CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2020-36224 – Apple Security Advisory 2021-05-25-4
https://notcve.org/view.php?id=CVE-2020-36224
25 Jan 2021 — A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. Se detectó un fallo en OpenLDAP versiones anteriores a 2.4.57, conllevando a la liberación de un puntero no válido y un bloqueo de slapd en el procesamiento saslAuthzTo, resultando en una denegación de servicio Several vulnerabilities were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated... • http://seclists.org/fulldisclosure/2021/May/64 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2020-36225 – Apple Security Advisory 2021-05-25-4
https://notcve.org/view.php?id=CVE-2020-36225
25 Jan 2021 — A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. Se detectó un fallo en OpenLDAP versiones anteriores a 2.4.57, conllevando a una doble liberación y un bloqueo de slapd en el procesamiento de saslAuthzTo, resultando en una denegación de servicio It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to cr... • http://seclists.org/fulldisclosure/2021/May/64 • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-36226 – Apple Security Advisory 2021-05-25-4
https://notcve.org/view.php?id=CVE-2020-36226
25 Jan 2021 — A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. Se detectó un fallo en OpenLDAP versiones anteriores a 2.4.57, conllevando un cálculo inapropiado de memch-)bv_len y un bloqueo de slapd en el procesamiento de saslAuthzTo, resultando en una denegación de servicio Several vulnerabilities were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unaut... • http://seclists.org/fulldisclosure/2021/May/64 •
CVSS: 7.5EPSS: 10%CPEs: 4EXPL: 0CVE-2020-36228 – Apple Security Advisory 2021-05-25-4
https://notcve.org/view.php?id=CVE-2020-36228
25 Jan 2021 — An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. Se detectó un subdesbordamiento de enteros en OpenLDAP versiones anteriores a 2.4.57, conllevando un bloqueo de slapd en el procesamiento de Certificate List Exact Assertion, resultando en una denegación de servicio It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly ... • http://seclists.org/fulldisclosure/2021/May/64 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 6%CPEs: 22EXPL: 0CVE-2020-36229 – Apple Security Advisory 2021-05-25-4
https://notcve.org/view.php?id=CVE-2020-36229
25 Jan 2021 — A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. Se detectó un fallo en ldap_X509dn2bv en OpenLDAP versiones anteriores a 2.4.57, conllevando un bloqueo de slapd en el análisis del DN X.509 en ad_keystring, resultando en una denegación de servicio It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause ... • http://seclists.org/fulldisclosure/2021/May/64 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 2%CPEs: 23EXPL: 0CVE-2020-36230 – Apple Security Advisory 2021-05-25-4
https://notcve.org/view.php?id=CVE-2020-36230
25 Jan 2021 — A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. Se detectó un fallo en OpenLDAP versiones anteriores a 2.4.57, conllevando en un fallo de aserción en slapd en el análisis de DN X.509 en ber_next_element del archivo decode.c, resultando en una denegación de servicio Several vulnerabilities were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol... • http://seclists.org/fulldisclosure/2021/May/64 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 11%CPEs: 4EXPL: 0CVE-2020-36227 – Apple Security Advisory 2021-05-25-4
https://notcve.org/view.php?id=CVE-2020-36227
25 Jan 2021 — A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. Se detectó un fallo en OpenLDAP versiones anteriores a 2.4.57, conllevando a un bucle infinito en slapd con la operación Cancel de cancel_extop, resultando en una denegación de servicio It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, r... • http://seclists.org/fulldisclosure/2021/May/64 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2020-36223 – Apple Security Advisory 2021-05-25-4
https://notcve.org/view.php?id=CVE-2020-36223
25 Jan 2021 — A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). Se detectó un fallo en OpenLDAP versiones anteriores a 2.4.57, conllevando un bloqueo de slapd en el manejo del control de Values Return Filter, resultando en una denegación de servicio (doble liberación y lectura fuera de límites) It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. ... • http://seclists.org/fulldisclosure/2021/May/64 • CWE-125: Out-of-bounds Read CWE-415: Double Free •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2020-27947 – Apple macOS process_token_AVCDecode Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-27947
16 Dec 2020 — A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de corrupción de memoria con una comprobación de la entrada mejorada. Este problema es corregido en macOS Big Sur versión 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. • https://support.apple.com/en-us/HT212011 • CWE-787: Out-of-bounds Write •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27901 – Apple Security Advisory 2020-12-14-3
https://notcve.org/view.php?id=CVE-2020-27901
16 Dec 2020 — A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions. Se abordó un problema de lógica con unas restricciones mejoradas. Este problema es corregido en macOS Big Sur versión 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur versión 11.0.1. • https://support.apple.com/en-us/HT211931 • CWE-863: Incorrect Authorization •