CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2020-9960 – Apple Security Advisory 2020-12-14-3
https://notcve.org/view.php?id=CVE-2020-9960
16 Dec 2020 — An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted audio file may lead to arbitrary code execution. Se abordó una lectura fuera de límites con una comprobación de la entrada mejorada. Este problema es corregido en macOS Big Sur versión 11.0.1, tvOS versión 14.0, macOS Big S... • https://support.apple.com/en-us/HT211843 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2020-9962 – Apple Security Advisory 2020-12-14-3
https://notcve.org/view.php?id=CVE-2020-9962
16 Dec 2020 — A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted image may lead to arbitrary code execution. Se abordó un desbordamiento del búfer con una comprobación mejorada del tamaño. Este problema es corregido en macOS Big Sur versión 11.0.1, tvOS versión 14.0, macOS Big Sur versión 11.... • https://support.apple.com/en-us/HT211843 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 0%CPEs: 20EXPL: 1CVE-2020-9967 – Apple Security Advisory 2020-12-14-3
https://notcve.org/view.php?id=CVE-2020-9967
16 Dec 2020 — Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. Se abordaron múltiples problemas de corrupción de la memoria con una comprobación de la entrada mejorada. Este problema es corregido en macOS Big Su... • https://packetstorm.news/files/id/163501 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-9971 – Apple Security Advisory 2020-12-14-4
https://notcve.org/view.php?id=CVE-2020-9971
16 Dec 2020 — A logic issue was addressed with improved validation. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. A malicious application may be able to elevate privileges. Se abordó un problema de lógica con una comprobación mejorada. Este problema es corregido en watchOS versión 7.0, tvOS versión 14.0, iOS versión 14.0 y iPadOS versión 14.0, macOS Big Sur versión 11.0.1. • https://support.apple.com/en-us/HT211843 •
CVSS: 9.3EPSS: 0%CPEs: 21EXPL: 0CVE-2020-9975 – Apple Security Advisory 2020-12-14-3
https://notcve.org/view.php?id=CVE-2020-9975
16 Dec 2020 — A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de uso de la memoria previamente liberada con una administración de la memoria mejorada. Este problema es corregido en macOS Big Sur versión 11.0.1, tvOS v... • https://support.apple.com/en-us/HT211843 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 62EXPL: 1CVE-2020-8285 – curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used
https://notcve.org/view.php?id=CVE-2020-8285
09 Dec 2020 — curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. curl versiones 7.21.0 hasta 7.73.0 e incluyéndola, es vulnerable a una recursividad no controlada debido a un problema de desbordamiento de la pila en el análisis de coincidencias del comodín FTP Libcurl offers a wildcard matching functionality, which allows a callback (set with `CURLOPT_CHUNK_BGN_FUNCTION`) to return information back to libcurl on how to handle a specific... • http://seclists.org/fulldisclosure/2021/Apr/51 • CWE-121: Stack-based Buffer Overflow CWE-674: Uncontrolled Recursion CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27907 – Apple macOS process_token_GenerateMipmaps Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-27907
09 Dec 2020 — A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de lógica con unas restricciones mejoradas. Este problema es corregido en macOS Big Sur versión 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur versión 11.0.1. • https://support.apple.com/en-us/HT211931 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 72EXPL: 0CVE-2020-8284 – curl: FTP PASV command response can cause curl to connect to arbitrary host
https://notcve.org/view.php?id=CVE-2020-8284
09 Dec 2020 — A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. Un servidor malicioso puede usar la respuesta FTP PASV para engañar a curl versiones 7.73.0 y anteriores, para que se conecte de nuevo a una dirección IP y puerto determinados, y de esta manera pot... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 1CVE-2020-8286 – curl: Inferior OCSP verification
https://notcve.org/view.php?id=CVE-2020-8286
09 Dec 2020 — curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. curl versiones 7.41.0 hasta 7.73.0, es vulnerable a una comprobación inapropiada para la revocación del certificado debido a una verificación insuficiente de la respuesta OCSP Libcurl offers "OCSP stapling" via the CURLOPT_SSL_VERIFYSTATUS option. When set, libcurl verifies the OCSP response that a server responds with as part of the TLS handshake. It then aborts th... • http://seclists.org/fulldisclosure/2021/Apr/50 • CWE-295: Improper Certificate Validation •
CVSS: 9.3EPSS: 0%CPEs: 16EXPL: 0CVE-2020-10015 – Apple macOS process_token_BlitLibSetup3D Out-Of-Bounds Access Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-10015
09 Dec 2020 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en macOS Big Sur versión 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, mac... • https://support.apple.com/en-us/HT211931 • CWE-787: Out-of-bounds Write •