CVSS: 9.3EPSS: 1%CPEs: 8EXPL: 0CVE-2020-3899 – webkitgtk: Memory consumption issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2020-3899
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. Se abordó un problema de consumo de memoria con un manejo de la memoria mejorado. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, tvOS versión 13.4, watchOS versión 6.2 Safari versión 13.1, iTunes para Windows versión 12.10.5, iCloud para Windows versión 10.9.3, iCloud para Windows versión 7.18. • https://support.apple.com/HT211101 https://support.apple.com/HT211102 https://support.apple.com/HT211104 https://support.apple.com/HT211105 https://support.apple.com/HT211106 https://support.apple.com/HT211107 https://access.redhat.com/security/cve/CVE-2020-3899 https://bugzilla.redhat.com/show_bug.cgi?id=1876470 •
CVSS: 2.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3891
https://notcve.org/view.php?id=CVE-2020-3891
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled. Se abordó un problema lógico con una gestión de estado mejorada. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, watchOS versión 6.2. • https://support.apple.com/HT211102 https://support.apple.com/HT211103 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3917
https://notcve.org/view.php?id=CVE-2020-3917
This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks. Este problema se abordó con un nuevo derecho. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, tvOS versión 13.4, watchOS versión 6.2. • https://support.apple.com/HT211101 https://support.apple.com/HT211102 https://support.apple.com/HT211103 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9770
https://notcve.org/view.php?id=CVE-2020-9770
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic. Se abordó un problema lógico con una gestión de estado mejorada. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4. • https://support.apple.com/HT211102 •
CVSS: 3.1EPSS: 1%CPEs: 6EXPL: 0CVE-2020-3894 – webkitgtk: Race condition allows reading of restricted memory
https://notcve.org/view.php?id=CVE-2020-3894
A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. Se abordó una condición de carrera con una comprobación adicional. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, tvOS versión 13.4, Safari versión 13.1, iTunes para Windows versión 12.10.5, iCloud para Windows versión 10.9.3, iCloud para Windows versión 7.18. • https://support.apple.com/HT211101 https://support.apple.com/HT211102 https://support.apple.com/HT211104 https://support.apple.com/HT211105 https://support.apple.com/HT211106 https://support.apple.com/HT211107 https://access.redhat.com/security/cve/CVE-2020-3894 https://bugzilla.redhat.com/show_bug.cgi?id=1876463 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •