NotCVE - vendor:"Apple" product:"Iphone Os" version:"

Page 120 of 3279 results (0.017 seconds)

CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0

CVE-2019-20044 – zsh: insecure dropping of privileges when unsetting PRIVILEGED option

https://notcve.org/view.php?id=CVE-2019-20044

24 Feb 2020 — In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). En Zsh versiones anteriores a 5.8, los atacantes capaces de ejecutar comandos pueden recuperar privilegios eliminados mediante la opción --no-PRIVILEGED. Zsh presenta un fallo al sobrescribir el uid guardado, ya que los privilegio... • http://seclists.org/fulldisclosure/2020/May/49 • CWE-271: Privilege Dropping / Lowering Errors CWE-273: Improper Check for Dropped Privileges •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2020-3864 – webkitgtk: Non-unique security origin for DOM object contexts

https://notcve.org/view.php?id=CVE-2020-3864

17 Feb 2020 — A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. Se abordó un problema lógico con una comprobación mejorada. Este problema se corrigió en iCloud para Windows versión 7.17, iTunes versión 12.10.4 para Windows, iCloud para Windows versión 10.9.2, tvOS versión 13.3.1, Safari vers... • https://support.apple.com/en-us/HT210918 • CWE-346: Origin Validation Error •

CVSS: 3.1EPSS: 0%CPEs: 15EXPL: 4

CVE-2019-15126 – Broadcom Wi-Fi Devices - 'KR00K Information Disclosure

https://notcve.org/view.php?id=CVE-2019-15126

05 Feb 2020 — An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. Se detectó un problema en los dispositivos cliente de Broadcom Wi-Fi. Específicamente un tráfic... • https://www.exploit-db.com/exploits/48233 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-3825

https://notcve.org/view.php?id=CVE-2020-3825

30 Jan 2020 — Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordaron múltiples problemas de corrupción de memoria con un manejo de memoria mejorado. Este problema es corregido en iOS versión 13.3.1 y iPadOS versión 13.3.1, tvOS 13.3.1, Safari versi... • https://support.apple.com/HT210947 • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2020-3862 – webkitgtk: Denial of service via incorrect memory handling

https://notcve.org/view.php?id=CVE-2020-3862

30 Jan 2020 — A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. Se abordó un problema de denegación de servicio con un manejo de memoria mejorado. Este problema es corregido en iOS versión 13.3.1 y iPadOS versión 13.3.1, tvOS versión 13.3.1, Safari versión 13.0.5, iTunes para Windows... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2020-3865 – webkitgtk: Incorrect security check for a top-level DOM object context

https://notcve.org/view.php?id=CVE-2020-3865

30 Jan 2020 — Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordaron múltiples problemas de corrupción de memoria con un manejo de memoria mejorado. Este problema es corregido en iOS versión 13.3.1 y iPadOS versión 13.3.1, tvOS versión 13.3.1, Safa... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html • CWE-787: Out-of-bounds Write •

CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0

CVE-2020-3867 – webkitgtk: Incorrect state management leading to universal cross-site scripting

https://notcve.org/view.php?id=CVE-2020-3867

30 Jan 2020 — A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting. Se abordó un problema lógico con una administración de estado mejorada. Este problema es corregido en iOS versión 13.3.1 y iPadOS versión 13.3.1, tvOS versión 13.3.1, Safari versión 13.0.5, iTunes para Wind... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-3828

https://notcve.org/view.php?id=CVE-2020-3828

29 Jan 2020 — A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen. Un problema de la pantalla de bloqueo permitió el acceso a los contactos sobre un dispositivo bloqueado. • https://support.apple.com/HT210918 •

CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-3873

https://notcve.org/view.php?id=CVE-2020-3873

29 Jan 2020 — This issue was addressed with improved setting propagation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Turning off "Load remote content in messages” may not apply to all mail previews. Este problema se abordó con una propagación de la configuración mejorada. Este problema es corregido en iOS versión 13.3.1 y iPadOS versión 13.3.1. • https://support.apple.com/HT210918 •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-3858

https://notcve.org/view.php?id=CVE-2020-3858

29 Jan 2020 — A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de corrupción de memoria con un manejo de memoria mejorado. Este problema es corregido en iOS versión 13.3.1 y iPadOS versión 13.3.1. • https://support.apple.com/HT210918 • CWE-787: Out-of-bounds Write •

1...118 119 120 121 122