Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2019-AVI-288
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Apple AirPort. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "AirPort Express, AirPort Extreme et AirPort Time Capsule base stations avec 802.11n sans la mise \u00e0 jour du microgiciel version 7.8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-8575",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8575"
},
{
"name": "CVE-2018-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6918"
},
{
"name": "CVE-2019-8588",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8588"
},
{
"name": "CVE-2019-7291",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7291"
},
{
"name": "CVE-2019-8580",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8580"
},
{
"name": "CVE-2019-8572",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8572"
},
{
"name": "CVE-2019-8581",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8581"
},
{
"name": "CVE-2019-8578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8578"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-288",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-06-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple AirPort.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple AirPort",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210091 du 20 juin 2019",
"url": "https://support.apple.com/en-us/HT210091"
}
]
}
CVE-2019-8580 (GCVE-0-2019-8580)
Vulnerability from cvelistv5 – Published: 2020-10-27 19:34 – Updated: 2024-08-04 21:24
VLAI?
EPSS
Summary
Source-routed IPv4 packets were disabled by default. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. Source-routed IPv4 packets may be unexpectedly accepted.
Severity ?
No CVSS data available.
CWE
- Source-routed IPv4 packets may be unexpectedly accepted
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Apple | AirPort Base Station Firmware Update |
Affected:
unspecified , < 7.9
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:27.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AirPort Base Station Firmware Update",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "AirPort Base Station Firmware Update",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Source-routed IPv4 packets were disabled by default. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. Source-routed IPv4 packets may be unexpectedly accepted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Source-routed IPv4 packets may be unexpectedly accepted",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-27T19:34:24",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210091"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AirPort Base Station Firmware Update",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.9"
}
]
}
},
{
"product_name": "AirPort Base Station Firmware Update",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Source-routed IPv4 packets were disabled by default. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. Source-routed IPv4 packets may be unexpectedly accepted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Source-routed IPv4 packets may be unexpectedly accepted"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT210090",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210090"
},
{
"name": "https://support.apple.com/en-us/HT210091",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210091"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8580",
"datePublished": "2020-10-27T19:34:24",
"dateReserved": "2019-02-18T00:00:00",
"dateUpdated": "2024-08-04T21:24:27.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6918 (GCVE-0-2018-6918)
Vulnerability from cvelistv5 – Published: 2018-04-04 14:00 – Updated: 2024-09-17 02:12
VLAI?
EPSS
Summary
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash.
Severity ?
No CVSS data available.
CWE
- Kernel crash or denial of service
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040628"
},
{
"name": "FreeBSD-SA-18:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:05.ipsec.asc"
},
{
"name": "103666",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103666"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210090"
},
{
"name": "20190531 APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/77"
},
{
"name": "20190611 APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "All supported versions of FreeBSD."
}
]
}
],
"datePublic": "2018-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Kernel crash or denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-20T20:06:04",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "1040628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040628"
},
{
"name": "FreeBSD-SA-18:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:05.ipsec.asc"
},
{
"name": "103666",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103666"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210090"
},
{
"name": "20190531 APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/77"
},
{
"name": "20190611 APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210091"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"DATE_PUBLIC": "2018-04-04T00:00:00",
"ID": "CVE-2018-6918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "All supported versions of FreeBSD."
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel crash or denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040628",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040628"
},
{
"name": "FreeBSD-SA-18:05",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:05.ipsec.asc"
},
{
"name": "103666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103666"
},
{
"name": "https://support.apple.com/kb/HT210090",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210090"
},
{
"name": "20190531 APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/77"
},
{
"name": "20190611 APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jun/6"
},
{
"name": "https://support.apple.com/kb/HT210091",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210091"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2018-6918",
"datePublished": "2018-04-04T14:00:00Z",
"dateReserved": "2018-02-12T00:00:00",
"dateUpdated": "2024-09-17T02:12:06.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8575 (GCVE-0-2019-8575)
Vulnerability from cvelistv5 – Published: 2020-10-27 19:25 – Updated: 2024-08-04 21:24
VLAI?
EPSS
Summary
The issue was addressed with improved data deletion. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A base station factory reset may not delete all user information.
Severity ?
No CVSS data available.
CWE
- A base station factory reset may not delete all user information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Apple | AirPort Base Station Firmware Update |
Affected:
unspecified , < 7.9
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:28.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AirPort Base Station Firmware Update",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "AirPort Base Station Firmware Update",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved data deletion. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A base station factory reset may not delete all user information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A base station factory reset may not delete all user information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-27T19:25:33",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210091"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AirPort Base Station Firmware Update",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.9"
}
]
}
},
{
"product_name": "AirPort Base Station Firmware Update",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The issue was addressed with improved data deletion. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A base station factory reset may not delete all user information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A base station factory reset may not delete all user information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT210090",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210090"
},
{
"name": "https://support.apple.com/en-us/HT210091",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210091"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8575",
"datePublished": "2020-10-27T19:25:33",
"dateReserved": "2019-02-18T00:00:00",
"dateUpdated": "2024-08-04T21:24:28.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7291 (GCVE-0-2019-7291)
Vulnerability from cvelistv5 – Published: 2020-10-27 19:24 – Updated: 2024-08-04 20:46
VLAI?
