12.3.2

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-18	CVE-2019-8648	Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved input validation. network low complexity apple CWE-787 critical	9.8
2019-12-18	CVE-2019-8647	Use After Free vulnerability in Apple Tvos A use after free issue was addressed with improved memory management. network low complexity apple CWE-416 critical	9.8
2019-12-18	CVE-2019-8646	Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. network low complexity apple CWE-125	7.5
2019-12-18	CVE-2019-8644	Use After Free vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. network low complexity apple CWE-416	8.8
2019-12-18	CVE-2019-8641	Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. network low complexity apple CWE-125 critical	9.8
2019-12-11	CVE-2019-14899	A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. low complexity freebsd linux openbsd apple	7.4
2019-07-01	CVE-2019-13118	Type Confusion vulnerability in multiple products In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. network low complexity xmlsoft opensuse netapp oracle fedoraproject canonical apple CWE-843	5.3