CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9915 – webkitgtk: Access issue in content security policy
https://notcve.org/view.php?id=CVE-2020-9915
17 Jul 2020 — An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Se presentó un problema de acceso en la Política de Seguridad de Contenido. • https://support.apple.com/HT211288 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-9914
https://notcve.org/view.php?id=CVE-2020-9914
17 Jul 2020 — An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets. Se presentó un problema de comprobación de entrada en Bluetooth. • https://support.apple.com/HT211288 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9925 – webkitgtk: A logic issue may lead to cross site scripting
https://notcve.org/view.php?id=CVE-2020-9925
17 Jul 2020 — A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting. Se abordó un problema lógico con una administración de estado mejorada. Este problema es corregido en iOS versión 13.6 y iPadOS versión 13.6, tvOS versión 13.4.8, watchOS versión 6.2.8, Safa... • https://support.apple.com/HT211288 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9862 – webkitgtk: Command injection in web inspector
https://notcve.org/view.php?id=CVE-2020-9862
17 Jul 2020 — A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. Se presentó un problema de inyección de comandos en Web Inspector. • https://support.apple.com/HT211288 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 0CVE-2020-9865
https://notcve.org/view.php?id=CVE-2020-9865
17 Jul 2020 — A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox. Se abordó un problema de corrupción de la memoria al eliminar el código vulnerable. Este problema es corregido en iOS versión 13.6 y iPadOS versión 13.6, macOS Catalina versión 10.15.6, tvOS versión 13.4.8, watchOS versión 6.2.8. • https://support.apple.com/HT211288 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-9885
https://notcve.org/view.php?id=CVE-2020-9885
17 Jul 2020 — An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group. Se presentó un problema en el manejo de tapbacks de iMessage. • https://support.apple.com/HT211288 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9917
https://notcve.org/view.php?id=CVE-2020-9917
17 Jul 2020 — This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service. Este problema es abordado con unas comprobaciones mejoradas. Este problema es corregido en iOS versión 13.6 y iPadOS versión 13.6. • https://support.apple.com/HT211288 •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-9907 – Apple Multiple Products Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-9907
17 Jul 2020 — A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de corrupción de la memoria al eliminar el código vulnerable. Este problema es corregido en iOS versión 13.6 y iPadOS versión 13.6, tvOS versión 13.4.8. • https://support.apple.com/HT211288 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-9911
https://notcve.org/view.php?id=CVE-2020-9911
17 Jul 2020 — A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy. Se abordó un problema lógico con una restricciones mejoradas. Este problema es corregido en iOS versión 13.6 y iPadOS versión 13.6, Safari versión 13.1.2. • https://support.apple.com/HT211288 •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9910
https://notcve.org/view.php?id=CVE-2020-9910
17 Jul 2020 — Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Se abordaron múltiples problemas con una lógica mejorada. Este problema es corregido en iOS versión 13.6 y iPadOS versión 13.6, tvOS versión 13.4.8, watchOS versión 6.2.8, Safar... • https://support.apple.com/HT211288 •