cvelistv5 - cve-2019-6236

CVE-2019-6236 (GCVE-0-2019-6236)

Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 20:16

Summary

Severity ?

No CVSS data available.

CWE

Running the iCloud installer in an untrusted directory may result in arbitrary code execution

Assigner

apple

References

URL

Tags

https://support.apple.com/HT209605

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apple	iCloud for Windows	Affected: unspecified , < iCloud for Windows 7.11 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:16:24.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT209605"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iCloud for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iCloud for Windows 7.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Running the iCloud installer in an untrusted directory may result in arbitrary code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-18T17:33:15",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT209605"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-6236",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iCloud for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iCloud for Windows 7.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Running the iCloud installer in an untrusted directory may result in arbitrary code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT209605",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT209605"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2019-6236",
    "datePublished": "2019-12-18T17:33:15",
    "dateReserved": "2019-01-11T00:00:00",
    "dateUpdated": "2024-08-04T20:16:24.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\", \"versionEndExcluding\": \"7.11\", \"matchCriteriaId\": \"0B7B3A93-FF67-4AA7-8177-3A2F43BA63BE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution.\"}, {\"lang\": \"es\", \"value\": \"Se present\\u00f3 una condici\\u00f3n de carrera durante la instalaci\\u00f3n de iCloud para Windows. Esto se abord\\u00f3 con un mejor manejo del estado. Este problema es corregido en iCloud para Windows versi\\u00f3n 7.11. Ejecutar el instalador de iCloud en un directorio no confiable puede conllevar a una ejecuci\\u00f3n de c\\u00f3digo arbitrario.\"}]",
      "id": "CVE-2019-6236",
      "lastModified": "2024-11-21T04:46:16.890",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 4.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-12-18T18:15:21.270",
      "references": "[{\"url\": \"https://support.apple.com/HT209605\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT209605\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-362\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-6236\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2019-12-18T18:15:21.270\",\"lastModified\":\"2024-11-21T04:46:16.890\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Se present\u00f3 una condici\u00f3n de carrera durante la instalaci\u00f3n de iCloud para Windows. Esto se abord\u00f3 con un mejor manejo del estado. Este problema es corregido en iCloud para Windows versi\u00f3n 7.11. Ejecutar el instalador de iCloud en un directorio no confiable puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"7.11\",\"matchCriteriaId\":\"0B7B3A93-FF67-4AA7-8177-3A2F43BA63BE\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/HT209605\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT209605\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

VAR-201912-0816

Vulnerability from variot - Updated: 2023-12-18 10:45

A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. The product supports storage of music, photos, App and contacts, etc. iCloud Installer is one of the iCloud installer components. A security vulnerability exists in the iCloud Installer component of Apple iCloud versions prior to 7.11 on Windows platforms. An attacker could exploit this vulnerability to execute arbitrary code. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2019-3-25-6 iCloud for Windows 7.11

iCloud for Windows 7.11 is now available and addresses the following:

CoreCrypto Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-6232: Stefan Kanthak (eskamation.de)

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8506: Samuel Groß of Google Project Zero

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6201: dwfault working with ADLab of Venustech CVE-2019-8518: Samuel Groß of Google Project Zero CVE-2019-8523: Apple CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8558: Samuel Groß of Google Project Zero CVE-2019-8559: Apple CVE-2019-8563: Apple

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cross-origin issue existed with the fetch API. CVE-2019-8515: James Lee (@Windowsrcer)

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8536: Apple CVE-2019-8544: an anonymous researcher

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-7285: dwfault working at ADLab of Venustech CVE-2019-8556: Apple

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A validation issue was addressed with improved logic. CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team

WebKit Available for: Windows 7 and later Impact: A malicious website may be able to execute scripts in the context of another website Description: A logic issue was addressed with improved validation. CVE-2019-8503: Linus Särud of Detectify

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved validation. CVE-2019-6236: Stefan Kanthak (eskamation.de)

Additional recognition

Safari We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com) for their assistance.

WebKit We would like to acknowledge Andrey Kovalev of Yandex Security Team for their assistance.

Installation note:

iCloud for Windows 7.11 may be obtained from: https://support.apple.com/HT204283

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7spHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FvIRAA msR75UH21iTYcw51dCCfBKSvthsplmLy/4hXwdD975Qk23H6nPRH+0CDQf1E+y3C KmWHZafHoUjfyu28MH5bJcYV9LZ2cTNZ+88f7EKNAH7Ox5MfzEyCO5EtA7Q9F/1W HbMBS7HmWPTFPREI5HzNrilhvV6GvOkql/7Wsp9a6miOJ4QO7oHcLc1YZB9Vh25B xiQJZeJ443DKfJKeWVOL3qVyL3xqGUB0rN3LFIWrFpybfuMyuNwle6lwQvcy0ulK FBCmj1MNlsep0dQHdA/jaR3UYWcNBOTieAh7QTsdOsa+64cTrJtQOqhAtI7ffu3k c+v84wO9URzosbXZEmQgw9lKDd8k+o2qy13QNULsIf0KKeNdhKwNq1EzvvDF0z/a OMot5r1l1ufhKd9SHPJZ1ouXz5d5zx3hjGMMhCxINVKfa26ZEqlRW5ST/vtxwL0v Q8SsfefyowWTimnt+Wl52ErwNgyS/ejTgGRzmrR1zlIVBk2eczwTlMd4bmHYMTHu NHhIZl9CA6Amnb+YIWT55h/ghpj1P/HGdAcmMo844GfZGrHhG9vMjpvb7uP3+gsA sxN5p3YK6FtH3w3LmpEX6e5D3xt1JV3GjfrwzI8HCDZ4B7BXW9oCTqYBO1fjlD+U 5JiM2QuX58lIYitvAxfgAoWjU79AAZ9omZS4Q4D+n3Q= =0QP2 -----END PGP SIGNATURE-----=

