CVSS: 6.3EPSS: 0%CPEs: 18EXPL: 0CVE-2020-10014 – Apple Security Advisory 2020-12-14-3
https://notcve.org/view.php?id=CVE-2020-10014
08 Dec 2020 —  Es posible que una aplicación maliciosa salga de su zona de pruebas macOS Big Sur 11.1, Security Update 2020-001 Catalina, and Security Update 2020-007 Mojave address buffer overflow, bypass, code execution, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • http://seclists.org/fulldisclosure/2020/Dec/26 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2020-10012 – Apple Security Advisory 2020-12-14-3
https://notcve.org/view.php?id=CVE-2020-10012
08 Dec 2020 —  El procesamiento de un documento diseñado maliciosamente puede conllevar a un ataque de tipo cross site scripting macOS Big Sur 11.1, Security Update 2020-001 Catalina, and Security Update 2020-007 Mojave address buffer overflow, bypass, code execution, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • http://seclists.org/fulldisclosure/2020/Dec/26 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2020-10009 – Apple Security Advisory 2020-12-14-3
https://notcve.org/view.php?id=CVE-2020-10009
08 Dec 2020 —  Un proceso en sandbox puede omitir las restricciones del sandbox macOS Big Sur 11.1, Security Update 2020-001 Catalina, and Security Update 2020-007 Mojave address buffer overflow, bypass, code execution, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • http://seclists.org/fulldisclosure/2020/Dec/26 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10006 – Apple Security Advisory 2020-12-14-4
https://notcve.org/view.php?id=CVE-2020-10006
08 Dec 2020 —  Una aplicación maliciosa puede acceder a archivos restringidos macOS Big Sur 11.0.1 addresses buffer overflow, bypass, code execution, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, path sanitization, spoofing, and use-after-free vulnerabilities. • http://seclists.org/fulldisclosure/2020/Dec/32 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9945 – Apple Security Advisory 2020-12-14-4
https://notcve.org/view.php?id=CVE-2020-9945
08 Dec 2020 — Visitando un sitio web malicioso puede conllevar a una barra de direcciones falsificada macOS Big Sur 11.0.1 addresses buffer overflow, bypass, code execution, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, path sanitization, spoofing, and use-after-free vulnerabilities. • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9942 – Apple Security Advisory 2020-12-14-4
https://notcve.org/view.php?id=CVE-2020-9942
08 Dec 2020 — Visitando un sitio web malicioso puede conllevar a una suplantación de una barra de direcciones macOS Big Sur 11.0.1 addresses buffer overflow, bypass, code execution, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, path sanitization, spoofing, and use-after-free vulnerabilities. • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-27754 – Ubuntu Security Notice USN-7068-1
https://notcve.org/view.php?id=CVE-2020-27754
08 Dec 2020 — In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69. En la función IntensityCompare() del archivo /magick/quantize.c, se pr... • https://bugzilla.redhat.com/show_bug.cgi?id=1894231 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25666
https://notcve.org/view.php?id=CVE-2020-25666
08 Dec 2020 — There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. • https://bugzilla.redhat.com/show_bug.cgi?id=1891612 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-27757
https://notcve.org/view.php?id=CVE-2020-27757
08 Dec 2020 — A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick vers... • https://bugzilla.redhat.com/show_bug.cgi?id=1894234 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2020-27952 – Apple macOS libFontParser TTF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27952
08 Dec 2020 — An attacker can leverage this vulnerability to execute code in the context of the current process. macOS Big Sur 11.1, Security Update 2020-001 Catalina, and Security Update 2020-007 Mojave address buffer overflow, bypass, code execution, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT211931 • CWE-787: Out-of-bounds Write •