CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2019-13565 – Ubuntu Security Notice USN-4078-2
https://notcve.org/view.php?id=CVE-2019-13565
26 Jul 2019 — An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, et... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html •
CVSS: 4.9EPSS: 0%CPEs: 29EXPL: 0CVE-2019-13057 – Ubuntu Security Notice USN-4078-2
https://notcve.org/view.php?id=CVE-2019-13057
26 Jul 2019 — An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy di... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-8582 – Apple macOS CoreText Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-8582
24 Jul 2019 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iCloud for Windows 7.12, tvOS 12.3, iTunes 12.9.5 for Windows, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. Processing a maliciously crafted font may result in the disclosure of process memory. Se abordó una lectura fuera de límites con una comprobación de límites mejorada. Este problema se corrigió en iCloud para Windows versión 7.12, tvOS versión 12.3, iT... • https://support.apple.com/en-us/HT210118 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8691 – Apple macOS AMDRadeonX4000_AMDSIGLContext RsrcAndXorByteFlag Out-Of-Bounds Read Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-8691
23 Jul 2019 — A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory. Un problema de comprobación fue abordado mejorando el saneamiento de la entrada. Este problema es corregido en macOS Mojave versión 10.14.6. • https://support.apple.com/HT210348 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8697 – Apple macOS diskmanagementd Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-8697
23 Jul 2019 — A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with system privileges. Un problema de corrupción de memoria fue abordado mejorando el manejo de la memoria. Este problema es corregido en macOS Mojave versión 10.14.6. • https://support.apple.com/HT210348 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8656 – Apple Security Advisory 2019-7-22-2
https://notcve.org/view.php?id=CVE-2019-8656
23 Jul 2019 — This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper. Esto se abordó con comprobaciones adicionales mediante Gatekeeper de los archivos montados por medio de un recurso compartido de red. Este problema se corrigió en... • https://github.com/D00MFist/CVE-2019-8656 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8693 – Apple Security Advisory 2019-7-22-2
https://notcve.org/view.php?id=CVE-2019-8693
23 Jul 2019 — A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory. Un problema de comprobación fue abordado mejorando el saneamiento de la entrada. Este problema es corregido en macOS Mojave versión 10.14.6. • https://support.apple.com/HT210348 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8667 – Apple Security Advisory 2019-7-22-2
https://notcve.org/view.php?id=CVE-2019-8667
23 Jul 2019 — An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6. The encryption status of a Time Machine backup may be incorrect. Un problema de interfaz de usuario inconsistente fue abordado con una gestión de estado mejorada. Este problema es corregido en macOS Mojave versión 10.14.6. • https://support.apple.com/HT210348 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8695 – Apple macOS Grapher Memory Corruption Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-8695
23 Jul 2019 — A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with system privileges. Un problema de corrupción de memoria fue abordado mejorando el manejo de la memoria. Este problema es corregido en macOS Mojave versión 10.14.6. • https://support.apple.com/HT210348 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-8670 – Apple Security Advisory 2019-7-22-2
https://notcve.org/view.php?id=CVE-2019-8670
23 Jul 2019 — An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing. Un problema de interfaz de usuario inconsistente fue abordado con una gestión de estado mejorada. Este problema es corregido en macOS Mojave versión 10.14.6, Safari versión 12.1.2. • https://support.apple.com/HT210348 • CWE-20: Improper Input Validation •