CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27893
https://notcve.org/view.php?id=CVE-2020-27893
An issue existed in screen sharing. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A user with screen sharing access may be able to view another user's screen. Se presentó un problema al compartir la pantalla. • https://support.apple.com/en-us/HT211931 •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1844 – webkitgtk: Memory corruption issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-1844
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de corrupción de memoria con una comprobación mejorada. Este problema es corregido en iOS versión 14.4.1 y iPadOS versión 14.4.1, Safari versión 14.0.3 (versiones v.14610.4.3.1.7 y 15610.4.3.1.7), watchOS versión 7.3.2, macOS Big Sur versión 11.2.3. • http://seclists.org/fulldisclosure/2021/Apr/55 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU https://support.apple.com/en-us/HT212220 https://support.apple.com/en-us/HT212221 https://support.apple.com/en-us/HT212222 https://support.apple.com/en-us/HT212223 https://support.apple.com/kb/HT212323 https://www.debian.org/security/2021/dsa-4923 https://access.redhat.com/security/cve/CVE-2021-1844 https://b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 38EXPL: 0CVE-2021-23841 – Null pointer deref in X509_issuer_and_serial_hash()
https://notcve.org/view.php?id=CVE-2021-23841
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. • http://seclists.org/fulldisclosure/2021/May/67 http://seclists.org/fulldisclosure/2021/May/68 http://seclists.org/fulldisclosure/2021/May/70 https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=122a19ab48091c657f7cb1fb3af9fc07bd557bbf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846 https://security.gentoo.org/gls • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10008
https://notcve.org/view.php?id=CVE-2020-10008
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.0.1. A malicious application with root privileges may be able to access private information. Se abordó un problema de lógica con unas restricciones mejoradas. Este problema es corregido en macOS Big Sur versión 11.0.1. • https://support.apple.com/en-us/HT211931 •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27901
https://notcve.org/view.php?id=CVE-2020-27901
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions. Se abordó un problema de lógica con unas restricciones mejoradas. Este problema es corregido en macOS Big Sur versión 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur versión 11.0.1. • https://support.apple.com/en-us/HT211931 https://support.apple.com/en-us/HT212011 • CWE-863: Incorrect Authorization •