CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-8573
https://notcve.org/view.php?id=CVE-2019-8573
An input validation issue was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause a system denial of service. Se abordó un problema de comprobación de entrada con una comprobación de entrada mejorada. Este problema se corrigió en macOS Mojave versión 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS versión 12.3, watchOS versión 5.2.1. • https://support.apple.com/en-us/HT210118 https://support.apple.com/en-us/HT210119 https://support.apple.com/en-us/HT210122 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8635 – Apple macOS AMDRadeonX4000_AMDSIGLContext Double Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-8635
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges. Un problema de corrupción de memoria fue abordado mejorando el manejo de la memoria. Este problema es corregido en macOS Mojave versión 10.14.5. • https://support.apple.com/HT210119 • CWE-415: Double Free CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8616 – Apple macOS IOAccelSharedUserClient2 Untrusted Pointer Dereference Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-8616
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges. Un problema de corrupción de memoria fue abordado mejorando el manejo de la memoria. Este problema es corregido en macOS Mojave versión 10.14.5. • https://support.apple.com/HT210119 • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8606 – Apple macOS kextutil Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-8606
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.5. A local user may be able to load unsigned kernel extensions. Se presentó un problema de comprobación en el manejo de enlaces simbólicos. • https://support.apple.com/HT210119 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 2CVE-2019-8565 – Mac OS X Feedback Assistant Race Condition
https://notcve.org/view.php?id=CVE-2019-8565
A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to gain root privileges. Una condición de carrera se abordó con comprobación adicional. Este problema es corregido en iOS versión 12.2, macOS Mojave versión 10.14.4. • https://www.exploit-db.com/exploits/46914 https://support.apple.com/HT209599 https://support.apple.com/HT209600 https://medium.com/0xcc/rootpipe-reborn-part-ii-e5a1ffff6afe https://support.apple.com/en-in/HT209600 https://github.com/ChiChou/sploits https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/osx/local/feedback_assistant_root.rb • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •