CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 1CVE-2019-6218 – macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack
https://notcve.org/view.php?id=CVE-2019-6218
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de corrupción de memoria con la mejora de la validación de entradas. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3 y tvOS 12.1.2. • https://www.exploit-db.com/exploits/46297 http://www.securityfocus.com/bid/106695 https://support.apple.com/HT209443 https://support.apple.com/HT209446 https://support.apple.com/HT209447 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 1CVE-2019-6213 – macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics
https://notcve.org/view.php?id=CVE-2019-6213
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges. Se abordó un desbordamiento de búfer con la mejora de la comprobación de límites. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2 y watchOS 5.1.3. • https://www.exploit-db.com/exploits/46300 http://www.securityfocus.com/bid/106739 https://support.apple.com/HT209443 https://support.apple.com/HT209446 https://support.apple.com/HT209447 https://support.apple.com/HT209448 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 5%CPEs: 4EXPL: 1CVE-2019-6224 – FaceTime - Texture Processing Memory Corruption
https://notcve.org/view.php?id=CVE-2019-6224
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution. Se abordó un problema de desbordamiento de búfer con la mejora de la gestión de memoria. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2 y watchOS 5.1.3. • https://www.exploit-db.com/exploits/46433 http://www.securityfocus.com/bid/106739 https://support.apple.com/HT209443 https://support.apple.com/HT209446 https://support.apple.com/HT209447 https://support.apple.com/HT209448 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-6209 – iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure
https://notcve.org/view.php?id=CVE-2019-6209
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout. Existió un problema de lectura fuera de límites que conducía a la divulgación de la memoria del kernel. • https://www.exploit-db.com/exploits/46285 http://www.securityfocus.com/bid/106739 https://support.apple.com/HT209443 https://support.apple.com/HT209446 https://support.apple.com/HT209447 https://support.apple.com/HT209448 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2019-6219
https://notcve.org/view.php?id=CVE-2019-6219
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service. Se abordó un problema de denegación de servicio con la mejora de la validación. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3 y watchOS 5.1.3. • http://www.securityfocus.com/bid/106697 https://support.apple.com/HT209443 https://support.apple.com/HT209446 https://support.apple.com/HT209448 • CWE-20: Improper Input Validation •