CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-9891
https://notcve.org/view.php?id=CVE-2020-9891
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. Se abordó una lectura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en iOS versión 13.6 y iPadOS versión 13.6, macOS Catalina versión 10.15.6, tvOS versión 13.4.8, watchOS versión 6.2.8. • https://support.apple.com/HT211288 https://support.apple.com/HT211289 https://support.apple.com/HT211290 https://support.apple.com/HT211291 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9910
https://notcve.org/view.php?id=CVE-2020-9910
Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Se abordaron múltiples problemas con una lógica mejorada. Este problema es corregido en iOS versión 13.6 y iPadOS versión 13.6, tvOS versión 13.4.8, watchOS versión 6.2.8, Safari versión 13.1.2, iTunes versión 12.10.8 para Windows, iCloud para Windows versión 11.3, iCloud para Windows versión 7.20. • https://support.apple.com/HT211288 https://support.apple.com/HT211290 https://support.apple.com/HT211291 https://support.apple.com/HT211292 https://support.apple.com/HT211293 https://support.apple.com/HT211294 https://support.apple.com/HT211295 •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-9923
https://notcve.org/view.php?id=CVE-2020-9923
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges. Se abordó un problema de corrupción de la memoria con un manejo de la memoria mejorado. Este problema es corregido en iOS versión 13.6 y iPadOS versión 13.6, watchOS 6.2.8. • https://support.apple.com/HT211288 https://support.apple.com/HT211291 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-9885
https://notcve.org/view.php?id=CVE-2020-9885
An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group. Se presentó un problema en el manejo de tapbacks de iMessage. • https://support.apple.com/HT211288 https://support.apple.com/HT211289 https://support.apple.com/HT211290 https://support.apple.com/HT211291 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9925 – webkitgtk: A logic issue may lead to cross site scripting
https://notcve.org/view.php?id=CVE-2020-9925
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting. Se abordó un problema lógico con una administración de estado mejorada. Este problema es corregido en iOS versión 13.6 y iPadOS versión 13.6, tvOS versión 13.4.8, watchOS versión 6.2.8, Safari versión 13.1.2, iTunes versión 12.10.8 para Windows, iCloud para Windows versión 11.3, iCloud para Windows versión 7.20. • https://support.apple.com/HT211288 https://support.apple.com/HT211290 https://support.apple.com/HT211291 https://support.apple.com/HT211292 https://support.apple.com/HT211293 https://support.apple.com/HT211294 https://support.apple.com/HT211295 https://access.redhat.com/security/cve/CVE-2020-9925 https://bugzilla.redhat.com/show_bug.cgi?id=1879541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •