CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2019-8779 668 2019-12-18 2019-12-26
7.5
None Remote Low Not required Partial Partial Partial
A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions.
902 CVE-2019-8775 200 +Info 2019-12-18 2021-07-21
2.1
None Local Low Not required None None Partial
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.
903 CVE-2019-8772 2019-12-18 2022-01-01
5.0
None Remote Low Not required Partial None None
An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF.
904 CVE-2019-8770 2019-12-18 2020-08-24
4.3
None Remote Medium Not required Partial None None
The issue was addressed with improved permissions logic. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access recent documents.
905 CVE-2019-8769 2019-12-18 2021-12-01
4.3
None Remote Medium Not required Partial None None
An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history.
906 CVE-2019-8768 459 2019-12-18 2021-12-01
5.0
None Remote Low Not required Partial None None
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items.
907 CVE-2019-8766 787 Exec Code Mem. Corr. 2019-12-18 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.
908 CVE-2019-8765 787 Exec Code Mem. Corr. 2019-12-18 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.
909 CVE-2019-8764 79 XSS 2019-12-18 2020-03-15
4.3
None Remote Medium Not required None Partial None
A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting.
910 CVE-2019-8763 787 Exec Code Mem. Corr. 2019-12-18 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.
911 CVE-2019-8760 287 2019-12-18 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID.
912 CVE-2019-8758 787 Exec Code Mem. Corr. 2019-12-18 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.
913 CVE-2019-8757 362 2019-12-18 2019-12-26
1.9
None Local Medium Not required None Partial None
A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics.
914 CVE-2019-8755 476 2019-12-18 2019-12-23
7.2
None Local Low Not required Complete Complete Complete
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to determine kernel memory layout.
915 CVE-2019-8750 119 Overflow Mem. Corr. 2019-12-18 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Multiple issues in libxslt.
916 CVE-2019-8748 787 Exec Code Mem. Corr. 2019-12-18 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with kernel privileges.
917 CVE-2019-8747 119 Exec Code Overflow Mem. Corr. 2019-12-18 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in watchOS 6.1. An application may be able to execute arbitrary code with kernel privileges.
918 CVE-2019-8745 119 Exec Code Overflow 2019-12-18 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15, tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing a maliciously crafted text file may lead to arbitrary code execution.
919 CVE-2019-8743 787 Exec Code Mem. Corr. 2019-12-18 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.
920 CVE-2019-8742 200 +Info 2019-12-18 2021-07-21
2.1
None Local Low Not required Partial None None
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13. A person with physical access to an iOS device may be able to access contacts from the lock screen.
921 CVE-2019-8739 119 Exec Code Overflow Mem. Corr. 2019-12-18 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution.
922 CVE-2019-8738 119 Exec Code Overflow Mem. Corr. 2019-12-18 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution.
923 CVE-2019-8735 787 Exec Code Mem. Corr. 2019-12-18 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.
924 CVE-2019-8733 787 Exec Code Mem. Corr. 2019-12-18 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.
925 CVE-2019-8731 276 2019-12-18 2019-12-22
4.3
None Remote Medium Not required Partial None None
A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue is fixed in iOS 13. Processing a maliciously crafted file may disclose user information.
926 CVE-2019-8730 200 +Info 2019-12-18 2022-01-01
2.1
None Local Low Not required Partial None None
The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes.
927 CVE-2019-8727 20 2019-12-18 2021-07-21
4.3
None Remote Medium Not required None Partial None
A logic issue was addressed with improved state management. This issue is fixed in iOS 13. Visiting a malicious website may lead to address bar spoofing.
928 CVE-2019-8726 787 Exec Code Mem. Corr. 2019-12-18 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.
929 CVE-2019-8725 200 +Info 2019-12-18 2021-07-21
5.0
None Remote Low Not required Partial None None
The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.
930 CVE-2019-8724 20 Exec Code 2019-12-18 2019-12-22
9.3
None Remote Medium Not required Complete Complete Complete
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
931 CVE-2019-8723 20 Exec Code 2019-12-18 2019-12-22
9.3
None Remote Medium Not required Complete Complete Complete
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
932 CVE-2019-8722 20 Exec Code 2019-12-18 2019-12-23
9.3
None Remote Medium Not required Complete Complete Complete
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
933 CVE-2019-8721 20 Exec Code 2019-12-18 2019-12-23
9.3
None Remote Medium Not required Complete Complete Complete
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
934 CVE-2019-8719 79 XSS 2019-12-18 2020-03-15
4.3
None Remote Medium Not required None Partial None
A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.
935 CVE-2019-8717 787 Exec Code Mem. Corr. 2019-12-18 2022-01-01
7.2
None Local Low Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, tvOS 13. An application may be able to execute arbitrary code with kernel privileges.
936 CVE-2019-8711 200 +Info 2019-12-18 2021-07-21
5.0
None Remote Low Not required Partial None None
A logic issue existed with the display of notification previews. This issue was addressed with improved validation. This issue is fixed in iOS 13. Notification previews may show on Bluetooth accessories even when previews are disabled.
937 CVE-2019-8710 787 Exec Code Mem. Corr. 2019-12-18 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.
938 CVE-2019-8707 787 Exec Code Mem. Corr. 2019-12-18 2021-12-01
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.
939 CVE-2019-8705 787 Mem. Corr. 2019-12-18 2022-01-01
4.3
None Remote Medium Not required Partial None None
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15, tvOS 13. Processing a maliciously crafted movie may result in the disclosure of process memory.
940 CVE-2019-8704 287 +Info 2019-12-18 2019-12-20
2.1
None Local Low Not required Partial None None
An authentication issue was addressed with improved state management. This issue is fixed in tvOS 13. A local user may be able to leak sensitive user information.
941 CVE-2019-8701 119 Exec Code Overflow Mem. Corr. 2019-12-18 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.
942 CVE-2019-8699 2019-12-18 2020-08-24
5.0
None Remote Low Not required Partial None None
A logic issue existed in the handling of answering phone calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4. The initiator of a phone call may be able to cause the recipient to answer a simultaneous Walkie-Talkie connection.
943 CVE-2019-8698 20 2019-12-18 2019-12-20
4.3
None Remote Medium Not required None None Partial
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in iOS 12.4, tvOS 12.4. A malicious application may be able to restrict access to websites.
944 CVE-2019-8697 787 Exec Code Mem. Corr. 2019-12-18 2019-12-20
7.2
None Local Low Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with system privileges.
945 CVE-2019-8695 119 Exec Code Overflow Mem. Corr. 2019-12-18 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with system privileges.
946 CVE-2019-8694 119 Exec Code Overflow Mem. Corr. 2019-12-18 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with kernel privileges.
947 CVE-2019-8693 125 2019-12-18 2019-12-20
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.
948 CVE-2019-8692 125 2019-12-18 2019-12-19
2.1
None Local Low Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.
949 CVE-2019-8691 125 2019-12-18 2020-08-24
2.1
None Local Low Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.
950 CVE-2019-8690 79 XSS 2019-12-18 2019-12-20
4.3
None Remote Medium Not required None Partial None
A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.
Total number of vulnerabilities : 1577   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 (This Page)20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.