Apple Issues Security Updates

Apple Issues Security Updates
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database CVE-2020-15481PUBLISHED: 2020-11-13

An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This could ...

CVE-2020-28638PUBLISHED: 2020-11-13

ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb {W] Detected DISPLAY, but only pinentry-curses is found." as the encryption key.

CVE-2020-5796PUBLISHED: 2020-11-13

Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.

CVE-2020-6157PUBLISHED: 2020-11-13

Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitiv...

CVE-2020-12338PUBLISHED: 2020-11-13

Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an ..