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0816",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.11"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 7.11 earlier"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.2 earlier"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.9.4 for windows earlier"
      },
      {
        "model": "macos high sierra",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(security update 2019-002 not applied )"
      },
      {
        "model": "macos mojave",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.14.4 earlier"
      },
      {
        "model": "macos sierra",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(security update 2019-002 not applied )"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.1 earlier"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.2 earlier"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5.2 earlier"
      },
      {
        "model": "xcode",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.2 earlier"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6236"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.11",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6236"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple,Stefan Kanthak (eskamation.de)",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-938"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-6236",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "VHN-157671",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.6,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-6236",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201903-938",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-157671",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157671"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6236"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-938"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. The product supports storage of music, photos, App and contacts, etc. iCloud Installer is one of the iCloud installer components. A security vulnerability exists in the iCloud Installer component of Apple iCloud versions prior to 7.11 on Windows platforms. An attacker could exploit this vulnerability to execute arbitrary code. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-3-25-6 iCloud for Windows 7.11\n\niCloud for Windows 7.11 is now available and addresses the following:\n\nCoreCrypto\nAvailable for: Windows 7 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-6232: Stefan Kanthak (eskamation.de)\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2019-8506: Samuel Gro\u00df of Google Project Zero\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2019-6201: dwfault working with ADLab of Venustech\nCVE-2019-8518: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8523: Apple\nCVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative\nCVE-2019-8558: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8559: Apple\nCVE-2019-8563: Apple\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cross-origin issue existed with the fetch API. \nCVE-2019-8515: James Lee (@Windowsrcer)\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8536: Apple\nCVE-2019-8544: an anonymous researcher\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-7285: dwfault working at ADLab of Venustech\nCVE-2019-8556: Apple\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: A malicious website may be able to execute scripts in the\ncontext of another website\nDescription: A logic issue was addressed with improved validation. \nCVE-2019-8503: Linus S\u00e4rud of Detectify\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved validation. \nCVE-2019-6236: Stefan Kanthak (eskamation.de)\n\nAdditional recognition\n\nSafari\nWe would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs\n(payatu.com) for their assistance. \n\nWebKit\nWe would like to acknowledge Andrey Kovalev of Yandex Security Team\nfor their assistance. \n\nInstallation note:\n\niCloud for Windows 7.11 may be obtained from:\nhttps://support.apple.com/HT204283\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7spHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FvIRAA\nmsR75UH21iTYcw51dCCfBKSvthsplmLy/4hXwdD975Qk23H6nPRH+0CDQf1E+y3C\nKmWHZafHoUjfyu28MH5bJcYV9LZ2cTNZ+88f7EKNAH7Ox5MfzEyCO5EtA7Q9F/1W\nHbMBS7HmWPTFPREI5HzNrilhvV6GvOkql/7Wsp9a6miOJ4QO7oHcLc1YZB9Vh25B\nxiQJZeJ443DKfJKeWVOL3qVyL3xqGUB0rN3LFIWrFpybfuMyuNwle6lwQvcy0ulK\nFBCmj1MNlsep0dQHdA/jaR3UYWcNBOTieAh7QTsdOsa+64cTrJtQOqhAtI7ffu3k\nc+v84wO9URzosbXZEmQgw9lKDd8k+o2qy13QNULsIf0KKeNdhKwNq1EzvvDF0z/a\nOMot5r1l1ufhKd9SHPJZ1ouXz5d5zx3hjGMMhCxINVKfa26ZEqlRW5ST/vtxwL0v\nQ8SsfefyowWTimnt+Wl52ErwNgyS/ejTgGRzmrR1zlIVBk2eczwTlMd4bmHYMTHu\nNHhIZl9CA6Amnb+YIWT55h/ghpj1P/HGdAcmMo844GfZGrHhG9vMjpvb7uP3+gsA\nsxN5p3YK6FtH3w3LmpEX6e5D3xt1JV3GjfrwzI8HCDZ4B7BXW9oCTqYBO1fjlD+U\n5JiM2QuX58lIYitvAxfgAoWjU79AAZ9omZS4Q4D+n3Q=\n=0QP2\n-----END PGP SIGNATURE-----=\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6236"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157671"
      },
      {
        "db": "PACKETSTORM",
        "id": "152228"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6236",
        "trust": 2.6
      },
      {
        "db": "JVN",
        "id": "JVNVU93236010",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-938",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "152228",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0986",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-157671",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157671"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "PACKETSTORM",
        "id": "152228"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6236"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-938"
      }
    ]
  },
  "id": "VAR-201912-0816",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157671"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:45:55.354000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "About the security content of iCloud for Windows 7.11",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209605"
      },
      {
        "title": "About the security content of watchOS 5.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209602"
      },
      {
        "title": "About the security content of iOS 12.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209599"
      },
      {
        "title": "About the security content of Xcode 10.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209606"
      },
      {
        "title": "About the security content of tvOS 12.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209601"
      },
      {
        "title": "About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209600"
      },
      {
        "title": "About the security content of Safari 12.1",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209603"
      },
      {
        "title": "About the security content of iTunes 12.9.4 for Windows",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209604"
      },
      {
        "title": "Apple iCloud for Windows iCloud Installer Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90383"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-938"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157671"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6236"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht209605"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6236"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8558"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8559"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6232"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8563"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8556"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6232"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8520"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8561"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6236"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8522"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8562"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6239"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8526"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8563"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8556"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8507"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8533"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8565"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8555"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8508"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8537"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8567"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8553"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8510"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8554"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8513"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8558"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6207"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8519"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8559"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu93236010/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8553"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8513"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6207"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8519"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8520"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8561"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8522"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8562"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6239"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8526"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8565"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8507"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8533"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8567"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8508"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8537"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8555"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8510"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8554"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-au/ht209605"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/77790"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152228/apple-security-advisory-2019-3-25-6.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht209605"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht204283"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8524"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6201"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8544"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7285"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8518"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8506"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8523"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8536"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8542"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8503"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8535"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8515"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8551"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157671"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "PACKETSTORM",
        "id": "152228"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6236"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-938"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-157671"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "PACKETSTORM",
        "id": "152228"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6236"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-938"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-157671"
      },
      {
        "date": "2019-03-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "date": "2019-03-26T14:43:31",
        "db": "PACKETSTORM",
        "id": "152228"
      },
      {
        "date": "2019-12-18T18:15:21.270000",
        "db": "NVD",
        "id": "CVE-2019-6236"
      },
      {
        "date": "2019-03-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201903-938"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-157671"
      },
      {
        "date": "2020-01-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "date": "2019-12-21T14:25:44.040000",
        "db": "NVD",
        "id": "CVE-2019-6236"
      },
      {
        "date": "2021-10-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201903-938"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-938"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Updates to product vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "competition condition problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-938"
      }
    ],
    "trust": 0.6
  }
}

GHSA-7396-5HFJ-HQX5

Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6236"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-18T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution.",
  "id": "GHSA-7396-5hfj-hqx5",
  "modified": "2022-05-24T17:04:06Z",
  "published": "2022-05-24T17:04:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6236"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT209605"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2019-08569

Vulnerability from cnvd - Published: 2019-03-29

Title

Apple iCloud for Windows iCloud Installer代码执行漏洞

Description

Apple iCloud for Windows是美国苹果（Apple）公司的一款基于Windows平台的云服务，它支持存储音乐、照片、App和联系人等。iCloud Installer是其中的一个iCloud安装程序组件。基于Windows平台的Apple iCloud 7.11之前版本中的Windows Installer组件存在安全漏洞。攻击者可利用该漏洞执行任意代码。

Severity

高

Patch Name

Apple iCloud for Windows iCloud Installer代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/zh-cn/HT209605

Reference

https://support.apple.com/zh-cn/HT209605

Impacted products

Name
Apple iCloud for Windows <7.11

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6236",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6236"
    }
  },
  "description": "Apple iCloud for Windows\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u4e91\u670d\u52a1\uff0c\u5b83\u652f\u6301\u5b58\u50a8\u97f3\u4e50\u3001\u7167\u7247\u3001App\u548c\u8054\u7cfb\u4eba\u7b49\u3002iCloud Installer\u662f\u5176\u4e2d\u7684\u4e00\u4e2aiCloud\u5b89\u88c5\u7a0b\u5e8f\u7ec4\u4ef6\u3002\n\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Apple iCloud 7.11\u4e4b\u524d\u7248\u672c\u4e2d\u7684Windows Installer\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Stefan Kanthak (eskamation.de)",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT209605",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-08569",
  "openTime": "2019-03-29",
  "patchDescription": "Apple iCloud for Windows\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u4e91\u670d\u52a1\uff0c\u5b83\u652f\u6301\u5b58\u50a8\u97f3\u4e50\u3001\u7167\u7247\u3001App\u548c\u8054\u7cfb\u4eba\u7b49\u3002iCloud Installer\u662f\u5176\u4e2d\u7684\u4e00\u4e2aiCloud\u5b89\u88c5\u7a0b\u5e8f\u7ec4\u4ef6\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Apple iCloud 7.11\u4e4b\u524d\u7248\u672c\u4e2d\u7684Windows Installer\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iCloud for Windows iCloud Installer\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple iCloud for Windows \u003c7.11"
  },
  "referenceLink": "https://support.apple.com/zh-cn/HT209605",
  "serverity": "\u9ad8",
  "submitTime": "2019-03-28",
  "title": "Apple iCloud for Windows iCloud Installer\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CERTFR-2019-AVI-129

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple iOS versions antérieures à 12.2
Apple	macOS	Apple macOS Mojave versions antérieures à 10.14.4
Apple	macOS	Apple macOS High Sierra sans le correctif de sécurité 2019-002
Apple	N/A	Apple iTunes pour Windows versions antérieures à 12.9.4
Apple	N/A	Apple tvOS versions antérieures à 12.2
Apple	macOS	Apple macOS Sierra sans le correctif de sécurité 2019-002
Apple	N/A	Apple Xcode versions antérieures à 10.2
Apple	N/A	Apple iCloud pour Windows versions antérieures à 7.1
Apple	Safari	Apple Safari versions antérieures à 12.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT209599 du 25 mars 2019	None	vendor-advisory
Bulletin de sécurité Apple HT209601 du 25 mars 2019	None	vendor-advisory
Bulletin de sécurité Apple HT209604 du 25 mars 2019	None	vendor-advisory
Bulletin de sécurité Apple HT209605 du 25 mars 2019	None	vendor-advisory
Bulletin de sécurité Apple HT209603 du 25 mars 2019	None	vendor-advisory
Bulletin de sécurité Apple HT209600 du 25 mars 2019	None	vendor-advisory
Bulletin de sécurité Apple HT209606 du 25 mars 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple iOS versions ant\u00e9rieures \u00e0 12.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS Mojave versions ant\u00e9rieures \u00e0 10.14.4",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS High Sierra sans le correctif de s\u00e9curit\u00e9 2019-002",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.9.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple tvOS versions ant\u00e9rieures \u00e0 12.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS Sierra sans le correctif de s\u00e9curit\u00e9 2019-002",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Xcode versions ant\u00e9rieures \u00e0 10.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 12.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-6222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6222"
    },
    {
      "name": "CVE-2019-8544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8544"
    },
    {
      "name": "CVE-2019-8566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8566"
    },
    {
      "name": "CVE-2019-8524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8524"
    },
    {
      "name": "CVE-2019-8518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8518"
    },
    {
      "name": "CVE-2018-18313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18313"
    },
    {
      "name": "CVE-2019-8565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8565"
    },
    {
      "name": "CVE-2019-6207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6207"
    },
    {
      "name": "CVE-2019-8507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8507"
    },
    {
      "name": "CVE-2019-8523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8523"
    },
    {
      "name": "CVE-2019-8536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8536"
    },
    {
      "name": "CVE-2019-8545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8545"
    },
    {
      "name": "CVE-2019-8511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8511"
    },
    {
      "name": "CVE-2019-8561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8561"
    },
    {
      "name": "CVE-2019-8550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8550"
    },
    {
      "name": "CVE-2019-8546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8546"
    },
    {
      "name": "CVE-2019-8504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8504"
    },
    {
      "name": "CVE-2019-7286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7286"
    },
    {
      "name": "CVE-2019-8522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8522"
    },
    {
      "name": "CVE-2019-8517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8517"
    },
    {
      "name": "CVE-2019-8515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8515"
    },
    {
      "name": "CVE-2019-8562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8562"
    },
    {
      "name": "CVE-2019-6239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6239"
    },
    {
      "name": "CVE-2019-8540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8540"
    },
    {
      "name": "CVE-2019-8502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8502"
    },
    {
      "name": "CVE-2019-8526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8526"
    },
    {
      "name": "CVE-2019-8529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8529"
    },
    {
      "name": "CVE-2019-6201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6201"
    },
    {
      "name": "CVE-2019-8503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8503"
    },
    {
      "name": "CVE-2019-8549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8549"
    },
    {
      "name": "CVE-2018-4461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4461"
    },
    {
      "name": "CVE-2019-7293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7293"
    },
    {
      "name": "CVE-2019-8567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8567"
    },
    {
      "name": "CVE-2018-18311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
    },
    {
      "name": "CVE-2019-8563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8563"
    },
    {
      "name": "CVE-2019-6237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6237"
    },
    {
      "name": "CVE-2019-8514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8514"
    },
    {
      "name": "CVE-2019-8556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8556"
    },
    {
      "name": "CVE-2019-8513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8513"
    },
    {
      "name": "CVE-2019-8512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8512"
    },
    {
      "name": "CVE-2019-8510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8510"
    },
    {
      "name": "CVE-2018-12015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12015"
    },
    {
      "name": "CVE-2019-8527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8527"
    },
    {
      "name": "CVE-2019-8516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8516"
    },
    {
      "name": "CVE-2019-8508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8508"
    },
    {
      "name": "CVE-2019-8533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8533"
    },
    {
      "name": "CVE-2019-8558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8558"
    },
    {
      "name": "CVE-2019-8530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8530"
    },
    {
      "name": "CVE-2019-8553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8553"
    },
    {
      "name": "CVE-2019-8505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8505"
    },
    {
      "name": "CVE-2019-8520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8520"
    },
    {
      "name": "CVE-2019-8506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8506"
    },
    {
      "name": "CVE-2019-8542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8542"
    },
    {
      "name": "CVE-2019-8535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8535"
    },
    {
      "name": "CVE-2019-7284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7284"
    },
    {
      "name": "CVE-2019-8555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8555"
    },
    {
      "name": "CVE-2019-6236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6236"
    },
    {
      "name": "CVE-2019-8537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8537"
    },
    {
      "name": "CVE-2019-7292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7292"
    },
    {
      "name": "CVE-2019-6204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6204"
    },
    {
      "name": "CVE-2019-8521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8521"
    },
    {
      "name": "CVE-2019-8519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8519"
    },
    {
      "name": "CVE-2019-8551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8551"
    },
    {
      "name": "CVE-2019-8541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8541"
    },
    {
      "name": "CVE-2019-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6232"
    },
    {
      "name": "CVE-2019-8559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8559"
    },
    {
      "name": "CVE-2019-8552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8552"
    },
    {
      "name": "CVE-2019-7285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7285"
    },
    {
      "name": "CVE-2019-8554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8554"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-129",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-03-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209599 du 25 mars 2019",
      "url": "https://support.apple.com/en-us/HT209599"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209601 du 25 mars 2019",
      "url": "https://support.apple.com/en-us/HT209601"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209604 du 25 mars 2019",
      "url": "https://support.apple.com/en-us/HT209604"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209605 du 25 mars 2019",
      "url": "https://support.apple.com/en-us/HT209605"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209603 du 25 mars 2019",
      "url": "https://support.apple.com/en-us/HT209603"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209600 du 25 mars 2019",
      "url": "https://support.apple.com/en-us/HT209600"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209606 du 25 mars 2019",
      "url": "https://support.apple.com/en-us/HT209606"
    }
  ]
}

CERTFR-2019-AVI-129

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple iOS versions antérieures à 12.2
Apple	macOS	Apple macOS Mojave versions antérieures à 10.14.4
Apple	macOS	Apple macOS High Sierra sans le correctif de sécurité 2019-002
Apple	N/A	Apple iTunes pour Windows versions antérieures à 12.9.4
Apple	N/A	Apple tvOS versions antérieures à 12.2
Apple	macOS	Apple macOS Sierra sans le correctif de sécurité 2019-002
Apple	N/A	Apple Xcode versions antérieures à 10.2
Apple	N/A	Apple iCloud pour Windows versions antérieures à 7.1
Apple	Safari	Apple Safari versions antérieures à 12.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT209599 du 25 mars 2019	None	vendor-advisory
Bulletin de sécurité Apple HT209601 du 25 mars 2019	None	vendor-advisory
Bulletin de sécurité Apple HT209604 du 25 mars 2019	None	vendor-advisory
Bulletin de sécurité Apple HT209605 du 25 mars 2019	None	vendor-advisory
Bulletin de sécurité Apple HT209603 du 25 mars 2019	None	vendor-advisory
Bulletin de sécurité Apple HT209600 du 25 mars 2019	None	vendor-advisory
Bulletin de sécurité Apple HT209606 du 25 mars 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple iOS versions ant\u00e9rieures \u00e0 12.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS Mojave versions ant\u00e9rieures \u00e0 10.14.4",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS High Sierra sans le correctif de s\u00e9curit\u00e9 2019-002",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.9.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple tvOS versions ant\u00e9rieures \u00e0 12.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS Sierra sans le correctif de s\u00e9curit\u00e9 2019-002",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Xcode versions ant\u00e9rieures \u00e0 10.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 12.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-6222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6222"
    },
    {
      "name": "CVE-2019-8544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8544"
    },
    {
      "name": "CVE-2019-8566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8566"
    },
    {
      "name": "CVE-2019-8524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8524"
    },
    {
      "name": "CVE-2019-8518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8518"
    },
    {
      "name": "CVE-2018-18313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18313"
    },
    {
      "name": "CVE-2019-8565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8565"
    },
    {
      "name": "CVE-2019-6207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6207"
    },
    {
      "name": "CVE-2019-8507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8507"
    },
    {
      "name": "CVE-2019-8523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8523"
    },
    {
      "name": "CVE-2019-8536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8536"
    },
    {
      "name": "CVE-2019-8545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8545"
    },
    {
      "name": "CVE-2019-8511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8511"
    },
    {
      "name": "CVE-2019-8561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8561"
    },
    {
      "name": "CVE-2019-8550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8550"
    },
    {
      "name": "CVE-2019-8546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8546"
    },
    {
      "name": "CVE-2019-8504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8504"
    },
    {
      "name": "CVE-2019-7286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7286"
    },
    {
      "name": "CVE-2019-8522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8522"
    },
    {
      "name": "CVE-2019-8517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8517"
    },
    {
      "name": "CVE-2019-8515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8515"
    },
    {
      "name": "CVE-2019-8562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8562"
    },
    {
      "name": "CVE-2019-6239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6239"
    },
    {
      "name": "CVE-2019-8540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8540"
    },
    {
      "name": "CVE-2019-8502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8502"
    },
    {
      "name": "CVE-2019-8526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8526"
    },
    {
      "name": "CVE-2019-8529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8529"
    },
    {
      "name": "CVE-2019-6201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6201"
    },
    {
      "name": "CVE-2019-8503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8503"
    },
    {
      "name": "CVE-2019-8549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8549"
    },
    {
      "name": "CVE-2018-4461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4461"
    },
    {
      "name": "CVE-2019-7293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7293"
    },
    {
      "name": "CVE-2019-8567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8567"
    },
    {
      "name": "CVE-2018-18311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
    },
    {
      "name": "CVE-2019-8563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8563"
    },
    {
      "name": "CVE-2019-6237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6237"
    },
    {
      "name": "CVE-2019-8514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8514"
    },
    {
      "name": "CVE-2019-8556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8556"
    },
    {
      "name": "CVE-2019-8513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8513"
    },
    {
      "name": "CVE-2019-8512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8512"
    },
    {
      "name": "CVE-2019-8510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8510"
    },
    {
      "name": "CVE-2018-12015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12015"
    },
    {
      "name": "CVE-2019-8527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8527"
    },
    {
      "name": "CVE-2019-8516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8516"
    },
    {
      "name": "CVE-2019-8508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8508"
    },
    {
      "name": "CVE-2019-8533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8533"
    },
    {
      "name": "CVE-2019-8558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8558"
    },
    {
      "name": "CVE-2019-8530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8530"
    },
    {
      "name": "CVE-2019-8553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8553"
    },
    {
      "name": "CVE-2019-8505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8505"
    },
    {
      "name": "CVE-2019-8520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8520"
    },
    {
      "name": "CVE-2019-8506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8506"
    },
    {
      "name": "CVE-2019-8542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8542"
    },
    {
      "name": "CVE-2019-8535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8535"
    },
    {
      "name": "CVE-2019-7284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7284"
    },
    {
      "name": "CVE-2019-8555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8555"
    },
    {
      "name": "CVE-2019-6236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6236"
    },
    {
      "name": "CVE-2019-8537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8537"
    },
    {
      "name": "CVE-2019-7292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7292"
    },
    {
      "name": "CVE-2019-6204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6204"
    },
    {
      "name": "CVE-2019-8521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8521"
    },
    {
      "name": "CVE-2019-8519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8519"
    },
    {
      "name": "CVE-2019-8551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8551"
    },
    {
      "name": "CVE-2019-8541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8541"
    },
    {
      "name": "CVE-2019-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6232"
    },
    {
      "name": "CVE-2019-8559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8559"
    },
    {
      "name": "CVE-2019-8552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8552"
    },
    {
      "name": "CVE-2019-7285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7285"
    },
    {
      "name": "CVE-2019-8554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8554"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-129",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-03-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209599 du 25 mars 2019",
      "url": "https://support.apple.com/en-us/HT209599"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209601 du 25 mars 2019",
      "url": "https://support.apple.com/en-us/HT209601"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209604 du 25 mars 2019",
      "url": "https://support.apple.com/en-us/HT209604"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209605 du 25 mars 2019",
      "url": "https://support.apple.com/en-us/HT209605"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209603 du 25 mars 2019",
      "url": "https://support.apple.com/en-us/HT209603"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209600 du 25 mars 2019",
      "url": "https://support.apple.com/en-us/HT209600"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209606 du 25 mars 2019",
      "url": "https://support.apple.com/en-us/HT209606"
    }
  ]
}

FKIE_CVE-2019-6236

Vulnerability from fkie_nvd - Published: 2019-12-18 18:15 - Updated: 2024-11-21 04:46

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	product-security@apple.com	https://support.apple.com/HT209605	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT209605	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	icloud	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "0B7B3A93-FF67-4AA7-8177-3A2F43BA63BE",
              "versionEndExcluding": "7.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Se present\u00f3 una condici\u00f3n de carrera durante la instalaci\u00f3n de iCloud para Windows. Esto se abord\u00f3 con un mejor manejo del estado. Este problema es corregido en iCloud para Windows versi\u00f3n 7.11. Ejecutar el instalador de iCloud en un directorio no confiable puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2019-6236",
  "lastModified": "2024-11-21T04:46:16.890",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-18T18:15:21.270",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT209605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT209605"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2019-6236

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-6236

Aliases

CVE-2019-6236

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6236",
    "description": "A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution.",
    "id": "GSD-2019-6236"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6236"
      ],
      "details": "A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution.",
      "id": "GSD-2019-6236",
      "modified": "2023-12-13T01:23:49.059181Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2019-6236",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iCloud for Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "iCloud for Windows 7.11"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Running the iCloud installer in an untrusted directory may result in arbitrary code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT209605",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT209605"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.11",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-6236"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT209605",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT209605"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-12-21T14:25Z",
      "publishedDate": "2019-12-18T18:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-6236 (GCVE-0-2019-6236)

VAR-201912-0816

GHSA-7396-5HFJ-HQX5

CNVD-2019-08569

CERTFR-2019-AVI-129

Solution

CERTFR-2019-AVI-129

Solution

FKIE_CVE-2019-6236

GSD-2019-6236

Tags

Sightings

Nomenclature