CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-9965
https://notcve.org/view.php?id=CVE-2020-9965
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges. Se abordó una lectura fuera de límites con una comprobación de entrada mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1, watchOS versión 7.0, tvOS versión 14.0, iOS versión 14.0 y iPadOS versión 14.0. • http://seclists.org/fulldisclosure/2020/Dec/32 https://support.apple.com/en-us/HT211843 https://support.apple.com/en-us/HT211844 https://support.apple.com/en-us/HT211850 https://support.apple.com/en-us/HT211931 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-6147
https://notcve.org/view.php?id=CVE-2020-6147
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow. Se presenta una vulnerabilidad de desbordamiento de la pila en Pixar OpenUSD versión 20.05, cuando el software analiza secciones comprimidas en archivos binarios USD. Esta instancia se presenta en el desbordamiento de la pila de descompresión de la sección FIELDS de formato de archivo USDC • http://seclists.org/fulldisclosure/2020/Nov/20 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1094 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27929
https://notcve.org/view.php?id=CVE-2020-27929
A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4.9. A user may send video in Group FaceTime calls without knowing that they have done so. Se presentó un problema lógico en el manejo de las llamadas Group FaceTime. • https://support.apple.com/en-us/HT211940 •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2020-10010
https://notcve.org/view.php?id=CVE-2020-10010
A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges. Se abordó un problema de manejo de rutas con una comprobación mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1, iOS versión 14.2 y iPadOS versión 14.2, tvOS versión 14.2, watchOS versión 7.1. • http://seclists.org/fulldisclosure/2020/Dec/26 http://seclists.org/fulldisclosure/2020/Dec/32 https://support.apple.com/en-us/HT211928 https://support.apple.com/en-us/HT211929 https://support.apple.com/en-us/HT211930 https://support.apple.com/en-us/HT211931 https://support.apple.com/kb/HT212011 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27925
https://notcve.org/view.php?id=CVE-2020-27925
An issue existed in the handling of incoming calls. The issue was addressed with additional state checks. This issue is fixed in iOS 14.2 and iPadOS 14.2. A user may answer two calls simultaneously without indication they have answered a second call. Se presentó un problema en el manejo de las llamadas entrantes. • https://support.apple.com/en-us/HT211929 •