CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-10017 – Apple macOS AudioCodecs AAC Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-10017
09 Nov 2020 — An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution. Se abordó una escritura fuera de límites con una comprobación de entrada mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1, iOS versión 14.2 y iPadOS versión 14.2, tvOS versión 14.2, watchOS versión 7.1. • http://seclists.org/fulldisclosure/2020/Dec/26 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2020-10010
https://notcve.org/view.php?id=CVE-2020-10010
09 Nov 2020 — A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges. Se abordó un problema de manejo de rutas con una comprobación mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1, iOS versión 14.2 y iPadOS versión 14.2, tvOS versión 14.2, watchOS versión 7.1. • http://seclists.org/fulldisclosure/2020/Dec/26 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2020-10002
https://notcve.org/view.php?id=CVE-2020-10002
09 Nov 2020 — A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files. Se abordó un problema lógico con una administración de estado mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1, watchOS versión 7.1, iOS versión 14.2 y iPadOS versión 14.2, iCloud para Windows 11.5, tvOS versión 14.2, iTunes 12.11 p... • http://seclists.org/fulldisclosure/2020/Dec/26 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-10003
https://notcve.org/view.php?id=CVE-2020-10003
09 Nov 2020 — An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges. Se presentó un problema dentro de la lógica de comprobación de ruta para enlaces simbólicos. • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2020-27930 – Apple Multiple Products Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-27930
09 Nov 2020 — A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution. Se abordó un problema de corrupción de la memoria con una comprobación de entrada mejorada.&... • https://github.com/FunPhishing/Apple-Safari-Remote-Code-Execution-CVE-2020-27930 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2020-10011
https://notcve.org/view.php?id=CVE-2020-10011
09 Nov 2020 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. Se abordó una lectura fuera de límites con una comprobación de límites mejorada. Este problema se corrigió en iOS versión 14.2 y iPadOS versión 14.2, macOS Catalina versión 10.15... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0CVE-2020-27932 – Apple Multiple Products Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2020-27932
09 Nov 2020 — A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de confusión de tipos con un manejo de estado mejorado. Este... • http://packetstormsecurity.com/files/161295/XNU-Kernel-Turnstiles-Type-Confusion.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-9974
https://notcve.org/view.php?id=CVE-2020-9974
09 Nov 2020 — A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to determine kernel memory layout. Se abordó un problema lógico con una administración de estado mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1, iOS versión 14.2 y iPadOS versión 14.2, tvOS versión 14.2, watchOS versión 7.1. • http://seclists.org/fulldisclosure/2020/Dec/26 •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2020-8037 – ppp decapsulator can be convinced to allocate a large amount of memory
https://notcve.org/view.php?id=CVE-2020-8037
04 Nov 2020 — The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. El ppp decapsulator en tcpdump versión 4.9.3 puede ser convencido para que asigne una gran cantidad de memoria A flaw was found in tcpdump while printing PPP packets captured in a pcap file or coming from the network. This flaw allows a remote attacker to send specially crafted packets that, when printed, can lead the application to allocate a large amount of memory, resulting in a denial of service. The highest thr... • http://seclists.org/fulldisclosure/2021/Apr/51 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-8796
https://notcve.org/view.php?id=CVE-2019-8796
27 Oct 2020 — A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode. Se abordó un problema lógico con una comprobación mejorada. Este problema se corrigió en macOS Catalina versión 10.15.1, Security Update 2019-001 y Security Update 2019-006, iOS versión 12.4.3, watchOS versión 6.1, iOS versión 1... • https://support.apple.com/en-us/HT210721 •