CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2019-8681 – Apple Safari InlineBox Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-8681
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Múltiples problemas de corrupción de memoria fueron abordados mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.4, macOS Mojave versión 10.14.6, tvOS versión 12.4, Safari versión 12.1.2, iTunes para Windows versión 12.9.6, iCloud para Windows versión 7.13, iCloud para Windows versión 10.6. • https://support.apple.com/HT210346 https://support.apple.com/HT210348 https://support.apple.com/HT210351 https://support.apple.com/HT210355 https://support.apple.com/HT210356 https://support.apple.com/HT210357 https://support.apple.com/HT210358 https://access.redhat.com/security/cve/CVE-2019-8681 https://bugzilla.redhat.com/show_bug.cgi?id=1876650 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2019-8683 – webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2019-8683
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Múltiples problemas de corrupción de memoria fueron abordados mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.4, macOS Mojave versión 10.14.6, tvOS versión 12.4, watchOS versión 5.3, Safari versión 12.1.2, iTunes para Windows versión 12.9.6, iCloud para Windows versión 7.13, iCloud para Windows versión 10.6. • https://support.apple.com/HT210346 https://support.apple.com/HT210348 https://support.apple.com/HT210351 https://support.apple.com/HT210353 https://support.apple.com/HT210355 https://support.apple.com/HT210356 https://support.apple.com/HT210357 https://support.apple.com/HT210358 https://access.redhat.com/security/cve/CVE-2019-8683 https://bugzilla.redhat.com/show_bug.cgi?id=1876651 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 29%CPEs: 11EXPL: 0CVE-2019-8684 – webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2019-8684
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Múltiples problemas de corrupción de memoria fueron abordados mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.4, macOS Mojave versión 10.14.6, tvOS versión 12.4, watchOS versión 5.3, Safari versión 12.1.2, iTunes para Windows versión 12.9.6, iCloud para Windows versión 7.13, iCloud para Windows versión 10.6. • https://support.apple.com/HT210346 https://support.apple.com/HT210348 https://support.apple.com/HT210351 https://support.apple.com/HT210353 https://support.apple.com/HT210355 https://support.apple.com/HT210356 https://support.apple.com/HT210357 https://support.apple.com/HT210358 https://access.redhat.com/security/cve/CVE-2019-8684 https://bugzilla.redhat.com/show_bug.cgi?id=1876652 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 37EXPL: 0CVE-2019-13118
https://notcve.org/view.php?id=CVE-2019-13118
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. En el archivo numbers.c en libxslt versión 1.1.33, un tipo que contiene caracteres de agrupación de una instrucción xsl:number era demasiado estrecho y una combinación de carácter/longitud no válida se podía ser pasada a la función xsltNumberFormatDecimal, conllevando a una lectura de los datos de pila no inicializados. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html http://seclists.org/fulldisclosure/2019/Aug/11 http://seclists.org/fulldisclosure/2019/Aug/13 http://seclists.org/fulldisclosure/2019/Aug/14 http://seclists.org/fulldisclosure/2019/Aug/15 http://seclists.org/fulldisclosure/2019/Jul/22 http://seclists.org/fulldisclosure/2019/Jul/23 http://seclists.org/fulldisclosure/2019/Jul/24 http://seclists.org/fulldisclosure/2019/Jul/26 http://seclists.org/fulldisclosur • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2019-8628
https://notcve.org/view.php?id=CVE-2019-8628
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Múltiples problemas de corrupción de memoria fueron abordados mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.3, macOS Mojave versión 10.14.5, tvOS versión 12.3, Safari versión 12.1.1, iTunes para Windows versión 12.9.5, iCloud para Windows versión 7.12. • https://support.apple.com/HT210118 https://support.apple.com/HT210119 https://support.apple.com/HT210120 https://support.apple.com/HT210123 https://support.apple.com/HT210124 https://support.apple.com/HT210125 https://support.apple.com/HT210212 • CWE-787: Out-of-bounds Write •