CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9862 – webkitgtk: Command injection in web inspector
https://notcve.org/view.php?id=CVE-2020-9862
A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. Se presentó un problema de inyección de comandos en Web Inspector. • https://support.apple.com/HT211288 https://support.apple.com/HT211290 https://support.apple.com/HT211291 https://support.apple.com/HT211292 https://support.apple.com/HT211293 https://support.apple.com/HT211294 https://support.apple.com/HT211295 https://access.redhat.com/security/cve/CVE-2020-9862 https://bugzilla.redhat.com/show_bug.cgi?id=1879532 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2020-9893 – Apple Safari RenderWidget Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-9893
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Se abordó un problema de uso de la memoria previamente liberada con una administración de la memoria mejorada. Este problema es corregido en iOS versión 13.6 y iPadOS versión 13.6, tvOS versión 13.4.8, watchOS versión 6.2.8, Safari versión 13.1.2, iTunes versión 12.10.8 para Windows, iCloud para Windows versión 11.3, iCloud para Windows versión 7.20. • https://support.apple.com/HT211288 https://support.apple.com/HT211290 https://support.apple.com/HT211291 https://support.apple.com/HT211292 https://support.apple.com/HT211293 https://support.apple.com/HT211294 https://support.apple.com/HT211295 https://access.redhat.com/security/cve/CVE-2020-9893 https://bugzilla.redhat.com/show_bug.cgi?id=1879535 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9894 – Apple Safari getAnimations Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-9894
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Se abordó una lectura fuera de límites con una comprobación de entrada mejorada. Este problema es corregido en iOS versión 13.6 y iPadOS versión 13.6, tvOS versión 13.4.8, watchOS versión 6.2.8, Safari versión 13.1.2, iTunes versión 12.10.8 para Windows, iCloud para Windows versión 11.3, iCloud para Windows versión 7.20. • https://support.apple.com/HT211288 https://support.apple.com/HT211290 https://support.apple.com/HT211291 https://support.apple.com/HT211292 https://support.apple.com/HT211293 https://support.apple.com/HT211294 https://support.apple.com/HT211295 https://access.redhat.com/security/cve/CVE-2020-9894 https://bugzilla.redhat.com/show_bug.cgi?id=1879536 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 3%CPEs: 8EXPL: 0CVE-2020-9895 – webkitgtk: Use-after-free may lead to application termination or arbitrary code execution
https://notcve.org/view.php?id=CVE-2020-9895
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Se abordó un problema de uso de la memoria previamente liberada con una administración de la memoria mejorada. Este problema es corregido en iOS versión 13.6 y iPadOS versión 13.6, tvOS versión 13.4.8, watchOS versión 6.2.8, Safari versión 13.1.2, iTunes versión 12.10.8 para Windows, iCloud para Windows versión 11.3, iCloud para Windows versión 7.20. • https://support.apple.com/HT211288 https://support.apple.com/HT211290 https://support.apple.com/HT211291 https://support.apple.com/HT211292 https://support.apple.com/HT211293 https://support.apple.com/HT211294 https://support.apple.com/HT211295 https://access.redhat.com/security/cve/CVE-2020-9895 https://bugzilla.redhat.com/show_bug.cgi?id=1879538 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9915 – webkitgtk: Access issue in content security policy
https://notcve.org/view.php?id=CVE-2020-9915
An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Se presentó un problema de acceso en la Política de Seguridad de Contenido. • https://support.apple.com/HT211288 https://support.apple.com/HT211290 https://support.apple.com/HT211291 https://support.apple.com/HT211292 https://support.apple.com/HT211293 https://support.apple.com/HT211294 https://support.apple.com/HT211295 https://access.redhat.com/security/cve/CVE-2020-9915 https://bugzilla.redhat.com/show_bug.cgi?id=1879540 • CWE-284: Improper Access Control •