CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
951 CVE-2020-10210 798 2020-12-29 2021-01-14
10.0
None Remote Low Not required Complete Complete Complete
Because of hard-coded SSH keys for the root user in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series, Kami7B, an attacker may remotely log in through SSH.
952 CVE-2020-10209 77 Exec Code 2020-12-30 2021-01-14
9.3
None Remote Medium Not required Complete Complete Complete
Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges.
953 CVE-2020-10208 77 Exec Code 2020-12-30 2021-01-14
9.0
None Remote Low ??? Complete Complete Complete
Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute arbitrary commands with root user privileges.
954 CVE-2020-10207 798 2020-12-29 2021-01-14
10.0
None Remote Low Not required Complete Complete Complete
Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and modify the device settings.
955 CVE-2020-10204 862 Exec Code 2020-04-01 2020-09-17
9.0
None Remote Low ??? Complete Complete Complete
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
956 CVE-2020-10199 862 2020-04-01 2021-02-24
9.0
None Remote Low ??? Complete Complete Complete
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
957 CVE-2020-10189 502 Exec Code 2020-03-06 2020-03-09
10.0
None Remote Low Not required Complete Complete Complete
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
958 CVE-2020-10188 120 Exec Code Overflow 2020-03-06 2021-06-14
10.0
None Remote Low Not required Complete Complete Complete
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
959 CVE-2020-10176 78 2020-05-07 2021-02-01
10.0
None Remote Low Not required Complete Complete Complete
ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow Eval Injection of commands.
960 CVE-2020-10173 78 2020-03-05 2020-03-10
9.0
None Remote Low ??? Complete Complete Complete
Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.
961 CVE-2020-10120 863 Exec Code 2020-03-17 2020-03-19
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).
962 CVE-2020-10115 20 Exec Code 2020-03-17 2020-03-19
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537).
963 CVE-2020-10055 94 Exec Code 2020-08-14 2020-08-21
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applications are delivered with a 3rd party component (BIRT) that contains a remote code execution vulnerability if the Advanced Reporting Engine is enabled. The vulnerability could allow a remote unauthenticated attacker to execute arbitrary commands on the server with SYSTEM privileges.
964 CVE-2020-10016 Exec Code Mem. Corr. 2020-12-08 2020-12-15
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges.
965 CVE-2020-10015 787 Exec Code 2021-04-02 2021-04-13
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.
966 CVE-2020-10013 Exec Code 2020-12-08 2021-03-22
9.3
None Remote Medium Not required Complete Complete Complete
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
967 CVE-2020-9992 Exec Code 2020-10-16 2020-11-15
9.3
None Remote Medium Not required Complete Complete Complete
This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network.
968 CVE-2020-9981 416 Exec Code 2020-12-08 2020-12-09
9.3
None Remote Medium Not required Complete Complete Complete
A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted file may lead to arbitrary code execution.
969 CVE-2020-9975 416 Exec Code 2021-04-02 2021-04-07
9.3
None Remote Medium Not required Complete Complete Complete
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
970 CVE-2020-9973 125 Exec Code 2020-10-27 2020-11-15
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
971 CVE-2020-9967 119 Overflow Mem. Corr. 2021-04-02 2021-04-08
9.3
None Remote Medium Not required Complete Complete Complete
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
972 CVE-2020-9965 125 Exec Code 2020-12-08 2021-03-11
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
973 CVE-2020-9958 787 2020-10-16 2020-11-15
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination or write kernel memory.
974 CVE-2020-9949 416 Exec Code 2020-12-08 2021-03-11
9.3
None Remote Medium Not required Complete Complete Complete
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, tvOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
975 CVE-2020-9928 Exec Code Mem. Corr. 2020-10-22 2020-10-27
9.3
None Remote Medium Not required Complete Complete Complete
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.
976 CVE-2020-9923 Exec Code Mem. Corr. 2020-10-16 2020-10-20
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges.
977 CVE-2020-9918 125 2020-10-16 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
978 CVE-2020-9907 119 Exec Code Overflow Mem. Corr. 2020-10-16 2020-10-20
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges.
979 CVE-2020-9906 20 Mem. Corr. 2020-10-22 2021-04-08
9.4
None Remote Low Not required None Complete Complete
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
980 CVE-2020-9904 Exec Code Mem. Corr. 2020-10-22 2020-10-29
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.
981 CVE-2020-9899 119 Exec Code Overflow Mem. Corr. 2020-10-22 2020-10-27
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.
982 CVE-2020-9892 119 Exec Code Overflow Mem. Corr. 2020-10-22 2020-10-27
9.3
None Remote Medium Not required Complete Complete Complete
Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges.
983 CVE-2020-9864 Exec Code 2020-10-16 2020-10-20
10.0
None Remote Low Not required Complete Complete Complete
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.
984 CVE-2020-9863 665 Exec Code 2020-10-22 2020-10-27
9.3
None Remote Medium Not required Complete Complete Complete
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.
985 CVE-2020-9852 190 Exec Code Overflow 2020-06-09 2020-06-09
9.3
None Remote Medium Not required Complete Complete Complete
An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.
986 CVE-2020-9841 190 Exec Code Overflow 2020-06-09 2020-06-09
9.3
None Remote Medium Not required Complete Complete Complete
An integer overflow was addressed through improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.
987 CVE-2020-9834 119 Exec Code Overflow Mem. Corr. 2020-06-09 2020-06-10
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.
988 CVE-2020-9830 787 Exec Code Mem. Corr. 2020-06-09 2020-10-16
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.
989 CVE-2020-9822 787 Exec Code 2020-06-09 2020-06-11
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to execute arbitrary code with kernel privileges.
990 CVE-2020-9821 119 Exec Code Overflow Mem. Corr. 2020-06-09 2020-06-11
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.
991 CVE-2020-9817 276 +Priv 2020-06-09 2020-06-11
9.3
None Remote Medium Not required Complete Complete Complete
A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges.
992 CVE-2020-9816 787 Exec Code 2020-06-09 2020-06-11
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.
993 CVE-2020-9815 125 Exec Code 2020-06-09 2020-10-16
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.
994 CVE-2020-9814 119 Exec Code Overflow Mem. Corr. 2020-06-09 2020-06-11
9.3
None Remote Medium Not required Complete Complete Complete
A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.
995 CVE-2020-9813 119 Exec Code Overflow Mem. Corr. 2020-06-09 2020-06-11
9.3
None Remote Medium Not required Complete Complete Complete
A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.
996 CVE-2020-9799 125 Exec Code 2020-10-16 2020-10-19
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.
997 CVE-2020-9795 416 Exec Code 2020-06-09 2020-06-11
9.3
None Remote Medium Not required Complete Complete Complete
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges.
998 CVE-2020-9793 119 Exec Code Overflow Mem. Corr. 2020-06-09 2020-06-11
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution.
999 CVE-2020-9791 125 Exec Code 2020-06-09 2020-06-11
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.
1000 CVE-2020-9790 787 Exec Code 2020-06-09 2020-06-11
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.