A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.
Max CVSS
7.4
EPSS Score
0.05%
Published
2019-12-11
Updated
2023-03-01
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.17%
Published
2020-10-22
Updated
2023-01-09
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. A remote attacker may be able to unexpectedly alter application state.
Max CVSS
7.5
EPSS Score
0.60%
Published
2020-10-27
Updated
2023-01-09
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
Max CVSS
8.8
EPSS Score
0.41%
Published
2020-10-16
Updated
2022-07-23
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.13%
Published
2020-10-27
Updated
2023-01-09
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.
Max CVSS
8.8
EPSS Score
0.44%
Published
2020-10-16
Updated
2023-01-09
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.17%
Published
2020-12-08
Updated
2021-07-21
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
Max CVSS
5.5
EPSS Score
0.13%
Published
2020-05-24
Updated
2023-01-09
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
Max CVSS
5.5
EPSS Score
0.11%
Published
2020-05-24
Updated
2021-06-14
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
Max CVSS
7.0
EPSS Score
0.06%
Published
2020-05-27
Updated
2022-05-13
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
Max CVSS
5.5
EPSS Score
0.11%
Published
2020-05-27
Updated
2022-05-13
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
Max CVSS
5.5
EPSS Score
0.16%
Published
2020-06-27
Updated
2022-05-12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!