CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-9999 – Apple macOS CoreText MorxLigatureSubtableBuilder TTF Parsing Out-of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-9999
08 Dec 2020 — An attacker can leverage this vulnerability to execute code in the context of the current process. macOS Big Sur 11.0.1 addresses buffer overflow, bypass, code execution, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, path sanitization, spoofing, and use-after-free vulnerabilities. • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-27931 – Apple macOS libFontParser TwOFFStream TTF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-27931
08 Dec 2020 — An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. macOS Big Sur 11.1, Security Update 2020-001 Catalina, and Security Update 2020-007 Mojave address buffer overflow, bypass, code execution, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT211843 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-27751 – Ubuntu Security Notice USN-4988-1
https://notcve.org/view.php?id=CVE-2020-27751
08 Dec 2020 — A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontr... • https://bugzilla.redhat.com/show_bug.cgi?id=1891994 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-27758
https://notcve.org/view.php?id=CVE-2020-27758
08 Dec 2020 — A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. Se encontró uno fallo en ImageMagick en el archivo coders/txt.c. • https://bugzilla.redhat.com/show_bug.cgi?id=1894236 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25676 – Ubuntu Security Notice USN-7068-1
https://notcve.org/view.php?id=CVE-2020-25676
08 Dec 2020 — These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. • https://bugzilla.redhat.com/show_bug.cgi?id=1891934 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2020-27897 – Apple macOS Kernel Command 0x10007 Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-27897
08 Dec 2020 — An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. macOS Big Sur 11.1, Security Update 2020-001 Catalina, and Security Update 2020-007 Mojave address buffer overflow, bypass, code execution, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT211931 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25675
https://notcve.org/view.php?id=CVE-2020-25675
08 Dec 2020 — In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. • https://bugzilla.redhat.com/show_bug.cgi?id=1891933 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8563 – Secret leaks in logs for vSphere Provider kube-controller-manager
https://notcve.org/view.php?id=CVE-2020-8563
07 Dec 2020 — Issues addressed include bypass, denial of service, integer overflow, man-in-the-middle, and memory leak vulnerabilities. • https://github.com/kubernetes/kubernetes/issues/95621 • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8566 – Ceph RBD adminSecrets exposed in logs when loglevel >= 4
https://notcve.org/view.php?id=CVE-2020-8566
07 Dec 2020 — Issues addressed include bypass, denial of service, integer overflow, man-in-the-middle, and memory leak vulnerabilities. • https://github.com/kubernetes/kubernetes/issues/95624 • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-28935 – Local symlink attack in Unbound and NSD
https://notcve.org/view.php?id=CVE-2020-28935
07 Dec 2020 — Issues addressed include denial of service and integer overflow vulnerabilities. • https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •