CVE-2019-8672 – macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles
https://notcve.org/view.php?id=CVE-2019-8672
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Múltiples problemas de corrupción de memoria fueron abordados mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.4, macOS Mojave versión 10.14.6, tvOS versión 12.4, watchOS versión 5.3, Safari versión 12.1.2, iTunes para Windows versión 12.9.6, iCloud para Windows versión 7.13, iCloud para Windows versión 10.6. • https://www.exploit-db.com/exploits/47191 https://support.apple.com/HT210346 https://support.apple.com/HT210348 https://support.apple.com/HT210351 https://support.apple.com/HT210353 https://support.apple.com/HT210355 https://support.apple.com/HT210356 https://support.apple.com/HT210357 https://support.apple.com/HT210358 https://access.redhat.com/security/cve/CVE-2019-8672 https://bugzilla.redhat.com/show_bug.cgi?id=1876634 • CWE-787: Out-of-bounds Write •
CVE-2019-8669 – Apple Safari bind Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-8669
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Múltiples problemas de corrupción de memoria fueron abordados mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.4, macOS Mojave versión 10.14.6, tvOS versión 12.4, watchOS versión 5.3, Safari versión 12.1.2, iTunes para Windows versión 12.9.6, iCloud para Windows versión 7.13, iCloud para Windows versión 10.6. • https://support.apple.com/HT210346 https://support.apple.com/HT210348 https://support.apple.com/HT210351 https://support.apple.com/HT210353 https://support.apple.com/HT210355 https://support.apple.com/HT210356 https://support.apple.com/HT210357 https://support.apple.com/HT210358 https://access.redhat.com/security/cve/CVE-2019-8669 https://bugzilla.redhat.com/show_bug.cgi?id=1876631 • CWE-787: Out-of-bounds Write •
CVE-2019-7837 – Adobe Flash Player PSDK Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-7837
Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player versiones 32.0.0.171 y anteriores, versiones 32.0.0.171 y anteriores, y versiones 32.0.0.171 y anteriores, tienen una vulnerabilidad de uso de memoria después de liberada. Su explotación exitosa podría llevar a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. • http://www.securityfocus.com/bid/108312 https://access.redhat.com/errata/RHSA-2019:1234 https://helpx.adobe.com/security/products/flash-player/apsb19-26.html https://www.zerodayinitiative.com/advisories/ZDI-19-498 https://access.redhat.com/security/cve/CVE-2019-7837 https://bugzilla.redhat.com/show_bug.cgi?id=1710045 • CWE-416: Use After Free •
CVE-2018-15982 – Adobe Flash Player Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2018-15982
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. Flash Player, en versiones 31.0.0.153 y anteriores y en la 31.0.0.108 y anteriores, tiene una vulnerabilidad de uso de memoria previamente liberada. La explotación con éxito de esta vulnerabilidad podría permitir la ejecución arbitraria de código. Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability • https://www.exploit-db.com/exploits/46051 https://github.com/scanfsec/CVE-2018-15982 https://github.com/FlatL1neAPT/CVE-2018-15982 https://github.com/SyFi/CVE-2018-15982 http://www.securityfocus.com/bid/106116 https://access.redhat.com/errata/RHSA-2018:3795 https://helpx.adobe.com/security/products/flash-player/apsb18-42.html https://access.redhat.com/security/cve/CVE-2018-15982 https://bugzilla.redhat.com/show_bug.cgi?id=1656585 • CWE-416: Use After Free •
CVE-2018-18311 – perl: Integer overflow leading to buffer overflow in Perl_my_setenv()
https://notcve.org/view.php?id=CVE-2018-18311
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0.x anteriores a la 5.28.1, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. • http://seclists.org/fulldisclosure/2019/Mar/49 http://www.securityfocus.com/bid/106145 http://www.securitytracker.com/id/1042181 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0010 https://access.redhat.com/errata/RHSA-2019:0109 https://access.redhat.com/errata/RHSA-2019:1790 https://access.redhat.com/errata/RHSA-2019:1942 https://access.redhat.com/errata/RHSA-2019:2400 https: • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •