Search Results (Refine Search)
- Category (CWE): CWE-20 Improper Input Validation
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-8711 |
A logic issue existed with the display of notification previews. This issue was addressed with improved validation. This issue is fixed in iOS 13. Notification previews may show on Bluetooth accessories even when previews are disabled. Published: December 18, 2019; 1:15:36 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-8698 |
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in iOS 12.4, tvOS 12.4. A malicious application may be able to restrict access to websites. Published: December 18, 2019; 1:15:35 PM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 4.3 MEDIUM |
CVE-2019-8670 |
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing. Published: December 18, 2019; 1:15:32 PM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-8665 |
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, watchOS 5.3. A remote attacker may cause an unexpected application termination. Published: December 18, 2019; 1:15:31 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-8654 |
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.1. Visiting a malicious website may lead to user interface spoofing. Published: December 18, 2019; 1:15:31 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-8637 |
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to gain root privileges. Published: December 18, 2019; 1:15:30 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2019-8626 |
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service. Published: December 18, 2019; 1:15:30 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-8566 |
An API issue existed in the handling of microphone data. This issue was addressed with improved validation. This issue is fixed in iOS 12.2. A malicious application may be able to access the microphone without indication to the user. Published: December 18, 2019; 1:15:26 PM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 4.3 MEDIUM |
CVE-2019-8561 |
A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to elevate privileges. Published: December 18, 2019; 1:15:26 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-8549 |
Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to execute arbitrary code with system privileges. Published: December 18, 2019; 1:15:25 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2019-8516 |
A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service. Published: December 18, 2019; 1:15:23 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-8515 |
A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information. Published: December 18, 2019; 1:15:23 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-8507 |
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.4. Processing malicious data may lead to unexpected application termination. Published: December 18, 2019; 1:15:22 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2019-8503 |
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website. Published: December 18, 2019; 1:15:22 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2019-8502 |
An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization. Published: December 18, 2019; 1:15:22 PM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 4.3 MEDIUM |
CVE-2019-7292 |
A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory. Published: December 18, 2019; 1:15:22 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-2304 |
Integer overflow to buffer overflow due to lack of validation of event arguments received from firmware. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, QCN7605, QCS405, QCS605, SDA845, SDM660, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 Published: December 18, 2019; 1:15:13 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2019-10595 |
Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8939, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SDA660, SDM630, SDM636, SDM660, SDX20, SDX24 Published: December 18, 2019; 1:15:12 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2014-8179 |
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. Published: December 17, 2019; 1:15:13 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-8178 |
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. Published: December 17, 2019; 9:15:16 AM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 1.9 LOW |