CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9776 – Apple Security Advisory 2020-03-24-2
https://notcve.org/view.php?id=CVE-2020-9776
25 Mar 2020 — This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to access a user's call history. Este problema se abordó con un nuevo derecho. Este problema es corregido en macOS Catalina versión 10.15.4. • https://support.apple.com/HT211100 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-3883 – Apple Security Advisory 2020-03-24-4
https://notcve.org/view.php?id=CVE-2020-3883
25 Mar 2020 — This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements. Este problema se abordó con comprobaciones mejoradas. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, macOS Catalina versión 10.15.4, tvOS versión 13.4, watchOS versión 6.2. • https://support.apple.com/HT211100 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3892 – Apple Security Advisory 2020-03-24-2
https://notcve.org/view.php?id=CVE-2020-3892
25 Mar 2020 — A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de corrupción de la memoria con una comprobación de entrada mejorada. Este problema es corregido en macOS Catalina versión 10.15.4. • https://support.apple.com/HT211100 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3881 – Apple Security Advisory 2020-03-24-2
https://notcve.org/view.php?id=CVE-2020-3881
25 Mar 2020 — A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to view sensitive user information. Se abordó un problema lógico con una gestión de estado mejorada. Este problema es corregido en macOS Catalina versión 10.15.4. • https://support.apple.com/HT211100 •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-3919 – Apple Security Advisory 2020-03-24-4
https://notcve.org/view.php?id=CVE-2020-3919
25 Mar 2020 — A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de inicialización de memoria con un manejo de la memoria mejorado. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, macOS Catalina versión 10.15.4, tvOS versión 13.4, watchOS versión 6.2. • https://support.apple.com/HT211100 • CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-3914 – Apple Security Advisory 2020-03-24-4
https://notcve.org/view.php?id=CVE-2020-3914
25 Mar 2020 — A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory. Se abordó un problema de inicialización de memoria con un manejo de la memoria mejorado. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, macOS Catalina versión 10.15.4, tvOS versión 13.4, watchOS versión 6.2. • https://support.apple.com/HT211100 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2020-3909 – Apple Security Advisory 2020-03-24-4
https://notcve.org/view.php?id=CVE-2020-3909
25 Mar 2020 — A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. Se abordó un desbordamiento del búfer con una comprobación de límites mejorada. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, macOS Catalina versión 10.15.4, tvOS versión 13.4, watchOS versión 6.2, iTunes para Windows ve... • https://support.apple.com/HT211100 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2019-20044 – zsh: insecure dropping of privileges when unsetting PRIVILEGED option
https://notcve.org/view.php?id=CVE-2019-20044
24 Feb 2020 — In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). En Zsh versiones anteriores a 5.8, los atacantes capaces de ejecutar comandos pueden recuperar privilegios eliminados mediante la opción --no-PRIVILEGED. Zsh presenta un fallo al sobrescribir el uid guardado, ya que los privilegio... • http://seclists.org/fulldisclosure/2020/May/49 • CWE-271: Privilege Dropping / Lowering Errors CWE-273: Improper Check for Dropped Privileges •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4606
https://notcve.org/view.php?id=CVE-2016-4606
21 Feb 2020 — Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Curl versiones anteriores a 7.49.1, en Apple OS X macOS Sierra versiones anteriores a 10.12, permite a atacantes remotos o locales ejecutar código arbitrario, conseguir información confidencial, causar condición de denegación... • http://www.securityfocus.com/bid/93055 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5366
https://notcve.org/view.php?id=CVE-2012-5366
20 Feb 2020 — The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. La implementación de IPv6 en Apple Mac OS X (versiones desconocidas, año 2012 y anteriores), permite a atacantes remotos causar una denegación de servicio por medio de una avalancha de paquetes ICMPv6 Router Advertisement, que contienen múltiples entradas de Enrutamiento. • http://www.openwall.com/lists/oss-security/2012/10/10/12 • CWE-400: Uncontrolled Resource Consumption •