CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-36226 – Apple Security Advisory 2021-05-25-4
https://notcve.org/view.php?id=CVE-2020-36226
25 Jan 2021 — A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. Se detectó un fallo en OpenLDAP versiones anteriores a 2.4.57, conllevando un cálculo inapropiado de memch-)bv_len y un bloqueo de slapd en el procesamiento de saslAuthzTo, resultando en una denegación de servicio Several vulnerabilities were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unaut... • http://seclists.org/fulldisclosure/2021/May/64 •
CVSS: 7.5EPSS: 10%CPEs: 4EXPL: 0CVE-2020-36228 – Apple Security Advisory 2021-05-25-4
https://notcve.org/view.php?id=CVE-2020-36228
25 Jan 2021 — An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. Se detectó un subdesbordamiento de enteros en OpenLDAP versiones anteriores a 2.4.57, conllevando un bloqueo de slapd en el procesamiento de Certificate List Exact Assertion, resultando en una denegación de servicio It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly ... • http://seclists.org/fulldisclosure/2021/May/64 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 6%CPEs: 22EXPL: 0CVE-2020-36229 – Apple Security Advisory 2021-05-25-4
https://notcve.org/view.php?id=CVE-2020-36229
25 Jan 2021 — A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. Se detectó un fallo en ldap_X509dn2bv en OpenLDAP versiones anteriores a 2.4.57, conllevando un bloqueo de slapd en el análisis del DN X.509 en ad_keystring, resultando en una denegación de servicio It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause ... • http://seclists.org/fulldisclosure/2021/May/64 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 2%CPEs: 23EXPL: 0CVE-2020-36230 – Apple Security Advisory 2021-05-25-4
https://notcve.org/view.php?id=CVE-2020-36230
25 Jan 2021 — A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. Se detectó un fallo en OpenLDAP versiones anteriores a 2.4.57, conllevando en un fallo de aserción en slapd en el análisis de DN X.509 en ber_next_element del archivo decode.c, resultando en una denegación de servicio Several vulnerabilities were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol... • http://seclists.org/fulldisclosure/2021/May/64 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 11%CPEs: 4EXPL: 0CVE-2020-36227 – Apple Security Advisory 2021-05-25-4
https://notcve.org/view.php?id=CVE-2020-36227
25 Jan 2021 — A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. Se detectó un fallo en OpenLDAP versiones anteriores a 2.4.57, conllevando a un bucle infinito en slapd con la operación Cancel de cancel_extop, resultando en una denegación de servicio It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, r... • http://seclists.org/fulldisclosure/2021/May/64 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2020-36223 – Apple Security Advisory 2021-05-25-4
https://notcve.org/view.php?id=CVE-2020-36223
25 Jan 2021 — A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). Se detectó un fallo en OpenLDAP versiones anteriores a 2.4.57, conllevando un bloqueo de slapd en el manejo del control de Values Return Filter, resultando en una denegación de servicio (doble liberación y lectura fuera de límites) It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. ... • http://seclists.org/fulldisclosure/2021/May/64 • CWE-125: Out-of-bounds Read CWE-415: Double Free •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2020-27947 – Apple macOS process_token_AVCDecode Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-27947
16 Dec 2020 — A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de corrupción de memoria con una comprobación de la entrada mejorada. Este problema es corregido en macOS Big Sur versión 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. • https://support.apple.com/en-us/HT212011 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27899 – Apple Security Advisory 2020-12-14-4
https://notcve.org/view.php?id=CVE-2020-27899
16 Dec 2020 — A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges. Se abordó un problema de uso de la memoria previamente liberada con una administración de la memoria mejorada. Este problema es corregido en iOS versión 14.2 y iPadOS versión 14.2, macOS Big Sur versión 11.0.1, watchOS versión 7.1, tvOS versión 14.2. • https://support.apple.com/en-us/HT211928 • CWE-416: Use After Free •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27901 – Apple Security Advisory 2020-12-14-3
https://notcve.org/view.php?id=CVE-2020-27901
16 Dec 2020 — A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions. Se abordó un problema de lógica con unas restricciones mejoradas. Este problema es corregido en macOS Big Sur versión 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur versión 11.0.1. • https://support.apple.com/en-us/HT211931 • CWE-863: Incorrect Authorization •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2020-29612 – Apple macOS patch_encoding_common Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-29612
16 Dec 2020 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to execute arbitrary code with system privileges. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en macOS Big Sur versión 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. • https://support.apple.com/en-us/HT212011 • CWE-787: Out-of-bounds Write •