Vulnerabilities > Apple > Iphone OS > 12.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-18 | CVE-2019-8658 | Cross-site Scripting vulnerability in Apple products A logic issue was addressed with improved state management. | 4.3 |
| 2019-12-18 | CVE-2019-8657 | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 6.8 |
| 2019-12-18 | CVE-2019-8649 | Cross-site Scripting vulnerability in Apple products A logic issue existed in the handling of synchronous page loads. | 4.3 |
| 2019-12-18 | CVE-2019-8648 | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved input validation. | 7.5 |
| 2019-12-18 | CVE-2019-8647 | Use After Free vulnerability in Apple Iphone OS A use after free issue was addressed with improved memory management. | 7.5 |
| 2019-12-18 | CVE-2019-8646 | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 5.0 |
| 2019-12-18 | CVE-2019-8644 | Use After Free vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
| 2019-12-18 | CVE-2019-8641 | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 7.5 |
| 2019-12-11 | CVE-2019-14899 | Man-in-the-Middle vulnerability in multiple products A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. | 7.4 |
| 2019-07-01 | CVE-2019-13118 | Type Confusion vulnerability in multiple products In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. | 5.3 |