2020-11761: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncom An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.