CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 4CVE-2019-6225 – iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free
https://notcve.org/view.php?id=CVE-2019-6225
23 Jan 2019 — A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges. Se abordó un problema de corrupción de memoria con la mejora de la validación. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3 y tvOS 12.1.2. • https://www.exploit-db.com/exploits/46248 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-6210
https://notcve.org/view.php?id=CVE-2019-6210
23 Jan 2019 — A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de corrupción de memoria con la mejora de la validación de entradas. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2 y watchOS 5.1.3. • http://www.securityfocus.com/bid/106739 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6211 – Apple Safari RTCPeerConnection Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6211
23 Jan 2019 — A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de corrupción de memoria con la mejora de la gestión de estados. Este problema se ha resuelto en iOS 12.1.3 y macOS Mojave 10.14.3. • https://support.apple.com/HT209443 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 15%CPEs: 4EXPL: 1CVE-2019-6224 – FaceTime - Texture Processing Memory Corruption
https://notcve.org/view.php?id=CVE-2019-6224
23 Jan 2019 — A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution. Se abordó un problema de desbordamiento de búfer con la mejora de la gestión de memoria. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2 y watchOS 5.1.3. • https://www.exploit-db.com/exploits/46433 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 12%CPEs: 7EXPL: 1CVE-2018-20505
https://notcve.org/view.php?id=CVE-2018-20505
23 Jan 2019 — SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). SQLite 3.25.2, cuando se ejecutan consultas en una tabla con una CLAVE PRIMARIA mal formada, permite que los atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación), explotando la posibilidad de ejecutar declaraciones SQL arbitra... • http://seclists.org/fulldisclosure/2019/Jan/62 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-4185
https://notcve.org/view.php?id=CVE-2018-4185
11 Jan 2019 — In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. En iOS en versiones anteriores a la 11.3, tvOS en versiones anteriores a la 11.3, watchOS en versiones anteriores a la 4.3 y macOS en versiones anteriores a High Sierra 10.13.4, existía un problema de divulgación de información en la transición del estado del programa. Este problema s... • https://github.com/bazad/x18-leak • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4257
https://notcve.org/view.php?id=CVE-2018-4257
11 Jan 2019 — In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation. En macOS High Sierra en versiones anteriores a la 10.13.5, se abordó un desbordamiento de búfer con la mejora de la validación de tamaño. • https://support.apple.com/HT208849 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4256
https://notcve.org/view.php?id=CVE-2018-4256
11 Jan 2019 — In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. En macOS High Sierra en versiones anteriores a la 10.13.5, se abordó un problema de lectura fuera de límites con la mejora de la validación de entradas. • https://support.apple.com/HT208849 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4217
https://notcve.org/view.php?id=CVE-2018-4217
11 Jan 2019 — In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing. En macOS High Sierra en versiones anteriores a la 10.13.5, se abordó un problema de privacidad en el manejo de los registros Open Directory con la mejora de la indexación. • https://support.apple.com/HT208849 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13887
https://notcve.org/view.php?id=CVE-2017-13887
11 Jan 2019 — In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management. En macOS High Sierra en versiones anteriores a la 10.13.2, existía un problema de lógica en APFS al eliminar claves durante la hibernación. Esto fue abordado con la mejora de la gestión de estados. • https://support.apple.com/HT208331 • CWE-320: Key Management Errors •