var-201912-0816
Vulnerability from variot
A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. The product supports storage of music, photos, App and contacts, etc. iCloud Installer is one of the iCloud installer components. A security vulnerability exists in the iCloud Installer component of Apple iCloud versions prior to 7.11 on Windows platforms. An attacker could exploit this vulnerability to execute arbitrary code. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-3-25-6 iCloud for Windows 7.11
iCloud for Windows 7.11 is now available and addresses the following:
CoreCrypto Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-6232: Stefan Kanthak (eskamation.de)
WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8506: Samuel Groß of Google Project Zero
WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team
WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6201: dwfault working with ADLab of Venustech CVE-2019-8518: Samuel Groß of Google Project Zero CVE-2019-8523: Apple CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8558: Samuel Groß of Google Project Zero CVE-2019-8559: Apple CVE-2019-8563: Apple
WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cross-origin issue existed with the fetch API. CVE-2019-8515: James Lee (@Windowsrcer)
WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8536: Apple CVE-2019-8544: an anonymous researcher
WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-7285: dwfault working at ADLab of Venustech CVE-2019-8556: Apple
WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A validation issue was addressed with improved logic. CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team
WebKit Available for: Windows 7 and later Impact: A malicious website may be able to execute scripts in the context of another website Description: A logic issue was addressed with improved validation. CVE-2019-8503: Linus Särud of Detectify
WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved validation. CVE-2019-6236: Stefan Kanthak (eskamation.de)
Additional recognition
Safari We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com) for their assistance.
WebKit We would like to acknowledge Andrey Kovalev of Yandex Security Team for their assistance.
Installation note:
iCloud for Windows 7.11 may be obtained from: https://support.apple.com/HT204283
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7spHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FvIRAA msR75UH21iTYcw51dCCfBKSvthsplmLy/4hXwdD975Qk23H6nPRH+0CDQf1E+y3C KmWHZafHoUjfyu28MH5bJcYV9LZ2cTNZ+88f7EKNAH7Ox5MfzEyCO5EtA7Q9F/1W HbMBS7HmWPTFPREI5HzNrilhvV6GvOkql/7Wsp9a6miOJ4QO7oHcLc1YZB9Vh25B xiQJZeJ443DKfJKeWVOL3qVyL3xqGUB0rN3LFIWrFpybfuMyuNwle6lwQvcy0ulK FBCmj1MNlsep0dQHdA/jaR3UYWcNBOTieAh7QTsdOsa+64cTrJtQOqhAtI7ffu3k c+v84wO9URzosbXZEmQgw9lKDd8k+o2qy13QNULsIf0KKeNdhKwNq1EzvvDF0z/a OMot5r1l1ufhKd9SHPJZ1ouXz5d5zx3hjGMMhCxINVKfa26ZEqlRW5ST/vtxwL0v Q8SsfefyowWTimnt+Wl52ErwNgyS/ejTgGRzmrR1zlIVBk2eczwTlMd4bmHYMTHu NHhIZl9CA6Amnb+YIWT55h/ghpj1P/HGdAcmMo844GfZGrHhG9vMjpvb7uP3+gsA sxN5p3YK6FtH3w3LmpEX6e5D3xt1JV3GjfrwzI8HCDZ4B7BXW9oCTqYBO1fjlD+U 5JiM2QuX58lIYitvAxfgAoWjU79AAZ9omZS4Q4D+n3Q= =0QP2 -----END PGP SIGNATURE-----=
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0816", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "icloud", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "7.11" }, { "model": "icloud", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "for windows 7.11 earlier" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.2 earlier" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.9.4 for windows earlier" }, { "model": "macos high sierra", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "(security update 2019-002 not applied )" }, { "model": "macos mojave", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "10.14.4 earlier" }, { "model": "macos sierra", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "(security update 2019-002 not applied )" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.1 earlier" }, { "model": "tvos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.2 earlier" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "5.2 earlier" }, { "model": "xcode", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "10.2 earlier" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-001923" }, { "db": "NVD", "id": "CVE-2019-6236" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionEndExcluding": "7.11", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-6236" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple,Stefan Kanthak (eskamation.de)", "sources": [ { "db": "CNNVD", "id": "CNNVD-201903-938" } ], "trust": 0.6 }, "cve": "CVE-2019-6236", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 4.9, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 4.9, "id": "VHN-157671", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-6236", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201903-938", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-157671", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-157671" }, { "db": "NVD", "id": "CVE-2019-6236" }, { "db": "CNNVD", "id": "CNNVD-201903-938" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. The product supports storage of music, photos, App and contacts, etc. iCloud Installer is one of the iCloud installer components. A security vulnerability exists in the iCloud Installer component of Apple iCloud versions prior to 7.11 on Windows platforms. An attacker could exploit this vulnerability to execute arbitrary code. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-3-25-6 iCloud for Windows 7.11\n\niCloud for Windows 7.11 is now available and addresses the following:\n\nCoreCrypto\nAvailable for: Windows 7 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-6232: Stefan Kanthak (eskamation.de)\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2019-8506: Samuel Gro\u00df of Google Project Zero\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2019-6201: dwfault working with ADLab of Venustech\nCVE-2019-8518: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8523: Apple\nCVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative\nCVE-2019-8558: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8559: Apple\nCVE-2019-8563: Apple\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cross-origin issue existed with the fetch API. \nCVE-2019-8515: James Lee (@Windowsrcer)\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8536: Apple\nCVE-2019-8544: an anonymous researcher\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-7285: dwfault working at ADLab of Venustech\nCVE-2019-8556: Apple\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: A malicious website may be able to execute scripts in the\ncontext of another website\nDescription: A logic issue was addressed with improved validation. \nCVE-2019-8503: Linus S\u00e4rud of Detectify\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved validation. \nCVE-2019-6236: Stefan Kanthak (eskamation.de)\n\nAdditional recognition\n\nSafari\nWe would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs\n(payatu.com) for their assistance. \n\nWebKit\nWe would like to acknowledge Andrey Kovalev of Yandex Security Team\nfor their assistance. \n\nInstallation note:\n\niCloud for Windows 7.11 may be obtained from:\nhttps://support.apple.com/HT204283\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7spHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FvIRAA\nmsR75UH21iTYcw51dCCfBKSvthsplmLy/4hXwdD975Qk23H6nPRH+0CDQf1E+y3C\nKmWHZafHoUjfyu28MH5bJcYV9LZ2cTNZ+88f7EKNAH7Ox5MfzEyCO5EtA7Q9F/1W\nHbMBS7HmWPTFPREI5HzNrilhvV6GvOkql/7Wsp9a6miOJ4QO7oHcLc1YZB9Vh25B\nxiQJZeJ443DKfJKeWVOL3qVyL3xqGUB0rN3LFIWrFpybfuMyuNwle6lwQvcy0ulK\nFBCmj1MNlsep0dQHdA/jaR3UYWcNBOTieAh7QTsdOsa+64cTrJtQOqhAtI7ffu3k\nc+v84wO9URzosbXZEmQgw9lKDd8k+o2qy13QNULsIf0KKeNdhKwNq1EzvvDF0z/a\nOMot5r1l1ufhKd9SHPJZ1ouXz5d5zx3hjGMMhCxINVKfa26ZEqlRW5ST/vtxwL0v\nQ8SsfefyowWTimnt+Wl52ErwNgyS/ejTgGRzmrR1zlIVBk2eczwTlMd4bmHYMTHu\nNHhIZl9CA6Amnb+YIWT55h/ghpj1P/HGdAcmMo844GfZGrHhG9vMjpvb7uP3+gsA\nsxN5p3YK6FtH3w3LmpEX6e5D3xt1JV3GjfrwzI8HCDZ4B7BXW9oCTqYBO1fjlD+U\n5JiM2QuX58lIYitvAxfgAoWjU79AAZ9omZS4Q4D+n3Q=\n=0QP2\n-----END PGP SIGNATURE-----=\n", "sources": [ { "db": "NVD", "id": "CVE-2019-6236" }, { "db": "JVNDB", "id": "JVNDB-2019-001923" }, { "db": "VULHUB", "id": "VHN-157671" }, { "db": "PACKETSTORM", "id": "152228" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-6236", "trust": 2.6 }, { "db": "JVN", "id": "JVNVU93236010", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-001923", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201903-938", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "152228", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.0986", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-157671", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-157671" }, { "db": "JVNDB", "id": "JVNDB-2019-001923" }, { "db": "PACKETSTORM", "id": "152228" }, { "db": "NVD", "id": "CVE-2019-6236" }, { "db": "CNNVD", "id": "CNNVD-201903-938" } ] }, "id": "VAR-201912-0816", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-157671" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:45:55.354000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "About the security content of iCloud for Windows 7.11", "trust": 0.8, "url": "https://support.apple.com/en-us/ht209605" }, { "title": "About the security content of watchOS 5.2", "trust": 0.8, "url": "https://support.apple.com/en-us/ht209602" }, { "title": "About the security content of iOS 12.2", "trust": 0.8, "url": "https://support.apple.com/en-us/ht209599" }, { "title": "About the security content of Xcode 10.2", "trust": 0.8, "url": "https://support.apple.com/en-us/ht209606" }, { "title": "About the security content of tvOS 12.2", "trust": 0.8, "url": "https://support.apple.com/en-us/ht209601" }, { "title": "About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra", "trust": 0.8, "url": "https://support.apple.com/en-us/ht209600" }, { "title": "About the security content of Safari 12.1", "trust": 0.8, "url": "https://support.apple.com/en-us/ht209603" }, { "title": "About the security content of iTunes 12.9.4 for Windows", "trust": 0.8, "url": "https://support.apple.com/en-us/ht209604" }, { "title": "Apple iCloud for Windows iCloud Installer Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90383" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-001923" }, { "db": "CNNVD", "id": "CNNVD-201903-938" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-362", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-157671" }, { "db": "NVD", "id": "CVE-2019-6236" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://support.apple.com/ht209605" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6236" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8558" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8559" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6232" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8563" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8556" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6232" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8520" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8561" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6236" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8522" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8562" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6239" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8526" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8563" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8556" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8507" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8533" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8565" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8555" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8508" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8537" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8567" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8553" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8510" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8554" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8513" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8558" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6207" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8519" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8559" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93236010/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8553" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8513" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6207" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8519" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8520" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8561" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8522" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8562" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6239" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8526" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8565" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8507" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8533" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8567" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8508" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8537" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8555" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8510" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8554" }, { "trust": 0.6, "url": "https://support.apple.com/en-au/ht209605" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/77790" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/152228/apple-security-advisory-2019-3-25-6.html" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht209605" }, { "trust": 0.1, "url": "https://support.apple.com/ht204283" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8524" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6201" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8544" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7285" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8506" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8523" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8536" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8542" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8503" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8535" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8515" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7292" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8551" } ], "sources": [ { "db": "VULHUB", "id": "VHN-157671" }, { "db": "JVNDB", "id": "JVNDB-2019-001923" }, { "db": "PACKETSTORM", "id": "152228" }, { "db": "NVD", "id": "CVE-2019-6236" }, { "db": "CNNVD", "id": "CNNVD-201903-938" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-157671" }, { "db": "JVNDB", "id": "JVNDB-2019-001923" }, { "db": "PACKETSTORM", "id": "152228" }, { "db": "NVD", "id": "CVE-2019-6236" }, { "db": "CNNVD", "id": "CNNVD-201903-938" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-12-18T00:00:00", "db": "VULHUB", "id": "VHN-157671" }, { "date": "2019-03-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-001923" }, { "date": "2019-03-26T14:43:31", "db": "PACKETSTORM", "id": "152228" }, { "date": "2019-12-18T18:15:21.270000", "db": "NVD", "id": "CVE-2019-6236" }, { "date": "2019-03-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201903-938" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-12-21T00:00:00", "db": "VULHUB", "id": "VHN-157671" }, { "date": "2020-01-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-001923" }, { "date": "2019-12-21T14:25:44.040000", "db": "NVD", "id": "CVE-2019-6236" }, { "date": "2021-10-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201903-938" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201903-938" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Apple Updates to product vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-001923" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "competition condition problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201903-938" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.