CVSS: 5.3EPSS: 0%CPEs: 37EXPL: 0CVE-2019-13118
https://notcve.org/view.php?id=CVE-2019-13118
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. En el archivo numbers.c en libxslt versión 1.1.33, un tipo que contiene caracteres de agrupación de una instrucción xsl:number era demasiado estrecho y una combinación de carácter/longitud no válida se podía ser pasada a la función xsltNumberFormatDecimal, conllevando a una lectura de los datos de pila no inicializados. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html http://seclists.org/fulldisclosure/2019/Aug/11 http://seclists.org/fulldisclosure/2019/Aug/13 http://seclists.org/fulldisclosure/2019/Aug/14 http://seclists.org/fulldisclosure/2019/Aug/15 http://seclists.org/fulldisclosure/2019/Jul/22 http://seclists.org/fulldisclosure/2019/Jul/23 http://seclists.org/fulldisclosure/2019/Jul/24 http://seclists.org/fulldisclosure/2019/Jul/26 http://seclists.org/fulldisclosur • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2019-8619 – webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2019-8619
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Múltiples problemas de corrupción de memoria fueron abordados mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.3, macOS Mojave versión 10.14.5, tvOS versión 12.3, Safari versión 12.1.1, iTunes para Windows versión 12.9.5, iCloud para Windows versión 7.12. • https://support.apple.com/HT210118 https://support.apple.com/HT210119 https://support.apple.com/HT210120 https://support.apple.com/HT210123 https://support.apple.com/HT210124 https://support.apple.com/HT210125 https://support.apple.com/HT210212 https://access.redhat.com/security/cve/CVE-2019-8619 https://bugzilla.redhat.com/show_bug.cgi?id=1877047 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2019-8628
https://notcve.org/view.php?id=CVE-2019-8628
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Múltiples problemas de corrupción de memoria fueron abordados mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.3, macOS Mojave versión 10.14.5, tvOS versión 12.3, Safari versión 12.1.1, iTunes para Windows versión 12.9.5, iCloud para Windows versión 7.12. • https://support.apple.com/HT210118 https://support.apple.com/HT210119 https://support.apple.com/HT210120 https://support.apple.com/HT210123 https://support.apple.com/HT210124 https://support.apple.com/HT210125 https://support.apple.com/HT210212 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 7%CPEs: 8EXPL: 1CVE-2019-8623 – Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
https://notcve.org/view.php?id=CVE-2019-8623
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Múltiples problemas de corrupción de memoria fueron abordados mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.3, macOS Mojave versión 10.14.5, tvOS versión 12.3, watchOS versión 5.2.1, Safari 12.1.1, iTunes para Windows versión 12.9.5, iCloud para Windows versión 7.12. • https://www.exploit-db.com/exploits/46889 https://support.apple.com/HT210118 https://support.apple.com/HT210119 https://support.apple.com/HT210120 https://support.apple.com/HT210122 https://support.apple.com/HT210123 https://support.apple.com/HT210124 https://support.apple.com/HT210125 https://support.apple.com/HT210212 https://access.redhat.com/security/cve/CVE-2019-8623 https://bugzilla.redhat.com/show_bug.cgi?id=1877049 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2019-8587 – Apple Safari HTMLFormElement Improper Validation of Array Index Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-8587
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Múltiples problemas de corrupción de memoria fueron abordados mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.3, macOS Mojave versión 10.14.5, tvOS versión 12.3, Safari versión 12.1.1, iTunes para Windows versión 12.9.5, iCloud para Windows versión 7.12. • https://support.apple.com/HT210118 https://support.apple.com/HT210119 https://support.apple.com/HT210120 https://support.apple.com/HT210123 https://support.apple.com/HT210124 https://support.apple.com/HT210125 https://support.apple.com/HT210212 https://access.redhat.com/security/cve/CVE-2019-8587 https://bugzilla.redhat.com/show_bug.cgi?id=1876887 • CWE-129: Improper Validation of Array Index CWE-787: Out-of-bounds Write •