Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-9806: About the security content of Safari 13.1.1

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE
#web#ios#mac#windows#google

Released May 26, 2020

Safari

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: A malicious process may cause Safari to launch an application

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9801: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative

WebKit

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9802: Samuel Groß of Google Project Zero

WebKit

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9805: an anonymous researcher

WebKit

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved memory handling.

CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative

WebKit

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9806: Wen Xu of SSLab at Georgia Tech

CVE-2020-9807: Wen Xu of SSLab at Georgia Tech

WebKit

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: A remote attacker may be able to cause arbitrary code execution

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative

WebKit

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: Processing maliciously crafted web content may lead to a cross site scripting attack

Description: An input validation issue was addressed with improved input validation.

CVE-2020-9843: Ryan Pickren (ryanpickren.com)

WebKit

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2020-9803: Wen Xu of SSLab at Georgia Tech

WebRTC

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: Processing maliciously crafted web content may result in the disclosure of process memory

Description: An access issue was addressed with improved memory management.

CVE-2019-20503: natashenka of Google Project Zero

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907