CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3916
https://notcve.org/view.php?id=CVE-2020-3916
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos. Se abordó un problema de acceso con restricciones de sandbox adicionales. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, watchOS versión 6.2. • https://support.apple.com/HT211102 https://support.apple.com/HT211103 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9773
https://notcve.org/view.php?id=CVE-2020-9773
The issue was addressed with improved handling of icon caches. This issue is fixed in iOS 14.0 and iPadOS 14.0. A malicious application may be able to identify what other applications a user has installed. Se abordó el problema con un manejo mejorado de las cachés de iconos. Este problema es corregido en iOS versión 14.0 y iPadOS versión 14.0. • http://seclists.org/fulldisclosure/2020/Nov/20 https://support.apple.com/HT211850 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-3902 – webkitgtk: Input validation issue leading to cross-site script attack
https://notcve.org/view.php?id=CVE-2020-3902
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack. Se abordó un problema de comprobación de entrada con una validación de entrada mejorada. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, tvOS versión 13.4, Safari versión 13.1, iTunes para Windows versión 12.10.5, iCloud para Windows versión 10.9.3, iCloud para Windows versión 7.18. • https://support.apple.com/HT211101 https://support.apple.com/HT211102 https://support.apple.com/HT211104 https://support.apple.com/HT211105 https://support.apple.com/HT211106 https://support.apple.com/HT211107 https://access.redhat.com/security/cve/CVE-2020-3902 https://bugzilla.redhat.com/show_bug.cgi?id=1876476 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 2%CPEs: 8EXPL: 0CVE-2020-3897 – Apple Safari Object Transition Cache Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-3897
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. Se abordó un problema de confusión de tipos con un manejo de la memoria mejorado. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, tvOS versión 13.4, watchOS versión 6.2, Safari versión 13.1, iTunes para Windows versión 12.10.5, iCloud para Windows versión 10.9.3, iCloud para Windows versión 7.18. • https://support.apple.com/HT211101 https://support.apple.com/HT211102 https://support.apple.com/HT211103 https://support.apple.com/HT211104 https://support.apple.com/HT211105 https://support.apple.com/HT211106 https://support.apple.com/HT211107 https://access.redhat.com/security/cve/CVE-2020-3897 https://bugzilla.redhat.com/show_bug.cgi?id=1876468 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2020-3901 – webkitgtk: Type confusion leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2020-3901
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de confusión de tipos con un manejo de la memoria mejorado. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, tvOS versión 13.4, watchOS versión 6.2, Safari versión 13.1, iTunes para Windows versión 12.10.5, iCloud para Windows versión 10.9.3, iCloud para Windows versión 7.18. • https://support.apple.com/HT211101 https://support.apple.com/HT211102 https://support.apple.com/HT211103 https://support.apple.com/HT211104 https://support.apple.com/HT211105 https://support.apple.com/HT211106 https://support.apple.com/HT211107 https://access.redhat.com/security/cve/CVE-2020-3901 https://bugzilla.redhat.com/show_bug.cgi?id=1876473 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •