CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-8037 – ppp decapsulator can be convinced to allocate a large amount of memory
https://notcve.org/view.php?id=CVE-2020-8037
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. El ppp decapsulator en tcpdump versión 4.9.3 puede ser convencido para que asigne una gran cantidad de memoria A flaw was found in tcpdump while printing PPP packets captured in a pcap file or coming from the network. This flaw allows a remote attacker to send specially crafted packets that, when printed, can lead the application to allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. • http://seclists.org/fulldisclosure/2021/Apr/51 https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231 https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2MX34MJIUJQGL6CMEPLTKFOOOC3CJ4Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWDBONZVLC6BAOR2KM376DJCM4H3FERV https://support.apple.com/kb/HT212325 https://support.apple.com/kb/HT212326 h • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9857
https://notcve.org/view.php?id=CVE-2020-9857
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra. A malicious website may be able to exfiltrate autofilled data in Safari. Se presentó un problema en el análisis de URL. • https://support.apple.com/en-us/HT211170 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-9994
https://notcve.org/view.php?id=CVE-2020-9994
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files. Se abordó un problema de manejo de rutas con una comprobación mejorada. Este problema se corrigió en iOS versión 13.5 y iPadOS versión 13.5, macOS versión Catalina versión 10.15.5, tvOS versión 13.4.5, watchOS versión 6.2.5. • https://support.apple.com/kb/HT211168 https://support.apple.com/kb/HT211170 https://support.apple.com/kb/HT211171 https://support.apple.com/kb/HT211175 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9997
https://notcve.org/view.php?id=CVE-2020-9997
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory. Se abordó un problema de divulgación de información con una administración de estado mejorada. Este problema se corrigió en macOS Catalina versión 10.15.6, watchOS versión 6.2.8. • https://support.apple.com/kb/HT211289 https://support.apple.com/kb/HT211291 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-9985
https://notcve.org/view.php?id=CVE-2020-9985
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. Se abordó un problema de desbordamiento del búfer con un manejo de la memoria mejorada. Este problema se corrigió en iOS versión 13.6 y iPadOS versión 13.6, macOS Catalina versión 10.15.6, watchOS versión 6.2.8. • https://support.apple.com/kb/HT211288 https://support.apple.com/kb/HT211289 https://support.apple.com/kb/HT211291 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •