CVSS: 3.1EPSS: 0%CPEs: 15EXPL: 1CVE-2019-15126 – Broadcom Wi-Fi Devices - 'KR00K Information Disclosure
https://notcve.org/view.php?id=CVE-2019-15126
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. Se detectó un problema en los dispositivos cliente de Broadcom Wi-Fi. Específicamente un tráfico diseñado minuciosamente y sincronizado puede causar errores internos (relacionados con las transiciones de estado) en un dispositivo WLAN que conllevan a un cifrado de Wi-Fi de Capa 2 inapropiado con una consiguiente posibilidad de divulgación de información por medio del aire para un conjunto de tráfico discreto, una vulnerabilidad diferente de CVE-2019-9500, CVE-2019-9501, CVE-2019-9502 y CVE-2019-9503. • https://www.exploit-db.com/exploits/48233 http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001 https:&# • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-3826 – macOS/iOS ImageIO DDS Image Out-Of-Bounds Read
https://notcve.org/view.php?id=CVE-2020-3826
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing a maliciously crafted image may lead to arbitrary code execution. Se abordó una lectura fuera de límites con una comprobación de entrada mejorada. Este problema es corregido en iOS versión 13.3.1 y iPadOS versión 13.3.1, macOS Catalina versión 10.15.3, tvOS versión 13.3.1, watchOS versión 6.1.2, iTunes para Windows 12.10.4, iCloud para Windows 11.0, iCloud para Windows 7.17. • https://support.apple.com/HT210947 https://support.apple.com/HT210948 • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3827 – macOS ImageIO JPEG Out-Of-Bounds Write
https://notcve.org/view.php?id=CVE-2020-3827
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. Viewing a maliciously crafted JPEG file may lead to arbitrary code execution. Se abordó un problema de corrupción de memoria con una comprobación de entrada mejorada. Este problema es corregido en macOS Catalina versión 10.15.3. • https://support.apple.com/HT210919 • CWE-787: Out-of-bounds Write •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3830
https://notcve.org/view.php?id=CVE-2020-3830
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to overwrite arbitrary files. Se presentó un problema de comprobación en el manejo de enlaces simbólicos. • https://support.apple.com/HT210919 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3835
https://notcve.org/view.php?id=CVE-2020-3835
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to access restricted files. Se presentó un problema de comprobación en el manejo de enlaces simbólicos. • https://support.apple.com/HT210919 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •