CVE-2020-3888
https://notcve.org/view.php?id=CVE-2020-3888
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4. A maliciously crafted page may interfere with other web contexts. Se abordó un problema lógico con restricciones mejoradas. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4. • https://support.apple.com/HT211102 •
CVE-2020-3914
https://notcve.org/view.php?id=CVE-2020-3914
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory. Se abordó un problema de inicialización de memoria con un manejo de la memoria mejorado. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, macOS Catalina versión 10.15.4, tvOS versión 13.4, watchOS versión 6.2. • https://support.apple.com/HT211100 https://support.apple.com/HT211101 https://support.apple.com/HT211102 https://support.apple.com/HT211103 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2020-3895 – webkitgtk: Memory corruption triggered by a malicious web content
https://notcve.org/view.php?id=CVE-2020-3895
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de corrupción de la memoria con un manejo de la memoria mejorado. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, tvOS versión 13.4, watchOS versión 6.2, Safari versión 13.1, iTunes para Windows versión 12.10.5, iCloud para Windows versión 10.9.3, iCloud para Windows versión 7.18. • https://support.apple.com/HT211101 https://support.apple.com/HT211102 https://support.apple.com/HT211103 https://support.apple.com/HT211104 https://support.apple.com/HT211105 https://support.apple.com/HT211106 https://support.apple.com/HT211107 https://access.redhat.com/security/cve/CVE-2020-3895 https://bugzilla.redhat.com/show_bug.cgi?id=1876465 • CWE-787: Out-of-bounds Write •
CVE-2020-9777
https://notcve.org/view.php?id=CVE-2020-9777
An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. This issue is fixed in iOS 13.4 and iPadOS 13.4. Cropped videos may not be shared properly via Mail. Existía un problema en la selección del archivo de video mediante Mail. • https://support.apple.com/HT211102 •
CVE-2019-20044 – zsh: insecure dropping of privileges when unsetting PRIVILEGED option
https://notcve.org/view.php?id=CVE-2019-20044
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). En Zsh versiones anteriores a 5.8, los atacantes capaces de ejecutar comandos pueden recuperar privilegios eliminados mediante la opción --no-PRIVILEGED. Zsh presenta un fallo al sobrescribir el uid guardado, ya que los privilegios originales pueden ser restaurados mediante una ejecución de zmodload de MODULE_PATH=/dir/with/module con un módulo que llama a la función setuid(). A flaw was found in zsh. • http://seclists.org/fulldisclosure/2020/May/49 http://seclists.org/fulldisclosure/2020/May/53 http://seclists.org/fulldisclosure/2020/May/55 http://seclists.org/fulldisclosure/2020/May/59 http://zsh.sourceforge.net/releases.html https://github.com/XMB5/zsh-privileged-upgrade https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproje • CWE-271: Privilege Dropping / Lowering Errors CWE-273: Improper Check for Dropped Privileges •