var-201912-0118
Vulnerability from variot

An inconsistency in Wi-Fi network configuration settings was addressed. This issue is fixed in iOS 13.2 and iPadOS 13.2. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * * information leak * * User impersonation * * Arbitrary code execution * * UI Spoofing * * Insufficient access restrictions * * Service operation interruption (DoS) * * Privilege escalation * * Memory corruption * * Authentication bypass. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Setup Assistant is one of the installation assistant components. A security vulnerability exists in the Setup Assistant component in Apple iOS versions prior to 13.2 and iPadOS versions prior to 13.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2019-10-29-1 iOS 13.2 and iPadOS 13.2

iOS 13.2 and iPadOS 13.2 are now available and address the following:

Accounts Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at Technische Universität Darmstadt

App Store Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local attacker may be able to login to the account of a previously logged in user without valid credentials. Description: An authentication issue was addressed with improved state management. CVE-2019-8803: Kiyeon An, 차민규 (CHA Minkyu)

Associated Domains Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Improper URL processing may lead to data exfiltration Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation. CVE-2019-8788: Juha Lindstedt of Pakastin, Mirko Tanania, Rauli Rikama of Zero Keyboard Ltd

Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8785: Ian Beer of Google Project Zero CVE-2019-8797: 08Tc3wBB working with SSD Secure Disclosure

AVEVideoEncoder Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8795: 08Tc3wBB working with SSD Secure Disclosure

Books Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2019-8789: Gertjan Franken of imec-DistriNet, KU Leuven

Contacts Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously contact may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com)

File System Events Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8798: ABC Research s.r.o. working with Trend Micro's Zero Day Initiative

Graphics Driver Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8784: Vasiliy Vasilyev and Ilya Finogeev of Webinar, LLC

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8794: 08Tc3wBB working with SSD Secure Disclosure

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8786: an anonymous researcher

Screen Time Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local user may be able to record the screen without a visible screen recording indicator Description: A consistency issue existed in deciding when to show the screen recording indicator. The issue was resolved with improved state management. CVE-2019-8804: Christy Philip Mathew of Zimperium, Inc

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2019-8813: an anonymous researcher

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8782: Cheolung Lee of LINE+ Security Team CVE-2019-8783: Cheolung Lee of LINE+ Graylab Security Team CVE-2019-8808: found by OSS-Fuzz CVE-2019-8811: Soyeon Park of SSLab at Georgia Tech CVE-2019-8812: an anonymous researcher CVE-2019-8814: Cheolung Lee of LINE+ Security Team CVE-2019-8816: Soyeon Park of SSLab at Georgia Tech CVE-2019-8819: Cheolung Lee of LINE+ Security Team CVE-2019-8820: Samuel Groß of Google Project Zero CVE-2019-8821: Sergei Glazunov of Google Project Zero CVE-2019-8822: Sergei Glazunov of Google Project Zero CVE-2019-8823: Sergei Glazunov of Google Project Zero

WebKit Process Model Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8815: Apple

Additional recognition

CFNetwork We would like to acknowledge Lily Chen of Google for their assistance.

Kernel We would like to acknowledge Jann Horn of Google Project Zero for their assistance.

WebKit We would like to acknowledge Dlive of Tencent's Xuanwu Lab and Zhiyi Zhang of Codesafe Team of Legendsec at Qi'anxin Group for their assistance.

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

  • Navigate to Settings
  • Select General
  • Select About. The version after applying this update will be "iOS 13.2 and iPadOS 13.2".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24p5UpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M3v+g/+ Mffrv0Z/ZyoODELKoxbPFVk0AsQoZoOk5k2h84WaUyA9hJ007Ptv2ENTAU6xIOf4 F1ksBThWEeDJ/ucvJBbE5+V+F+8AkOhRLvvBvoH+u8x2vhUQK3Li5ojCgBptEHWU BnCFBHpbYXKxlyudqGfK3lLv3LChkNQpteYIB3asnY9H2uxHeofus8pOtGWuiG50 n8jdM8TriFlPamPOtHCvRT09j5OYOsZpS6eVFey6nWaWhaYQfbo0gk4cBaTjzmUW 4NvWYbxK9w/OmQN/QXdJ+H3cLqPhWBh5pmXrWlZTCYXlkD9XggsQL1/P7chkS/gp LdmG1VktxfWQQtfvwtzB2en3Xwd4xnkOcEcCdEIanQushCTagGNjNJN6a6PQy5lh FUHT8bDHBHV1bsirxGhV8lPk9byghCwcoC69ptCfPohDAVr20nVrPoxklWDlVYiC C3tbp2obFI2IV6LKPD4DUyPUo/VOv33j9+en8stZghLF7IuTJYm7V7PMuauxmXX4 wxrhDmrrA/H3GHeP/qHTlb0TcUurP3PoLU1GRn1djDccL607Gd49ezrvTIQxpU8N ZzgAdXeNgy3vjR88w6ZqUmpNWN8WItfwWQ7cRV+CiFGywcA+J23mzUWUNyYVLHUv /NnyM25nIe8IOrwFa2S/PaaMFr2fCvZeUkuG2/IYFh0= =QoQv -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0118",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ipados",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.2"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.2"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 11.0 earlier"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 7.15 earlier"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.2 earlier"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.2 earlier"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.10.2 for windows earlier"
      },
      {
        "model": "macos catalina",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.15.1 earlier"
      },
      {
        "model": "macos high sierra",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.13.6 (security update 2019-006 not applied )"
      },
      {
        "model": "macos mojave",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.14.6 (security update 2019-001 not applied )"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.0.3 earlier"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.2 earlier"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.1 earlier"
      },
      {
        "model": "xcode",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.2 earlier"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8804"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-8804"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "155058"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1727"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2019-8804",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.9,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 5.5,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.9,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 5.5,
            "id": "VHN-160239",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:A/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.1,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-8804",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201910-1727",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-160239",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160239"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1727"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An inconsistency in Wi-Fi network configuration settings was addressed. This issue is fixed in iOS 13.2 and iPadOS 13.2. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * * information leak * * User impersonation * * Arbitrary code execution * * UI Spoofing * * Insufficient access restrictions * * Service operation interruption (DoS) * * Privilege escalation * * Memory corruption * * Authentication bypass. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Setup Assistant is one of the installation assistant components. A security vulnerability exists in the Setup Assistant component in Apple iOS versions prior to 13.2 and iPadOS versions prior to 13.2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-10-29-1 iOS 13.2 and iPadOS 13.2\n\niOS 13.2 and iPadOS 13.2 are now available and address the following:\n\nAccounts\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to leak memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at\nTechnische Universit\u00e4t Darmstadt\n\nApp Store\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A local attacker may be able to login to the account of a\npreviously logged in user without valid credentials. \nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2019-8803: Kiyeon An, \ucc28\ubbfc\uaddc (CHA Minkyu)\n\nAssociated Domains\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Improper URL processing may lead to data exfiltration\nDescription: An issue existed in the parsing of URLs. This issue was\naddressed with improved input validation. \nCVE-2019-8788: Juha Lindstedt of Pakastin, Mirko Tanania, Rauli\nRikama of Zero Keyboard Ltd\n\nAudio\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8785: Ian Beer of Google Project Zero\nCVE-2019-8797: 08Tc3wBB working with SSD Secure Disclosure\n\nAVEVideoEncoder\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8795: 08Tc3wBB working with SSD Secure Disclosure\n\nBooks\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Parsing a maliciously crafted iBooks file may lead to\ndisclosure of user information\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2019-8789: Gertjan Franken of imec-DistriNet, KU Leuven\n\nContacts\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously contact may lead to UI spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com)\n\nFile System Events\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8798: ABC Research s.r.o. working with Trend Micro\u0027s Zero\nDay Initiative\n\nGraphics Driver\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8784: Vasiliy Vasilyev and Ilya Finogeev of Webinar, LLC\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2019-8794: 08Tc3wBB working with SSD Secure Disclosure\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8786: an anonymous researcher\n\nScreen Time\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A local user may be able to record the screen without a\nvisible screen recording indicator\nDescription: A consistency issue existed in deciding when to show the\nscreen recording indicator. The issue was resolved with improved\nstate management. \nCVE-2019-8804: Christy Philip Mathew of Zimperium, Inc\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8813: an anonymous researcher\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2019-8782: Cheolung Lee of LINE+ Security Team\nCVE-2019-8783: Cheolung Lee of LINE+ Graylab Security Team\nCVE-2019-8808: found by OSS-Fuzz\nCVE-2019-8811: Soyeon Park of SSLab at Georgia Tech\nCVE-2019-8812: an anonymous researcher\nCVE-2019-8814: Cheolung Lee of LINE+ Security Team\nCVE-2019-8816: Soyeon Park of SSLab at Georgia Tech\nCVE-2019-8819: Cheolung Lee of LINE+ Security Team\nCVE-2019-8820: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8821: Sergei Glazunov of Google Project Zero\nCVE-2019-8822: Sergei Glazunov of Google Project Zero\nCVE-2019-8823: Sergei Glazunov of Google Project Zero\n\nWebKit Process Model\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2019-8815: Apple\n\nAdditional recognition\n\nCFNetwork\nWe would like to acknowledge Lily Chen of Google for their\nassistance. \n\nKernel\nWe would like to acknowledge Jann Horn of Google Project Zero for\ntheir assistance. \n\nWebKit\nWe would like to acknowledge Dlive of Tencent\u0027s Xuanwu Lab and Zhiyi\nZhang of Codesafe Team of Legendsec at Qi\u0027anxin Group for their\nassistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 13.2 and iPadOS 13.2\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24p5UpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M3v+g/+\nMffrv0Z/ZyoODELKoxbPFVk0AsQoZoOk5k2h84WaUyA9hJ007Ptv2ENTAU6xIOf4\nF1ksBThWEeDJ/ucvJBbE5+V+F+8AkOhRLvvBvoH+u8x2vhUQK3Li5ojCgBptEHWU\nBnCFBHpbYXKxlyudqGfK3lLv3LChkNQpteYIB3asnY9H2uxHeofus8pOtGWuiG50\nn8jdM8TriFlPamPOtHCvRT09j5OYOsZpS6eVFey6nWaWhaYQfbo0gk4cBaTjzmUW\n4NvWYbxK9w/OmQN/QXdJ+H3cLqPhWBh5pmXrWlZTCYXlkD9XggsQL1/P7chkS/gp\nLdmG1VktxfWQQtfvwtzB2en3Xwd4xnkOcEcCdEIanQushCTagGNjNJN6a6PQy5lh\nFUHT8bDHBHV1bsirxGhV8lPk9byghCwcoC69ptCfPohDAVr20nVrPoxklWDlVYiC\nC3tbp2obFI2IV6LKPD4DUyPUo/VOv33j9+en8stZghLF7IuTJYm7V7PMuauxmXX4\nwxrhDmrrA/H3GHeP/qHTlb0TcUurP3PoLU1GRn1djDccL607Gd49ezrvTIQxpU8N\nZzgAdXeNgy3vjR88w6ZqUmpNWN8WItfwWQ7cRV+CiFGywcA+J23mzUWUNyYVLHUv\n/NnyM25nIe8IOrwFa2S/PaaMFr2fCvZeUkuG2/IYFh0=\n=QoQv\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-8804"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160239"
      },
      {
        "db": "PACKETSTORM",
        "id": "155058"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-8804",
        "trust": 2.6
      },
      {
        "db": "JVN",
        "id": "JVNVU96749516",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011304",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1727",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "155058",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4009",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-160239",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      },
      {
        "db": "PACKETSTORM",
        "id": "155058"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1727"
      }
    ]
  },
  "id": "VAR-201912-0118",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160239"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:51:46.413000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "About the security content of iCloud for Windows 11.0",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210727"
      },
      {
        "title": "About the security content of iCloud for Windows 7.15",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210728"
      },
      {
        "title": "About the security content of iOS 13.2 and iPadOS 13.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210721"
      },
      {
        "title": "About the security content of Xcode 11.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210729"
      },
      {
        "title": "About the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210722"
      },
      {
        "title": "About the security content of tvOS 13.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210723"
      },
      {
        "title": "About the security content of watchOS 6.1",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210724"
      },
      {
        "title": "About the security content of Safari 13.0.3",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210725"
      },
      {
        "title": "About the security content of iTunes 12.10.2 for Windows",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210726"
      },
      {
        "title": "Mac \u306b\u642d\u8f09\u3055\u308c\u3066\u3044\u308b macOS \u3092\u8abf\u3079\u308b",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht201260"
      },
      {
        "title": "Apple iOS  and iPadOS Setup Assistant Fixing measures for component authorization issues",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105855"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1727"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160239"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8804"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht210721"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8804"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8812"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8822"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8785"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8797"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8813"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8823"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8786"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8798"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8814"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8787"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8815"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8788"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8803"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8816"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8789"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8819"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8782"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8793"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8820"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8783"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8794"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8811"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8821"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8784"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8795"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8788"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8803"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8815"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8766"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8735"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8789"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8804"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8816"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8775"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8793"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8805"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8710"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8819"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8782"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8794"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8807"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8743"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8820"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8783"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8795"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8811"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8747"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8821"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8784"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8797"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8812"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8750"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8822"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8785"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8798"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8813"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8764"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8823"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8786"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8802"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8814"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8765"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8787"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu96749516/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8750"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8764"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8765"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8802"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8766"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8775"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8805"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8807"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8747"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8735"
      },
      {
        "trust": 0.7,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155058/apple-security-advisory-2019-10-29-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-30746"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4009/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht210721"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7152"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8808"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      },
      {
        "db": "PACKETSTORM",
        "id": "155058"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1727"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-160239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      },
      {
        "db": "PACKETSTORM",
        "id": "155058"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1727"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160239"
      },
      {
        "date": "2019-11-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      },
      {
        "date": "2019-11-01T17:05:53",
        "db": "PACKETSTORM",
        "id": "155058"
      },
      {
        "date": "2019-12-18T18:15:42.977000",
        "db": "NVD",
        "id": "CVE-2019-8804"
      },
      {
        "date": "2019-10-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-1727"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160239"
      },
      {
        "date": "2020-01-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      },
      {
        "date": "2019-12-26T16:26:17.573000",
        "db": "NVD",
        "id": "CVE-2019-8804"
      },
      {
        "date": "2021-10-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-1727"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1727"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Updates to product vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1727"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.