CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2019-8535 – webkitgtk: malicious crafted web content leads to arbitrary code execution
https://notcve.org/view.php?id=CVE-2019-8535
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Un problema de corrupción de memoria fue abordado mejorando la administración del estado. Este problema es corregido en iOS versión 12.2, tvOS versión 12.2, Safari versión 12.1, iTunes versión 12.9.4 para Windows, iCloud para Windows versión 7.11. • https://support.apple.com/HT209599 https://support.apple.com/HT209601 https://support.apple.com/HT209603 https://support.apple.com/HT209604 https://support.apple.com/HT209605 https://access.redhat.com/security/cve/CVE-2019-8535 https://bugzilla.redhat.com/show_bug.cgi?id=1719210 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-7292
https://notcve.org/view.php?id=CVE-2019-7292
A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory. Se solucionó un problema de comprobación con una lógica mejorada. Este problema es corregido en iOS versión 12.2, tvOS versión 12.2, watchOS versión 5.2, Safari versión 12.1, iTunes versión 12.9.4 para Windows, iCloud para Windows versión 7.11. • https://support.apple.com/HT209599 https://support.apple.com/HT209601 https://support.apple.com/HT209602 https://support.apple.com/HT209603 https://support.apple.com/HT209604 https://support.apple.com/HT209605 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 9EXPL: 0CVE-2019-8544 – webkitgtk: malicious crafted web content leads to arbitrary we content
https://notcve.org/view.php?id=CVE-2019-8544
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Un problema de corrupción de memoria fue abordado mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.2, tvOS versión 12.2, watchOS versión 5.2, Safari versión 12.1, iTunes versión 12.9.4 para Windows, iCloud para Windows versión 7.11. • https://support.apple.com/HT209599 https://support.apple.com/HT209601 https://support.apple.com/HT209602 https://support.apple.com/HT209603 https://support.apple.com/HT209604 https://support.apple.com/HT209605 https://access.redhat.com/security/cve/CVE-2019-8544 https://bugzilla.redhat.com/show_bug.cgi?id=1719224 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2019-8559 – webkitgtk: malicious web content leads to arbitrary code execution
https://notcve.org/view.php?id=CVE-2019-8559
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Múltiples problemas de corrupción de memoria fueron abordados mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.2, tvOS versión 12.2, watchOS versión 5.2, Safari versión 12.1, iTunes versión 12.9.4 para Windows, iCloud para Windows versión 7.11. • https://support.apple.com/HT209599 https://support.apple.com/HT209601 https://support.apple.com/HT209602 https://support.apple.com/HT209603 https://support.apple.com/HT209604 https://support.apple.com/HT209605 https://access.redhat.com/security/cve/CVE-2019-8559 https://bugzilla.redhat.com/show_bug.cgi?id=1719235 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-8505
https://notcve.org/view.php?id=CVE-2019-8505
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting. Un problema lógico fue abordado con una comprobación mejorada. Este problema es corregido en iOS versión 12.2, Safari versión 12.1. • https://support.apple.com/HT209599 https://support.apple.com/HT209603 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •