CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9861
https://notcve.org/view.php?id=CVE-2020-9861
A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input. Se presentó un problema de desbordamiento de pila en Swift para Linux. El problema se abordó con una comprobación de entrada mejorada para tratar entradas JSON maliciosas anidadas de forma profunda • https://forums.swift.org/t/swift-5-1-5-for-linux-jsonserialization-limit-recursion-when-parsing/34514 • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8790
https://notcve.org/view.php?id=CVE-2019-8790
This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure. Este problema se abordó al actualizar la lógica de administración de descriptores de archivo URLSession incorrecta para que coincida con Swift versión 5.0. Este problema se corrigió en Swift versión 5.1.1 para Ubuntu. • https://support.apple.com/en-us/HT210647 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4220
https://notcve.org/view.php?id=CVE-2018-4220
An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the "Swift for Ubuntu" component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are enabled during library loading. Se ha descubierto un problema en algunos productos Apple. • http://www.securityfocus.com/bid/104085 https://support.apple.com/HT208804 • CWE-732: Incorrect Permission Assignment for Critical Resource •