CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2018-4145
https://notcve.org/view.php?id=CVE-2018-4145
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.3, tvOS 11.3, watchOS 4.3, Safari 11.1, iTunes 12.7.4 for Windows, iCloud for Windows 7.4. Se abordaron múltiples problemas de corrupción de memoria con una gestión de memoria mejorada. El problema afectaba a iOS en versiones anteriores a la 12; macOS Mojave en versiones anteriores a la 11.3; tvOS en versiones anteriores a la 12; watchOS en versiones anteriores a la 11.1; iTunes para Windows en versiones anteriores a la 12.7.4 y iCloud para Windows en versiones anteriores a la 7.4. • https://support.apple.com/kb/HT208693 https://support.apple.com/kb/HT208695 https://support.apple.com/kb/HT208696 https://support.apple.com/kb/HT208697 https://support.apple.com/kb/HT208698 https://support.apple.com/kb/HT208852 https://support.apple.com/kb/HT208933 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 9EXPL: 1CVE-2019-8506 – Apple Multiple Products Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2019-8506
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Se solucionó un problema de confusión de tipos mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.2, tvOS versión 12.2, watchOS versión 5.2, Safari versión 12.1, iTunes versión 12.9.4 para Windows, iCloud para Windows versión 7.11. • https://www.exploit-db.com/exploits/46647 https://support.apple.com/HT209599 https://support.apple.com/HT209601 https://support.apple.com/HT209602 https://support.apple.com/HT209603 https://support.apple.com/HT209604 https://support.apple.com/HT209605 https://access.redhat.com/security/cve/CVE-2019-8506 https://bugzilla.redhat.com/show_bug.cgi?id=1719199 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 77%CPEs: 6EXPL: 1CVE-2019-8558 – WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free
https://notcve.org/view.php?id=CVE-2019-8558
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Múltiples problemas de corrupción de memoria fueron abordados mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.2, tvOS versión 12.2, watchOS versión 5.2, Safari versión 12.1, iTunes versión 12.9.4 para Windows, iCloud para Windows versión 7.11. • https://www.exploit-db.com/exploits/46650 https://support.apple.com/HT209599 https://support.apple.com/HT209601 https://support.apple.com/HT209602 https://support.apple.com/HT209603 https://support.apple.com/HT209604 https://support.apple.com/HT209605 https://access.redhat.com/security/cve/CVE-2019-8558 https://bugzilla.redhat.com/show_bug.cgi?id=1719231 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 9EXPL: 0CVE-2019-8536 – webkitgtk: malicious crafted web content leads to arbitrary code execution
https://notcve.org/view.php?id=CVE-2019-8536
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Un problema de corrupción de memoria fue abordado mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.2, tvOS versión 12.2, watchOS versión 5.2, Safari versión 12.1, iTunes versión 12.9.4 para Windows, iCloud para Windows versión 7.11. • https://support.apple.com/HT209599 https://support.apple.com/HT209601 https://support.apple.com/HT209602 https://support.apple.com/HT209603 https://support.apple.com/HT209604 https://support.apple.com/HT209605 https://access.redhat.com/security/cve/CVE-2019-8536 https://bugzilla.redhat.com/show_bug.cgi?id=1719213 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6204
https://notcve.org/view.php?id=CVE-2019-6204
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting. Un problema lógico fue abordado con una comprobación mejorada. Este problema es corregido en iOS versión 12.2, Safari versión 12.1. • https://support.apple.com/HT209599 https://support.apple.com/HT209603 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •