12.1.4

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-18	CVE-2019-6204	Cross-site Scripting vulnerability in Apple Safari A logic issue was addressed with improved validation. network apple CWE-79	4.3
2019-12-18	CVE-2019-6201	Out-of-bounds Write vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. network apple CWE-787 critical	9.3
2019-12-11	CVE-2019-14899	Man-in-the-Middle vulnerability in multiple products A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. low complexity freebsd linux openbsd apple CWE-300	7.4
2019-07-01	CVE-2019-13118	Type Confusion vulnerability in multiple products In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. network low complexity xmlsoft opensuse netapp oracle fedoraproject canonical apple CWE-843	5.3
2019-02-18	CVE-2019-8906	Out-of-bounds Read vulnerability in multiple products do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. local low complexity file-project canonical opensuse apple CWE-125	3.6