CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8694
https://notcve.org/view.php?id=CVE-2019-8694
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with kernel privileges. Un problema de corrupción de memoria fue abordado mejorando el manejo de la memoria. Este problema es corregido en macOS Mojave versión 10.14.6. • https://support.apple.com/HT210348 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8691 – Apple macOS AMDRadeonX4000_AMDSIGLContext RsrcAndXorByteFlag Out-Of-Bounds Read Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-8691
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory. Un problema de comprobación fue abordado mejorando el saneamiento de la entrada. Este problema es corregido en macOS Mojave versión 10.14.6. • https://support.apple.com/HT210348 • CWE-125: Out-of-bounds Read •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8692 – Apple macOS AMDRadeonX4000 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-8692
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory. Un problema de comprobación fue abordado mejorando el saneamiento de la entrada. Este problema es corregido en macOS Mojave versión 10.14.6. • https://support.apple.com/HT210348 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8656
https://notcve.org/view.php?id=CVE-2019-8656
This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper. Esto se abordó con comprobaciones adicionales mediante Gatekeeper de los archivos montados por medio de un recurso compartido de red. Este problema se corrigió en macOS Mojave versión 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. • https://github.com/D00MFist/CVE-2019-8656 https://support.apple.com/en-us/HT210348 •
CVSS: 6.1EPSS: 2%CPEs: 7EXPL: 1CVE-2019-8690 – WebKit - UXSS via XSLT and Nested Document Replacements
https://notcve.org/view.php?id=CVE-2019-8690
A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. Se presentó un problema lógico en el manejo de cargas de documentos. • https://www.exploit-db.com/exploits/47237 https://support.apple.com/HT210346 https://support.apple.com/HT210348 https://support.apple.com/HT210351 https://support.apple.com/HT210355 https://support.apple.com/HT210356 https://support.apple.com/HT210357 https://support.apple.com/HT210358 https://access.redhat.com/security/cve/CVE-2019-8690 https://bugzilla.redhat.com/show_bug.cgi?id=1876664 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •