CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3903 – Apple Security Advisory 2020-03-24-2
https://notcve.org/view.php?id=CVE-2020-3903
25 Mar 2020 — A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.4. An application may be able to execute arbitrary code with system privileges. Se abordó un problema de corrupción de la memoria con un manejo de la memoria mejorado. Este problema es corregido en macOS Catalina versión 10.15.4. • https://support.apple.com/HT211100 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3884 – Apple Security Advisory 2020-03-24-2
https://notcve.org/view.php?id=CVE-2020-3884
25 Mar 2020 — An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution. Se abordó un problema de inyección con una comprobación mejorada. Este problema es corregido en macOS Catalina versión 10.15.4. • https://support.apple.com/HT211100 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3906 – Apple Security Advisory 2020-03-24-2
https://notcve.org/view.php?id=CVE-2020-3906
25 Mar 2020 — A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.4. A maliciously crafted application may be able to bypass code signing enforcement. Se abordó un problema lógico con restricciones mejoradas. Este problema es corregido en macOS Catalina versión 10.15.4. • https://support.apple.com/HT211100 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3913 – Apple Security Advisory 2020-03-24-4
https://notcve.org/view.php?id=CVE-2020-3913
25 Mar 2020 — A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. A malicious application may be able to elevate privileges. Existía un problema de permisos. • https://support.apple.com/HT211100 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3892 – Apple Security Advisory 2020-03-24-2
https://notcve.org/view.php?id=CVE-2020-3892
25 Mar 2020 — A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de corrupción de la memoria con una comprobación de entrada mejorada. Este problema es corregido en macOS Catalina versión 10.15.4. • https://support.apple.com/HT211100 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3881 – Apple Security Advisory 2020-03-24-2
https://notcve.org/view.php?id=CVE-2020-3881
25 Mar 2020 — A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to view sensitive user information. Se abordó un problema lógico con una gestión de estado mejorada. Este problema es corregido en macOS Catalina versión 10.15.4. • https://support.apple.com/HT211100 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3904 – Apple Security Advisory 2020-03-24-2
https://notcve.org/view.php?id=CVE-2020-3904
25 Mar 2020 — Multiple memory corruption issues were addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordaron múltiples problemas de corrupción de la memoria con una administración de estado mejorada. Este problema es corregido en macOS Catalina versión 10.15.4. • https://support.apple.com/HT211100 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9769 – Apple Security Advisory 2020-03-24-2
https://notcve.org/view.php?id=CVE-2020-9769
25 Mar 2020 — Multiple issues were addressed by updating to version 8.1.1850. This issue is fixed in macOS Catalina 10.15.4. Multiple issues in Vim. Se abordaron varios problemas mediante la actualización a la versión 8.1.1850. Este problema es corregido en macOS Catalina versión 10.15.4. • https://support.apple.com/HT211100 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-3883 – Apple Security Advisory 2020-03-24-4
https://notcve.org/view.php?id=CVE-2020-3883
25 Mar 2020 — This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements. Este problema se abordó con comprobaciones mejoradas. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, macOS Catalina versión 10.15.4, tvOS versión 13.4, watchOS versión 6.2. • https://support.apple.com/HT211100 •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2019-20044 – zsh: insecure dropping of privileges when unsetting PRIVILEGED option
https://notcve.org/view.php?id=CVE-2019-20044
24 Feb 2020 — In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). En Zsh versiones anteriores a 5.8, los atacantes capaces de ejecutar comandos pueden recuperar privilegios eliminados mediante la opción --no-PRIVILEGED. Zsh presenta un fallo al sobrescribir el uid guardado, ya que los privilegio... • http://seclists.org/fulldisclosure/2020/May/49 • CWE-271: Privilege Dropping / Lowering Errors CWE-273: Improper Check for Dropped Privileges •