CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0CVE-2020-27932 – Apple Multiple Products Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2020-27932
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de confusión de tipos con un manejo de estado mejorado. Este problema se corrigió en macOS Big Sur versión 11.0.1, watchOS versión 7.1, iOS versión 12.4.9, watchOS versión 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS versión 14.2 y iPadOS versión 14.2, watchOS versión 5.3.9, macOS Catalina versión 10.15.7 Supplemental Update, macOS Catalina versión 10.15.7 Update. • http://packetstormsecurity.com/files/161295/XNU-Kernel-Turnstiles-Type-Confusion.html http://seclists.org/fulldisclosure/2020/Dec/32 https://support.apple.com/en-us/HT211928 https://support.apple.com/en-us/HT211929 https://support.apple.com/en-us/HT211931 https://support.apple.com/en-us/HT211940 https://support.apple.com/en-us/HT211944 https://support.apple.com/en-us/HT211945 https://support.apple.com/en-us/HT211946 https://support.apple.com/en-us/HT211947 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2020-10002
https://notcve.org/view.php?id=CVE-2020-10002
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files. Se abordó un problema lógico con una administración de estado mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1, watchOS versión 7.1, iOS versión 14.2 y iPadOS versión 14.2, iCloud para Windows 11.5, tvOS versión 14.2, iTunes 12.11 para Windows. • http://seclists.org/fulldisclosure/2020/Dec/26 http://seclists.org/fulldisclosure/2020/Dec/32 https://support.apple.com/en-us/HT211928 https://support.apple.com/en-us/HT211929 https://support.apple.com/en-us/HT211930 https://support.apple.com/en-us/HT211931 https://support.apple.com/en-us/HT211933 https://support.apple.com/en-us/HT211935 https://support.apple.com/kb/HT212011 •
CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2020-10011
https://notcve.org/view.php?id=CVE-2020-10011
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. Se abordó una lectura fuera de límites con una comprobación de límites mejorada. Este problema se corrigió en iOS versión 14.2 y iPadOS versión 14.2, macOS Catalina versión 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. • http://seclists.org/fulldisclosure/2020/Dec/32 https://support.apple.com/en-us/HT211849 https://support.apple.com/en-us/HT211929 https://support.apple.com/kb/HT211930 https://support.apple.com/kb/HT211931 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-8037 – ppp decapsulator can be convinced to allocate a large amount of memory
https://notcve.org/view.php?id=CVE-2020-8037
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. El ppp decapsulator en tcpdump versión 4.9.3 puede ser convencido para que asigne una gran cantidad de memoria A flaw was found in tcpdump while printing PPP packets captured in a pcap file or coming from the network. This flaw allows a remote attacker to send specially crafted packets that, when printed, can lead the application to allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. • http://seclists.org/fulldisclosure/2021/Apr/51 https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231 https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2MX34MJIUJQGL6CMEPLTKFOOOC3CJ4Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWDBONZVLC6BAOR2KM376DJCM4H3FERV https://support.apple.com/kb/HT212325 https://support.apple.com/kb/HT212326 h • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-8796
https://notcve.org/view.php?id=CVE-2019-8796
A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode. Se abordó un problema lógico con una comprobación mejorada. Este problema se corrigió en macOS Catalina versión 10.15.1, Security Update 2019-001 y Security Update 2019-006, iOS versión 12.4.3, watchOS versión 6.1, iOS versión 13.2 y iPadOS versión 13.2. • https://support.apple.com/en-us/HT210721 https://support.apple.com/en-us/HT210722 https://support.apple.com/en-us/HT210724 https://support.apple.com/en-us/HT211134 •