CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3980
https://notcve.org/view.php?id=CVE-2020-3980
VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed. VMware Fusion (versión 11.x), contiene una vulnerabilidad de escalamiento de privilegios debido a la forma en que permite configurar la ruta amplia del sistema. Un atacante con privilegios de usuario normales puede ser capaz de explotar este problema para engañar a un usuario administrador para que ejecute código malicioso en el sistema donde está instalado Fusion • https://www.vmware.com/security/advisories/VMSA-2020-0020.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9887 – Apple macOS AppleVPA JPEG Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-9887
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. Viewing a maliciously crafted JPEG file may lead to arbitrary code execution. Se abordó un problema de corrupción de la memoria con una comprobación de entrada mejorada. Este problema es corregido en macOS Catalina versión 10.15.6. • https://support.apple.com/kb/HT211289 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-6574 – chromium-browser: Insufficient policy enforcement in installer
https://notcve.org/view.php?id=CVE-2020-6574
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. Una aplicación insuficiente de la política en installer en Google Chrome en OS X versiones anteriores a 85.0.4183.102, permitía a un atacante local alcanzar potencialmente una escalada de privilegios por medio de un binario diseñado • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html https://crbug.com/1102196 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKB •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9908 – Apple macOS Intel Graphics Driver Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-9908
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory. Se abordó una lectura fuera de límites con una comprobación de entrada mejorada. Este problema se corrigió en macOS Catalina versión 10.15.6. • https://support.apple.com/kb/HT211289 • CWE-125: Out-of-bounds Read •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9939 – Apple macOS kextload Time-Of-Check Time-Of-Use Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-9939
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to load unsigned kernel extensions. Este problema fue abordado con comprobaciones mejoradas. Este problema se corrigió en macOS Catalina versión 10.15.6. • https://support.apple.com/kb/HT211289 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •