Lucene search
K

16 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-17966

Malware in sbrugna...

7.1CVSS7.5AI score0.0033EPSS
Exploits0References5
Apple
Apple
added 2023/05/23 12:0 a.m.180 views

About the security content of Pro Video Formats 2.2.5

About the security content of Pro Video Formats 2.2.5 This document describes the security content of Pro Video Formats 2.2.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

8.8CVSS8.3AI score0.00484EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/10/27 8:15 p.m.20 views

CVE-2019-8633

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory...

7.5CVSS6.3AI score0.01154EPSS
Exploits0References4
OSV
OSV
added 2020/10/27 8:15 p.m.3 views

CVE-2019-8631

A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state...

7.5CVSS7.1AI score0.01035EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/10/27 7:26 p.m.23 views

CVE-2019-8547

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Updat...

7.7AI score0.02271EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/04/02 2:8 p.m.31 views

CVE-2019-9815

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

8.1CVSS1AI score0.01828EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2019/12/18 6:15 p.m.27 views

CVE-2019-8609

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.2AI score0.01842EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/12/18 5:33 p.m.15 views

CVE-2019-8568

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of the file system...

5.6AI score0.00355EPSS
Exploits0References4
NVD
NVD
added 2019/07/23 2:15 p.m.16 views

CVE-2019-9815

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

8.1CVSS7.2AI score0.01828EPSS
Exploits0References5
Prion
Prion
added 2019/07/23 2:15 p.m.23 views

Design/Logic Flaw

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

6.8CVSS7.7AI score0.01828EPSS
Exploits0References5Affected Software3
Debian CVE
Debian CVE
added 2019/07/23 1:24 p.m.28 views

CVE-2019-9815

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

8.1CVSS8.7AI score0.01828EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2019/07/23 1:24 p.m.50 views

CVE-2019-9815

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

8.1CVSS6.5AI score0.01828EPSS
Exploits0
Mozilla
Mozilla
added 2019/05/21 12:0 a.m.138 views

Security vulnerabilities fixed in Thunderbird 60.7 — Mozilla

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

9.8CVSS0.1AI score0.06175EPSS
Exploits1References17Affected Software1
exploitpack
exploitpack
added 2019/05/21 12:0 a.m.16 views

Apple macOS 10.14.5 iOS 12.3 XNU - Wild-read due to bad cast in stf_ioctl

Apple macOS 10.14.5 iOS 12.3 XNU - Wild-read due to bad cast in stfioctl / Reproduction Tested on macOS 10.14.3: $ clang -o stfwildread stfwildread.cc $ ./stfwildread Explanation SIOCSIFADDR is an ioctl that sets the address of an interface. The stf interface ioctls are handled by the stfioctl...

6.9AI score
Exploits0
exploitpack
exploitpack
added 2019/05/21 12:0 a.m.170 views

Apple macOS 10.14.5 iOS 12.3 XNU - in6_pcbdetach Stale Pointer Use-After-Free

Apple macOS 10.14.5 iOS 12.3 XNU - in6pcbdetach Stale Pointer Use-After-Free Reproduction Repros on 10.14.3 when run as root. It may need multiple tries to trigger. $ clang -o in6selectsrc in6selectsrc.cc $ while 1; do sudo ./in6selectsrc; done res0: 3 res1: 0 res1.5: -1 // failure expected here...

9.3CVSS0.3AI score0.17438EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/05/21 12:0 a.m.127 views

Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized

While fuzzing JavaScriptCore, I encountered the following modified and commented JavaScript program which crashes jsc from current HEAD and release: // Run with --useConcurrentJIT=false // Fill the stack with the return value of the provided function. function stacksprayf // This function will...

7.4AI score
Exploits0
Rows per page
Query Builder