CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-27918 – webkitgtk: Use-after-free leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2020-27918
09 Nov 2020 — A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de uso de la memoria previamente liberada, con una administración de la memoria mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1, watchOS versión 7.1, iOS... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-27911 – Apple Security Advisory 2020-12-14-3
https://notcve.org/view.php?id=CVE-2020-27911
09 Nov 2020 — An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Se abordó un desbordamiento de enteros con una comprobación de entrada mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1, watchOS versión 7.1, iOS versión 14.2 y iPadOS ve... • http://seclists.org/fulldisclosure/2020/Dec/26 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-27912 – Apple Security Advisory 2020-12-14-3
https://notcve.org/view.php?id=CVE-2020-27912
09 Nov 2020 — An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution. Se abordó una escritura fuera de límites con una comprobación de entrada mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1, watchOS versión 7.1, iOS versión 14.2 y iPadOS versión 14.2, iCloud para ... • http://seclists.org/fulldisclosure/2020/Dec/26 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2020-10002 – Apple Security Advisory 2020-12-14-3
https://notcve.org/view.php?id=CVE-2020-10002
09 Nov 2020 — A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files. Se abordó un problema lógico con una administración de estado mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1, watchOS versión 7.1, iOS versión 14.2 y iPadOS versión 14.2, iCloud para Windows 11.5, tvOS versión 14.2, iTunes 12.11 p... • http://seclists.org/fulldisclosure/2020/Dec/26 •
CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-27917 – Apple Security Advisory 2020-12-14-4
https://notcve.org/view.php?id=CVE-2020-27917
09 Nov 2020 — A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to code execution. Se abordó un problema de uso de la memoria previamente liberada con una administración de la memoria mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1, watchOS versión 7.1, iOS versión 14.2 y iPadOS ver... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 1CVE-2020-27932 – Apple Multiple Products Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2020-27932
09 Nov 2020 — A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de confusión de tipos con un manejo de estado mejorado. Este... • https://packetstorm.news/files/id/161295 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2019-8834
https://notcve.org/view.php?id=CVE-2019-8834
27 Oct 2020 — A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list. Se abordó un problema de confi... • https://support.apple.com/en-us/HT210785 •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-8827
https://notcve.org/view.php?id=CVE-2019-8827
27 Oct 2020 — The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a user has visited. El encabezado referrer HTTP puede ser usado para filtrar el historial de navegación. • https://support.apple.com/en-us/HT210721 •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2019-8762
https://notcve.org/view.php?id=CVE-2019-8762
27 Oct 2020 — A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting. Se abordó un problema de comprobación con una lógica mejorada. Este problema se corrigió en Safari versión 13.0.1, iOS versión 13.1 y iPadOS versión 13.1, iCloud para Windows versión 10.7, tvOS versión 13, iCloud pa... • https://support.apple.com/en-us/HT210603 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-8638
https://notcve.org/view.php?id=CVE-2019-8638
27 Oct 2020 — Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó múltiples problemas de corrupción de la memoria con un manejo de la memoria mejorada. Este problema se corrigió en watchOS versión 5.2, iCloud para Windows versión 7.11, iOS versión 12.2, iTunes versión 12.9.4 para Windows, S... • https://support.apple.com/en-us/HT209599 • CWE-787: Out-of-bounds Write •