CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2019-0160 – edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media
https://notcve.org/view.php?id=CVE-2019-0160
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. Desbordamiento de búfer en el firmware del sistema para EDK II podría permitir que un usuario no autenticado escale privilegios y/o provoque una denegación de servicio mediante acceso de red. Buffer overflows were discovered in UDF-related codes under MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and MdeModulePkg\Universal\Disk\UdfDxe, which could be triggered with long file names or invalid formatted UDF media. • https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html https://access.redhat.com/security/cve/CVE-2019-0160 https://bugzilla.redhat.com/show_bug.cgi?id=1691640 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 9EXPL: 0CVE-2019-8536 – webkitgtk: malicious crafted web content leads to arbitrary code execution
https://notcve.org/view.php?id=CVE-2019-8536
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Un problema de corrupción de memoria fue abordado mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.2, tvOS versión 12.2, watchOS versión 5.2, Safari versión 12.1, iTunes versión 12.9.4 para Windows, iCloud para Windows versión 7.11. • https://support.apple.com/HT209599 https://support.apple.com/HT209601 https://support.apple.com/HT209602 https://support.apple.com/HT209603 https://support.apple.com/HT209604 https://support.apple.com/HT209605 https://access.redhat.com/security/cve/CVE-2019-8536 https://bugzilla.redhat.com/show_bug.cgi?id=1719213 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2019-8535 – webkitgtk: malicious crafted web content leads to arbitrary code execution
https://notcve.org/view.php?id=CVE-2019-8535
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Un problema de corrupción de memoria fue abordado mejorando la administración del estado. Este problema es corregido en iOS versión 12.2, tvOS versión 12.2, Safari versión 12.1, iTunes versión 12.9.4 para Windows, iCloud para Windows versión 7.11. • https://support.apple.com/HT209599 https://support.apple.com/HT209601 https://support.apple.com/HT209603 https://support.apple.com/HT209604 https://support.apple.com/HT209605 https://access.redhat.com/security/cve/CVE-2019-8535 https://bugzilla.redhat.com/show_bug.cgi?id=1719210 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 5%CPEs: 9EXPL: 1CVE-2019-8506 – Apple Multiple Products Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2019-8506
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Se solucionó un problema de confusión de tipos mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.2, tvOS versión 12.2, watchOS versión 5.2, Safari versión 12.1, iTunes versión 12.9.4 para Windows, iCloud para Windows versión 7.11. • https://www.exploit-db.com/exploits/46647 https://support.apple.com/HT209599 https://support.apple.com/HT209601 https://support.apple.com/HT209602 https://support.apple.com/HT209603 https://support.apple.com/HT209604 https://support.apple.com/HT209605 https://access.redhat.com/security/cve/CVE-2019-8506 https://bugzilla.redhat.com/show_bug.cgi?id=1719199 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 1%CPEs: 9EXPL: 0CVE-2019-8544 – webkitgtk: malicious crafted web content leads to arbitrary we content
https://notcve.org/view.php?id=CVE-2019-8544
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Un problema de corrupción de memoria fue abordado mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.2, tvOS versión 12.2, watchOS versión 5.2, Safari versión 12.1, iTunes versión 12.9.4 para Windows, iCloud para Windows versión 7.11. • https://support.apple.com/HT209599 https://support.apple.com/HT209601 https://support.apple.com/HT209602 https://support.apple.com/HT209603 https://support.apple.com/HT209604 https://support.apple.com/HT209605 https://access.redhat.com/security/cve/CVE-2019-8544 https://bugzilla.redhat.com/show_bug.cgi?id=1719224 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-787: Out-of-bounds Write •