CVE-2019-15126 – Broadcom Wi-Fi Devices - 'KR00K Information Disclosure
https://notcve.org/view.php?id=CVE-2019-15126
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. Se detectó un problema en los dispositivos cliente de Broadcom Wi-Fi. Específicamente un tráfico diseñado minuciosamente y sincronizado puede causar errores internos (relacionados con las transiciones de estado) en un dispositivo WLAN que conllevan a un cifrado de Wi-Fi de Capa 2 inapropiado con una consiguiente posibilidad de divulgación de información por medio del aire para un conjunto de tráfico discreto, una vulnerabilidad diferente de CVE-2019-9500, CVE-2019-9501, CVE-2019-9502 y CVE-2019-9503. • https://www.exploit-db.com/exploits/48233 http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001 https: • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2020-3847
https://notcve.org/view.php?id=CVE-2020-3847
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory. Se abordó una lectura fuera de límites con una comprobación de entrada mejorada. Este problema es corregido en macOS Catalina versión 10.15.3. • https://support.apple.com/HT210919 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVE-2020-3871
https://notcve.org/view.php?id=CVE-2020-3871
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de corrupción de memoria con un manejo de memoria mejorado. Este problema es corregido en macOS Catalina versión 10.15.3. • https://support.apple.com/HT210919 • CWE-787: Out-of-bounds Write •
CVE-2020-3850
https://notcve.org/view.php?id=CVE-2020-3850
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Se abordó un problema de corrupción de la memoria con una comprobación de entrada mejorada. Este problema es corregido en macOS Catalina versión 10.15.3. • https://support.apple.com/HT210919 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVE-2020-3854
https://notcve.org/view.php?id=CVE-2020-3854
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges. Se abordó un problema de corrupción de memoria con un manejo de la memoria mejorado. Este problema es corregido en macOS Catalina versión 10.15.3. • https://support.apple.com/HT210919 • CWE-787: Out-of-bounds Write •