4.3
CVSSv2

CVE-2019-8625

Published: 18/12/2019 Updated: 15/03/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple icloud

apple itunes

apple tvos

Vendor Advisories

Several security issues were fixed in WebKitGTK+ ...
Several vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2019-8625 Sergei Glazunov discovered that maliciously crafted web content may lead to universal cross site scripting CVE-2019-8720 Wen Xu discovered that maliciously crafted web content may lead to arbitrary code execution CVE-2019-8769 Pierre Reim ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
Synopsis Moderate: GNOME security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for GNOME is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Moderate: Red Hat Quay v333 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat Quay v333 is now available with bug fixes and security updatesRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...
Synopsis Moderate: OpenShift Container Platform 46 compliance-operator security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container ...
Synopsis Moderate: webkitgtk4 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scor ...
Synopsis Moderate: OpenShift Container Platform 46 compliance-operator security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container ...
Synopsis Moderate: Red Hat OpenShift Container Storage 460 security, bug fix, enhancement update Type/Severity Security Advisory: Moderate Topic Updated images are now available for Red Hat OpenShift Container Storage 460 on Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ha ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4558-1 security () debian org wwwdebianorg/security/ Alberto Garcia November 04, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-07-2 iTunes for Windows 12101 iTunes for Windows 12101 is now available and addresses the following: UIFoundation Available for: Windows 7 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer overflow was addres ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-07-3 iCloud for Windows 107 iCloud for Windows 107 is now available and addresses the following: UIFoundation Available for: Windows 10 and later via the Microsoft Store Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-07-2 iTunes for Windows 12101 iTunes for Windows 12101 is now available and addresses the following: UIFoundation Available for: Windows 7 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer overflow was addres ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-07-4 iCloud for Windows 714 iCloud for Windows 714 is now available and addresses the following: UIFoundation Available for: Windows 7 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer overflow was addressed wi ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-07-4 iCloud for Windows 714 iCloud for Windows 714 is now available and addresses the following: UIFoundation Available for: Windows 7 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer overflow was addressed wi ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-07-3 iCloud for Windows 107 iCloud for Windows 107 is now available and addresses the following: UIFoundation Available for: Windows 10 and later via the Microsoft Store Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-29-7 Additional information for APPLE-SA-2019-9-26-4 Safari 13 Safari 13 addresses the following: WebKit Available for: macOS Mojave 10146 and macOS High Sierra 10136 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A lo ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-29-9 Additional information for APPLE-SA-2019-9-26-6 tvOS 13 tvOS 13 addresses the following: AppleFirmwareUpdateKext Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vuln ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-29-6 Additional information for APPLE-SA-2019-9-26-3 iOS 13 iOS 13 addresses the following: Bluetooth Available for: iPhone 6s and later Impact: Notification previews may show on Bluetooth accessories even when previews are disabled Description: A logic issue existed with the displ ...

Recent Articles

Apple Tackles Over a Dozen Bugs in its Catalina 10.15 Update
Threatpost • Tom Spring • 08 Oct 2019

Apple wasted little time snuffing out bugs in its macOS Catalina operating system. On Tuesday, Apple rolled out 16 patches addressing a wide range of Catalina bugs in components such as CoreAudio, IOGraphics and WebKit. The security fixes are exclusively for macOS 10.15; so pre-Catalina releases of macOS will have to wait for fixes.
While specifics are scant on each of the bugs addressed, Apple did share some details. Two bugs (CVE-2019-8781, CVE-2019-8717) impact the macOS kernel and woul...