CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 1CVE-2020-27950 – Apple Multiple Products Memory Initialization Vulnerability
https://notcve.org/view.php?id=CVE-2020-27950
A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory. Se abordó un problema de inicialización de la memoria. Este problema se corrigió en macOS Big Sur versión 11.0.1, watchOS versión 7.1, iOS versión 12.4.9, watchOS versión 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS versión 14.2 y iPadOS versión 14.2, watchOS versión 5.3.9, macOS Catalina versión 10.15.7 Supplemental Update, macOS Catalina versión 10.15.7 Update. • https://github.com/synacktiv/CVE-2020-27950 http://packetstormsecurity.com/files/161296/XNU-Kernel-Mach-Message-Trailers-Memory-Disclosure.html http://seclists.org/fulldisclosure/2020/Dec/32 https://support.apple.com/en-us/HT211928 https://support.apple.com/en-us/HT211929 https://support.apple.com/en-us/HT211931 https://support.apple.com/en-us/HT211940 https://support.apple.com/en-us/HT211944 https://support.apple.com/en-us/HT211945 https://support.apple.com/en-us/HT211946 • CWE-665: Improper Initialization •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-8796
https://notcve.org/view.php?id=CVE-2019-8796
A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode. Se abordó un problema lógico con una comprobación mejorada. Este problema se corrigió en macOS Catalina versión 10.15.1, Security Update 2019-001 y Security Update 2019-006, iOS versión 12.4.3, watchOS versión 6.1, iOS versión 13.2 y iPadOS versión 13.2. • https://support.apple.com/en-us/HT210721 https://support.apple.com/en-us/HT210722 https://support.apple.com/en-us/HT210724 https://support.apple.com/en-us/HT211134 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-8531
https://notcve.org/view.php?id=CVE-2019-8531
A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be trusted. Se presentó un problema de comprobación en Trust Anchor Management. • https://support.apple.com/en-us/HT209599 https://support.apple.com/en-us/HT209600 https://support.apple.com/en-us/HT209602 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-9932
https://notcve.org/view.php?id=CVE-2020-9932
A memory corruption issue was addressed with improved validation. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, tvOS 13. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de corrupción de memoria con comprobaciones mejoradas. Este problema se corrigió en Safari versión 13.0.1, iOS versión 13.1 y iPadOS versión 13.1, tvOS versión 13. • https://support.apple.com/en-us/HT210603 https://support.apple.com/en-us/HT210604 https://support.apple.com/en-us/HT210605 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-3880
https://notcve.org/view.php?id=CVE-2020-3880
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution. Se abordó una lectura fuera de límites con una comprobación de entrada mejorada. Este problema se corrigió en watchOS versión 6.1.2, iOS versión 13.3.1 y iPadOS versión 13.3.1, tvOS versión 13.3.1, macOS Catalina versión 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. • https://support.apple.com/en-us/HT210918 https://support.apple.com/en-us/HT210919 https://support.apple.com/en-us/HT210920 https://support.apple.com/en-us/HT210921 • CWE-125: Out-of-bounds Read •