CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27914
https://notcve.org/view.php?id=CVE-2020-27914
16 Dec 2020 — A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges. Se abordó un problema de corrupción de memoria con una comprobación de la entrada mejorada. Este problema es corregido en macOS Big Sur versión 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave... • https://support.apple.com/en-us/HT211931 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 62EXPL: 1CVE-2020-8285 – curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used
https://notcve.org/view.php?id=CVE-2020-8285
09 Dec 2020 — curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. curl versiones 7.21.0 hasta 7.73.0 e incluyéndola, es vulnerable a una recursividad no controlada debido a un problema de desbordamiento de la pila en el análisis de coincidencias del comodín FTP Libcurl offers a wildcard matching functionality, which allows a callback (set with `CURLOPT_CHUNK_BGN_FUNCTION`) to return information back to libcurl on how to handle a specific... • http://seclists.org/fulldisclosure/2021/Apr/51 • CWE-121: Stack-based Buffer Overflow CWE-674: Uncontrolled Recursion CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 1CVE-2020-8286 – curl: Inferior OCSP verification
https://notcve.org/view.php?id=CVE-2020-8286
09 Dec 2020 — curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. curl versiones 7.41.0 hasta 7.73.0, es vulnerable a una comprobación inapropiada para la revocación del certificado debido a una verificación insuficiente de la respuesta OCSP Libcurl offers "OCSP stapling" via the CURLOPT_SSL_VERIFYSTATUS option. When set, libcurl verifies the OCSP response that a server responds with as part of the TLS handshake. It then aborts th... • http://seclists.org/fulldisclosure/2021/Apr/50 • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2020-10009
https://notcve.org/view.php?id=CVE-2020-10009
08 Dec 2020 — A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions. Se abordó un problema lógico con una administración de estado mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1. • http://seclists.org/fulldisclosure/2020/Dec/26 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10006
https://notcve.org/view.php?id=CVE-2020-10006
08 Dec 2020 — This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files. Este problema es abordado con unos derechos mejorados. Este problema se corrigió en macOS Big Sur versión 11.0.1. • http://seclists.org/fulldisclosure/2020/Dec/32 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-9988
https://notcve.org/view.php?id=CVE-2020-9988
08 Dec 2020 — The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages. Se abordó un problema con una eliminación mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1, iOS versión 14.0 y iPadOS versión 14.0. • http://seclists.org/fulldisclosure/2020/Dec/32 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-9977
https://notcve.org/view.php?id=CVE-2020-9977
08 Dec 2020 — A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to determine a user's open tabs in Safari. Se presentó un problema de comprobación en la verificación de derechos. • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9945
https://notcve.org/view.php?id=CVE-2020-9945
08 Dec 2020 — A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing. Se presentaba un problema de "spoofing" en el manejo de las URL. • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-9922
https://notcve.org/view.php?id=CVE-2020-9922
08 Dec 2020 — A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files. Se abordó un problema lógico con una administración de estado mejorada. Este problema se corrigió en macOS Catalina versión 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. • https://github.com/Wowfunhappy/Fix-Apple-Mail-CVE-2020-9922 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9942
https://notcve.org/view.php?id=CVE-2020-9942
08 Dec 2020 — An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing. Se abordó un problema de inconsistencia de la interfaz de usuario con una administración de estado mejorada. Este problema se corrigió en MacOS Big Sur versión 11.0.1, Safari versión 13.1.2. • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •