CVSS: 7.8EPSS: 82%CPEs: 3EXPL: 5CVE-2019-6225 – iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free
https://notcve.org/view.php?id=CVE-2019-6225
23 Jan 2019 — A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges. Se abordó un problema de corrupción de memoria con la mejora de la validación. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3 y tvOS 12.1.2. • https://packetstorm.news/files/id/151331 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6212 – Gentoo Linux Security Advisory 201903-12
https://notcve.org/view.php?id=CVE-2019-6212
23 Jan 2019 — Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordaron múltiples problemas de corrupción de memoria con la mejora de la gestión de memoria. Este problema se ha resuelto en iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 para Windows y iCloud para Windows 7.10. • http://www.securityfocus.com/bid/106691 • CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 8%CPEs: 4EXPL: 2CVE-2019-6214 – macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem
https://notcve.org/view.php?id=CVE-2019-6214
23 Jan 2019 — A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to break out of its sandbox. Se abordó un problema de confusión de tipos con la mejora de la gestión de memoria. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2 y watchOS 5.1.3. • https://packetstorm.news/files/id/151439 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-6234 – Apple Safari CSSFontFace Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6234
23 Jan 2019 — A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de corrupción de memoria con la mejora de la gestión de memoria. Este problema se ha resuelto en iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 para Windows y iCloud para Windows 7.10. • http://www.securityfocus.com/bid/106691 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-4147
https://notcve.org/view.php?id=CVE-2018-4147
11 Jan 2019 — In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling. En iCloud para Windows en versiones anteriores a la 7.3, Safari en versiones anteriores a la 11.0.3, iTunes en versiones anteriores a la 12.7.3 para Windows e iOS en versiones anteriores a la 11.2.5, existen múltiples corrupciones de memoria y fueron abordadas mediante la mejora de la gestión de memoria. • https://support.apple.com/HT208463 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7576
https://notcve.org/view.php?id=CVE-2016-7576
11 Jan 2019 — In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. En iOS en versiones anteriores a la 9.3.3, existía un problema de corrupción de memoria en el kernel. Este problema se abordó mediante la mejora del manejo de memoria. • https://support.apple.com/HT206902 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2411
https://notcve.org/view.php?id=CVE-2017-2411
11 Jan 2019 — In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates. En iOS en versiones anteriores a la 11.2, los tipos de cambio se recuperaron de HTTP en lugar de HTTPS. Esto se abordó habilitando HTTPS para los tipos de cambio. • https://support.apple.com/HT208334 • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13888
https://notcve.org/view.php?id=CVE-2017-13888
11 Jan 2019 — In iOS before 11.2, a type confusion issue was addressed with improved memory handling. En iOS en versiones anteriores a la 11.2, se abordó un problema de confusión de tipos con la mejora de la gestión de memoria. • https://support.apple.com/HT208334 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-4194
https://notcve.org/view.php?id=CVE-2018-4194
11 Jan 2019 — In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. En iOS en versiones anteriores a la 11.4, iCloud para Windows en versiones anteriores a la 7.5, watchOS en versiones anteriores a la 4.3.1, iTunes en versiones anteriores a la 12.7.5 para Windows y macOS High Sierra en versiones anteriores a la 10.13.5, se abordó una lectura fuera de límites con la... • https://support.apple.com/HT208848 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 4%CPEs: 4EXPL: 1CVE-2018-4185
https://notcve.org/view.php?id=CVE-2018-4185
11 Jan 2019 — In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. En iOS en versiones anteriores a la 11.3, tvOS en versiones anteriores a la 11.3, watchOS en versiones anteriores a la 4.3 y macOS en versiones anteriores a High Sierra 10.13.4, existía un problema de divulgación de información en la transición del estado del programa. Este problema s... • https://github.com/bazad/x18-leak • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •