CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-8769 – webkitgtk: Websites could reveal browsing history
https://notcve.org/view.php?id=CVE-2019-8769
An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. Se presentó un problema en el dibujado de los elementos de una página web. • https://security.gentoo.org/glsa/202003-22 https://support.apple.com/HT210634 https://access.redhat.com/security/cve/CVE-2019-8769 https://bugzilla.redhat.com/show_bug.cgi?id=1876617 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-8745 – Apple macOS CFFromShiftJISLen Out-Of-Bounds Read Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-8745
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15, tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing a maliciously crafted text file may lead to arbitrary code execution. Un desbordamiento del búfer fue abordado mejorando la comprobación de límites. Este problema es corregido en macOS Catalina versión 10.15, tvOS versión 13, iTunes para Windows versión 12.10.1, iCloud para Windows versión 10.7, iCloud para Windows versión 7.14. • https://support.apple.com/HT210634 https://support.apple.com/HT210635 https://support.apple.com/HT210636 https://support.apple.com/HT210637 https://support.apple.com/kb/HT210722 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-8717 – XNU - Remote Double-Free via Data Race in IPComp Input Path
https://notcve.org/view.php?id=CVE-2019-8717
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, tvOS 13. An application may be able to execute arbitrary code with kernel privileges. Un problema de corrupción de memoria fue abordado mejorando el manejo de la memoria. Este problema es corregido en macOS Catalina versión 10.15, tvOS versión 13. • https://www.exploit-db.com/exploits/47479 https://support.apple.com/HT210634 https://support.apple.com/kb/HT210722 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 83EXPL: 0CVE-2018-14468 – tcpdump: Buffer over-read in mfr_print() function in print-fr.c
https://notcve.org/view.php?id=CVE-2018-14468
The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). El analizador FRF.16 en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-fr.c:mfr_print(). An out-of-bounds read vulnerability was discovered in tcpdump while printing FRF.16 packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2018-14469 – tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c
https://notcve.org/view.php?id=CVE-2018-14469
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). El analizador IKEv1 en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-isakmp.c:ikev1_n_print(). An out-of-bounds read vulnerability was discovered in tcpdump while printing ISAKMP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •