| Month | Quarter | Year |
|---|---|---|
| #2 | #5 | #4 |
| CVE-ID | CWE-ID | Type | Score |
|---|---|---|---|
| CVE-2019-6208 | CWE-399 | Resource Management Errors | 5.5 |
|
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.
|
|||
| CVE-2019-6205 | CWE-119 | Buffer Errors | 7.8 |
|
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.
|
|||
| CVE-2019-6116 | CWE-20 | Input Validation | 7.8 |
|
It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system and execute commands.
|
|||
| CVE-2019-5809 | CWE-416 | Use After Free | 8.8 |
|
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.
|
|||
| CVE-2019-5796 | CWE-362 | Race Conditions | 7.5 |
|
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||
| CVE-2019-5789 | CWE-190 | Integer Overflow or Wraparound | 8.8 |
|
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
|
|||
| CVE-2019-5788 | CWE-190 | Integer Overflow or Wraparound | 8.8 |
|
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
|
|||
| CVE-2019-5785 | CWE-787 | Out-of-bounds Write | 6.5 |
|
An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash.
|
|||
| CVE-2019-5512 | CWE-264 | Permissions, Privileges, and Access Control | 8.8 |
|
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.
|
|||
| CVE-2019-5511 | CWE-264 | Permissions, Privileges, and Access Control | 8.8 |
|
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege.
|
|||