CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2020-27930 – Apple Multiple Products Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-27930
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution. Se abordó un problema de corrupción de la memoria con una comprobación de entrada mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1, watchOS versión 7.1, iOS versión 12.4.9, watchOS versión 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS versión 14.2 y iPadOS versión 14.2, watchOS versión 5.3.9, macOS Catalina versión 10.15.7 Supplemental Update, macOS Catalina versión 10.15.7 Update. • https://github.com/FunPhishing/Apple-Safari-Remote-Code-Execution-CVE-2020-27930 http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2020/Dec/32 https://support.apple.com/en-us/HT211928 https://support.apple.com/en-us/HT211929 https://support.apple.com/en-us/HT211931 https://support.apple.com/en-us/HT211940 https://support.apple.com/en-us/HT211944 https://support.apple.com/en-us/HT211945 https://support.apple. • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0CVE-2020-27932 – Apple Multiple Products Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2020-27932
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de confusión de tipos con un manejo de estado mejorado. Este problema se corrigió en macOS Big Sur versión 11.0.1, watchOS versión 7.1, iOS versión 12.4.9, watchOS versión 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS versión 14.2 y iPadOS versión 14.2, watchOS versión 5.3.9, macOS Catalina versión 10.15.7 Supplemental Update, macOS Catalina versión 10.15.7 Update. • http://packetstormsecurity.com/files/161295/XNU-Kernel-Turnstiles-Type-Confusion.html http://seclists.org/fulldisclosure/2020/Dec/32 https://support.apple.com/en-us/HT211928 https://support.apple.com/en-us/HT211929 https://support.apple.com/en-us/HT211931 https://support.apple.com/en-us/HT211940 https://support.apple.com/en-us/HT211944 https://support.apple.com/en-us/HT211945 https://support.apple.com/en-us/HT211946 https://support.apple.com/en-us/HT211947 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-8037 – ppp decapsulator can be convinced to allocate a large amount of memory
https://notcve.org/view.php?id=CVE-2020-8037
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. El ppp decapsulator en tcpdump versión 4.9.3 puede ser convencido para que asigne una gran cantidad de memoria A flaw was found in tcpdump while printing PPP packets captured in a pcap file or coming from the network. This flaw allows a remote attacker to send specially crafted packets that, when printed, can lead the application to allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. • http://seclists.org/fulldisclosure/2021/Apr/51 https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231 https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2MX34MJIUJQGL6CMEPLTKFOOOC3CJ4Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWDBONZVLC6BAOR2KM376DJCM4H3FERV https://support.apple.com/kb/HT212325 https://support.apple.com/kb/HT212326 h • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9857
https://notcve.org/view.php?id=CVE-2020-9857
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra. A malicious website may be able to exfiltrate autofilled data in Safari. Se presentó un problema en el análisis de URL. • https://support.apple.com/en-us/HT211170 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9786
https://notcve.org/view.php?id=CVE-2020-9786
This issue was addressed with improved checks This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. An application may be able to trigger a sysdiagnose. Este problema se abordó con comprobaciones mejoradas. Este problema se corrigió en macOS Catalina versión 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. Una aplicación puede ser capaz de activar un diagnóstico del sistema • https://support.apple.com/en-us/HT211100 •