CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-7286 – Apple Multiple Products Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2019-7286
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges. Un problema de corrupción de memoria fue abordado mejorando la comprobación de entrada. Este problema fue abordado en iOS versión 12.1.4, Actualización Complementaria macOS Mojave versión 10.14.3. • https://www.exploit-db.com/exploits/46803 https://support.apple.com/HT209520 https://support.apple.com/HT209521 https://support.apple.com/HT209601 https://support.apple.com/HT209602 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6220
https://notcve.org/view.php?id=CVE-2019-6220
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.3. An application may be able to read restricted memory. Se abordó una lectura fuera de límites con la mejora de la validación de entradas. Este problema se ha resuelto en macOS Mojave 10.14.3. • http://www.securityfocus.com/bid/106693 https://support.apple.com/HT209446 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 0CVE-2019-6235
https://notcve.org/view.php?id=CVE-2019-6235
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3, iTunes 12.9.3 for Windows. A sandboxed process may be able to circumvent sandbox restrictions. Un problema de corrupción de memoria se abordó con una validación mejorada. Este problema se soluciona en iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2 y en watchOS 5.1.2 y iTunes 12.9.3 para Windows. • http://www.securityfocus.com/bid/106724 https://support.apple.com/HT209443 https://support.apple.com/HT209446 https://support.apple.com/HT209447 https://support.apple.com/HT209448 https://support.apple.com/HT209450 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-6208 – macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File
https://notcve.org/view.php?id=CVE-2019-6208
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes. Se abordó un problema de inicialización de memoria con la mejora de la gestión de memoria. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3 y tvOS 12.1.2. • https://www.exploit-db.com/exploits/46296 http://www.securityfocus.com/bid/106695 https://support.apple.com/HT209443 https://support.apple.com/HT209446 https://support.apple.com/HT209447 • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 1CVE-2018-20505
https://notcve.org/view.php?id=CVE-2018-20505
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). SQLite 3.25.2, cuando se ejecutan consultas en una tabla con una CLAVE PRIMARIA mal formada, permite que los atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación), explotando la posibilidad de ejecutar declaraciones SQL arbitrarias (como en ciertos casos de uso de WebSQL). • http://seclists.org/fulldisclosure/2019/Jan/62 http://seclists.org/fulldisclosure/2019/Jan/64 http://seclists.org/fulldisclosure/2019/Jan/66 http://seclists.org/fulldisclosure/2019/Jan/67 http://seclists.org/fulldisclosure/2019/Jan/68 http://seclists.org/fulldisclosure/2019/Jan/69 http://www.securityfocus.com/bid/106698 https://seclists.org/bugtraq/2019/Jan/28 https://seclists.org/bugtraq/2019/Jan/29 https://seclists.org/bugtraq/2019/Jan/31 https://seclists.org&#x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •