CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-9768 – Apple Security Advisory 2020-03-24-4
https://notcve.org/view.php?id=CVE-2020-9768
25 Mar 2020 — A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to execute arbitrary code with system privileges. Se abordó un problema de uso de la memoria previamente liberada con una administración de memoria mejorada . Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, tvOS versión 13.4, watchOS versión 6.2. • https://support.apple.com/HT211101 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3916 – Apple Security Advisory 2020-03-24-4
https://notcve.org/view.php?id=CVE-2020-3916
25 Mar 2020 — An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos. Se abordó un problema de acceso con restricciones de sandbox adicionales. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, watchOS versión 6.2. • https://support.apple.com/HT211102 •
CVSS: 3.1EPSS: 1%CPEs: 6EXPL: 1CVE-2020-3894 – webkitgtk: Race condition allows reading of restricted memory
https://notcve.org/view.php?id=CVE-2020-3894
25 Mar 2020 — A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. Se abordó una condición de carrera con una comprobación adicional. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, tvOS versión 13.4, Safari versión 13.1, iTunes para Windows versión 12.10.5, iCloud para Windows versión 10.9... • https://packetstorm.news/files/id/157378 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3913 – Apple Security Advisory 2020-03-24-4
https://notcve.org/view.php?id=CVE-2020-3913
25 Mar 2020 — A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. A malicious application may be able to elevate privileges. Existía un problema de permisos. • https://support.apple.com/HT211100 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3917 – Apple Security Advisory 2020-03-24-4
https://notcve.org/view.php?id=CVE-2020-3917
25 Mar 2020 — This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks. Este problema se abordó con un nuevo derecho. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, tvOS versión 13.4, watchOS versión 6.2. • https://support.apple.com/HT211101 •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2020-3900 – webkitgtk: Memory corruption triggered by a malicious web content
https://notcve.org/view.php?id=CVE-2020-3900
25 Mar 2020 — A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de corrupción de la memoria con un manejo de la memoria mejorado. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, tvOS versión 13.4, watchOS versión 6... • https://support.apple.com/HT211101 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2020-3901 – webkitgtk: Type confusion leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2020-3901
25 Mar 2020 — A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de confusión de tipos con un manejo de la memoria mejorado. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, tvOS versión 13.4, watchOS versión 6.2, Safar... • https://support.apple.com/HT211101 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 2.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3891 – Apple Security Advisory 2020-03-24-4
https://notcve.org/view.php?id=CVE-2020-3891
25 Mar 2020 — A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled. Se abordó un problema lógico con una gestión de estado mejorada. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, watchOS versión 6.2. • https://support.apple.com/HT211102 •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2019-20044 – zsh: insecure dropping of privileges when unsetting PRIVILEGED option
https://notcve.org/view.php?id=CVE-2019-20044
24 Feb 2020 — In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). En Zsh versiones anteriores a 5.8, los atacantes capaces de ejecutar comandos pueden recuperar privilegios eliminados mediante la opción --no-PRIVILEGED. Zsh presenta un fallo al sobrescribir el uid guardado, ya que los privilegio... • http://seclists.org/fulldisclosure/2020/May/49 • CWE-271: Privilege Dropping / Lowering Errors CWE-273: Improper Check for Dropped Privileges •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-3864 – webkitgtk: Non-unique security origin for DOM object contexts
https://notcve.org/view.php?id=CVE-2020-3864
17 Feb 2020 — A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. Se abordó un problema lógico con una comprobación mejorada. Este problema se corrigió en iCloud para Windows versión 7.17, iTunes versión 12.10.4 para Windows, iCloud para Windows versión 10.9.2, tvOS versión 13.3.1, Safari vers... • https://support.apple.com/en-us/HT210918 • CWE-346: Origin Validation Error •