CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-8734
https://notcve.org/view.php?id=CVE-2019-8734
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó múltiples problemas de corrupción de la memoria con un manejo de la memoria mejorada. Este problema se corrigió en iOS versión 13, iCloud para Windows versión 7.14, iCloud para Windows versión 10.7, Safari versión 13, tvOS versión 13, watchOS versión 6, iTunes versión 12.10.1 para Windows. • https://support.apple.com/en-us/HT210604 https://support.apple.com/en-us/HT210606 https://support.apple.com/en-us/HT210607 https://support.apple.com/en-us/HT210608 https://support.apple.com/en-us/HT210635 https://support.apple.com/en-us/HT210636 https://support.apple.com/en-us/HT210637 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 46%CPEs: 1EXPL: 1CVE-2019-8765 – JavaScriptCore - GetterSetter Type Confusion During DFG Compilation
https://notcve.org/view.php?id=CVE-2019-8765
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Múltiples problemas de corrupción de memoria fueron abordados mejorando el manejo de la memoria. Este problema es corregido en watchOS versión 6.1. • https://www.exploit-db.com/exploits/47565 https://security.gentoo.org/glsa/202003-22 https://support.apple.com/HT210724 https://access.redhat.com/security/cve/CVE-2019-8765 https://bugzilla.redhat.com/show_bug.cgi?id=1876542 • CWE-787: Out-of-bounds Write •
CVSS: 2.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-8775
https://notcve.org/view.php?id=CVE-2019-8775
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen. El problema fue abordado restringiendo las opciones ofrecidas en un dispositivo bloqueado. Este problema es corregido en iOS versión 13.1 y iPadOS versión 13.1. • https://support.apple.com/HT210603 https://support.apple.com/HT210724 •
CVSS: 8.1EPSS: 0%CPEs: 371EXPL: 0CVE-2019-9506 – Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation
https://notcve.org/view.php?id=CVE-2019-9506
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. La especificación de Bluetooth BR/EDR incluyendo versión 5.1, permite una longitud de clave de cifrado suficientemente baja y no impide que un atacante influya en la negociación de longitud de clave. Esto permite ataques prácticos de fuerza bruta (también se conoce como "KNOB") que pueden descifrar el tráfico e inyectar texto cifrado arbitrario sin que la víctima se dé cuenta. A flaw was discovered in the Bluetooth protocol. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html http://seclists.org/fulldisclosure/2019/Aug/11 http://seclists.org/fulldisclosure/2019/Aug/13 http://seclists.org/fulldisclosure/2019/Aug/14 http://seclists.org/fulldisclosure/2019/Aug/15 http://www.cs.ox.ac.uk/publications/publication12404-abstract.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en https: • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2019-8624 – Apple iMessage - DigitalTouch tap Message Processing Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2019-8624
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 5.3. A remote attacker may be able to leak memory. Una lectura fuera de límites fue abordada con una comprobación de entrada mejorada. Este problema es corregido en watchOS versión 5.3. • https://www.exploit-db.com/exploits/47158 https://support.apple.com/HT210353 • CWE-125: Out-of-bounds Read •