CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9790
https://notcve.org/view.php?id=CVE-2020-9790
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en iOS versión 13.5 y iPadOS versión 13.5, macOS Catalina versión 10.15.5, tvOS versión 13.4.5, watchOS versión 6.2.5, iTunes versión 12.10.7 para Windows, iCloud para Windows versión 11.2, iCloud para Windows versión 7.19. • https://support.apple.com/HT211168 https://support.apple.com/HT211170 https://support.apple.com/HT211171 https://support.apple.com/HT211175 https://support.apple.com/HT211178 https://support.apple.com/HT211179 https://support.apple.com/HT211181 • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9794
https://notcve.org/view.php?id=CVE-2020-9794
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents. Se abordó una lectura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en iOS versión 13.5 y iPadOS versión 13.5, macOS Catalina versión 10.15.5, tvOS versión 13.4.5, watchOS versión 6.2.5, iTunes versión 12.10.7 para Windows, iCloud para Windows versión 11.2, iCloud para Windows versión 7.19. • https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://support.apple.com/HT211168 https://support.apple.com/HT211170 https://support.apple.com/HT211171 https://support.apple.com/HT211175 https://support.apple.com/HT211178 https://support.apple.com/HT211179 https://support.apple.com/HT211181 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20807 – vim: users can execute arbitrary OS commands via scripting interfaces in the rvim restricted mode
https://notcve.org/view.php?id=CVE-2019-20807
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). En Vim versiones anteriores a 8.1.0881, los usuarios pueden omitir el modo restringido rvim y ejecutar comandos arbitrarios de Sistema Operativo por medio de interfaces de scripting (por ejemplo, Python, Ruby o Lua). A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found that users could still execute some arbitrary OS commands in the restricted mode. This flaw was fixed by filtering the functions that can call OS commands. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html http://seclists.org/fulldisclosure/2020/Jul/24 https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075 https://github.com/vim/vim/releases/tag/v8.1.0881 https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html https://support.apple.com/kb/HT211289 https://usn.ubuntu.com/4582-1 https://www.starwindsoftware.com/security/sw-20220812-0003 https://access.redhat.com/security/cve/CVE-2019&# • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2020-9839 – Apple macOS cfprefsd Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-9839
A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges. Se abordó una condición de carrera con un manejo del estado mejorado. Este problema es corregido en iOS versión 13.5 y iPadOS versión 13.5, macOS Catalina versión 10.15.5, tvOS versión 13.4.5, watchOS versión 6.2.5. • https://support.apple.com/HT211168 https://support.apple.com/HT211170 https://support.apple.com/HT211171 https://support.apple.com/HT211175 https://github.com/sslab-gatech/pwn2own2020 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/osx/local/cfprefsd_race_condition.rb • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 13%CPEs: 27EXPL: 1CVE-2020-9856 – Apple macOS Core Virtual Machine Service Heap-based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2020-9856
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges. Este problema se abordó con comprobaciones mejoradas. Este problema es corregido en macOS Catalina versión 10.15.5. • https://support.apple.com/HT211170 https://github.com/sslab-gatech/pwn2own2020 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/osx/browser/safari_in_operator_side_effect.rb •