CVSS: 9.3EPSS: 1%CPEs: 4EXPL: 2CVE-2019-6213 – macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics
https://notcve.org/view.php?id=CVE-2019-6213
23 Jan 2019 — A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges. Se abordó un desbordamiento de búfer con la mejora de la comprobación de límites. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2 y watchOS 5.1.3. • https://packetstorm.news/files/id/151442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2019-6208 – macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File
https://notcve.org/view.php?id=CVE-2019-6208
23 Jan 2019 — A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes. Se abordó un problema de inicialización de memoria con la mejora de la gestión de memoria. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3 y tvOS 12.1.2. • https://packetstorm.news/files/id/151440 • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6219 – Apple Security Advisory 2019-1-22-3
https://notcve.org/view.php?id=CVE-2019-6219
23 Jan 2019 — A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service. Se abordó un problema de denegación de servicio con la mejora de la validación. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3 y watchOS 5.1.3. • http://www.securityfocus.com/bid/106697 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 15%CPEs: 4EXPL: 2CVE-2019-6224 – FaceTime - Texture Processing Memory Corruption
https://notcve.org/view.php?id=CVE-2019-6224
23 Jan 2019 — A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution. Se abordó un problema de desbordamiento de búfer con la mejora de la gestión de memoria. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2 y watchOS 5.1.3. • https://packetstorm.news/files/id/151772 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 1%CPEs: 9EXPL: 0CVE-2018-20506 – Apple Security Advisory 2019-1-22-3
https://notcve.org/view.php?id=CVE-2018-20506
23 Jan 2019 — SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346. En SQLite, en versiones anteriores a la 3.25.3, cuando está habilitada la extensión FTS3, ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4255
https://notcve.org/view.php?id=CVE-2018-4255
11 Jan 2019 — In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. En macOS High Sierra, en versiones anteriores a la 10.13.5, se abordó una lectura fuera de límites con la mejora de la validación de entradas. • https://support.apple.com/HT208849 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-4185
https://notcve.org/view.php?id=CVE-2018-4185
11 Jan 2019 — In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. En iOS en versiones anteriores a la 11.3, tvOS en versiones anteriores a la 11.3, watchOS en versiones anteriores a la 4.3 y macOS en versiones anteriores a High Sierra 10.13.4, existía un problema de divulgación de información en la transición del estado del programa. Este problema s... • https://github.com/bazad/x18-leak • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4258
https://notcve.org/view.php?id=CVE-2018-4258
11 Jan 2019 — In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking. En macOS High Sierra en versiones anteriores a la 10.13.5, se abordó un desbordamiento de búfer con la mejora de la comprobación de límites. • https://support.apple.com/HT208849 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13887
https://notcve.org/view.php?id=CVE-2017-13887
11 Jan 2019 — In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management. En macOS High Sierra en versiones anteriores a la 10.13.2, existía un problema de lógica en APFS al eliminar claves durante la hibernación. Esto fue abordado con la mejora de la gestión de estados. • https://support.apple.com/HT208331 • CWE-320: Key Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4254
https://notcve.org/view.php?id=CVE-2018-4254
11 Jan 2019 — In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation. En macOS High Sierra en versiones anteriores a la 10.13.5, existía un problema de validación de entradas en el kernel. Este problema se abordó mediante la mejora de la validación de entradas. • https://support.apple.com/HT208849 • CWE-20: Improper Input Validation •