Security Vulnerabilities - CVEs Published In March 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-03-05
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute arbitrary code with kernel privileges.
CVSS Score
7.8
EPSS Score
0.067
Published
2019-03-05
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service.
CVSS Score
7.5
EPSS Score
0.01
Published
2019-03-05
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.3. An application may be able to read restricted memory.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-03-05
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, iTunes 12.9.3 for Windows. A malicious application may be able to elevate privileges.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-03-05
Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges
CVSS Score
7.3
EPSS Score
0.0
Published
2019-03-05
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection
CVSS Score
2.8
EPSS Score
0.0
Published
2019-03-05
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.
CVSS Score
2.2
EPSS Score
0.0
Published
2019-03-05
If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root.
CVSS Score
6.7
EPSS Score
0.002
Published
2019-03-05
If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine.
CVSS Score
4.4
EPSS Score
0.001
Published
2019-03-05