EPSS
Summary
A denial of service issue was addressed with improved memory handling. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. An attacker in a privileged position may be able to perform a denial of service attack.
Severity ?
No CVSS data available.
CWE
- An attacker in a privileged position may be able to perform a denial of service attack
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Apple | AirPort Base Station Firmware Update |
Affected:
unspecified , < 7.9
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AirPort Base Station Firmware Update",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "AirPort Base Station Firmware Update",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service issue was addressed with improved memory handling. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. An attacker in a privileged position may be able to perform a denial of service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker in a privileged position may be able to perform a denial of service attack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-27T19:24:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210091"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-7291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AirPort Base Station Firmware Update",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.9"
}
]
}
},
{
"product_name": "AirPort Base Station Firmware Update",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service issue was addressed with improved memory handling. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. An attacker in a privileged position may be able to perform a denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker in a privileged position may be able to perform a denial of service attack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT210090",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210090"
},
{
"name": "https://support.apple.com/en-us/HT210091",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210091"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-7291",
"datePublished": "2020-10-27T19:24:01",
"dateReserved": "2019-01-31T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8588 (GCVE-0-2019-8588)
Vulnerability from cvelistv5 – Published: 2020-10-27 19:37 – Updated: 2024-08-04 21:24
VLAI?
EPSS
Summary
A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause a system denial of service.
Severity ?
No CVSS data available.
CWE
- A remote attacker may be able to cause a system denial of service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Apple | AirPort Base Station Firmware Update |
Affected:
unspecified , < 7.9
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:29.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AirPort Base Station Firmware Update",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "AirPort Base Station Firmware Update",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause a system denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A remote attacker may be able to cause a system denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-27T19:37:50",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210091"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AirPort Base Station Firmware Update",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.9"
}
]
}
},
{
"product_name": "AirPort Base Station Firmware Update",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause a system denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A remote attacker may be able to cause a system denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT210090",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210090"
},
{
"name": "https://support.apple.com/en-us/HT210091",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210091"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8588",
"datePublished": "2020-10-27T19:37:50",
"dateReserved": "2019-02-18T00:00:00",
"dateUpdated": "2024-08-04T21:24:29.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8578 (GCVE-0-2019-8578)
Vulnerability from cvelistv5 – Published: 2020-10-27 19:27 – Updated: 2024-08-04 21:24
VLAI?
EPSS
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- A remote attacker may be able to cause arbitrary code execution
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Apple | AirPort Base Station Firmware Update |
Affected:
unspecified , < 7.9
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:29.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AirPort Base Station Firmware Update",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "AirPort Base Station Firmware Update",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A remote attacker may be able to cause arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-27T19:27:13",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210091"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AirPort Base Station Firmware Update",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.9"
}
]
}
},
{
"product_name": "AirPort Base Station Firmware Update",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A remote attacker may be able to cause arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT210090",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210090"
},
{
"name": "https://support.apple.com/en-us/HT210091",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210091"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8578",
"datePublished": "2020-10-27T19:27:13",
"dateReserved": "2019-02-18T00:00:00",
"dateUpdated": "2024-08-04T21:24:29.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8581 (GCVE-0-2019-8581)
Vulnerability from cvelistv5 – Published: 2020-10-27 19:37 – Updated: 2024-08-04 21:24
VLAI?
EPSS
Summary
An out-of-bounds read was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to leak memory.
Severity ?
No CVSS data available.
CWE
- A remote attacker may be able to leak memory
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Apple | AirPort Base Station Firmware Update |
Affected:
unspecified , < 7.9
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:27.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AirPort Base Station Firmware Update",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "AirPort Base Station Firmware Update",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to leak memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A remote attacker may be able to leak memory",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-27T19:37:37",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210091"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AirPort Base Station Firmware Update",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.9"
}
]
}
},
{
"product_name": "AirPort Base Station Firmware Update",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to leak memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A remote attacker may be able to leak memory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT210090",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210090"
},
{
"name": "https://support.apple.com/en-us/HT210091",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210091"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8581",
"datePublished": "2020-10-27T19:37:37",
"dateReserved": "2019-02-18T00:00:00",
"dateUpdated": "2024-08-04T21:24:27.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8572 (GCVE-0-2019-8572)
Vulnerability from cvelistv5 – Published: 2020-10-27 19:26 – Updated: 2024-08-04 21:24
VLAI?
EPSS
Summary
A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- A remote attacker may be able to cause arbitrary code execution
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Apple | AirPort Base Station Firmware Update |
Affected:
unspecified , < 7.9
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:28.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AirPort Base Station Firmware Update",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "AirPort Base Station Firmware Update",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A remote attacker may be able to cause arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-27T19:26:45",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210091"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AirPort Base Station Firmware Update",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.9"
}
]
}
},
{
"product_name": "AirPort Base Station Firmware Update",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.8"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A remote attacker may be able to cause arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT210090",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210090"
},
{
"name": "https://support.apple.com/en-us/HT210091",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210091"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8572",
"datePublished": "2020-10-27T19:26:45",
"dateReserved": "2019-02-18T00:00:00",
"dateUpdated": "2024-08-04T21:24:28.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…