Details of VAR-201912-0121

ID

VAR-201912-0121

CVE

CVE-2019-8807

TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-011304

DESCRIPTION

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1. An application may be able to execute arbitrary code with system privileges. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * * information leak * * User impersonation * * Arbitrary code execution * * UI Spoofing * * Insufficient access restrictions * * Service operation interruption (DoS) * * Privilege escalation * * Memory corruption * * Authentication bypass. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Intel Graphics Driver is one of the integrated graphics drivers. A security vulnerability exists in the Intel Graphics Driver component of Apple macOS Catalina prior to 10.15.1

Trust: 1.71

sources: NVD: CVE-2019-8807 // JVNDB: JVNDB-2019-011304 // VULHUB: VHN-160242

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.1	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 11.0 earlier	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.15 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	13.2 earlier	Trust: 0.8
vendor:	apple	model:	ipados	scope:	lt	version:	13.2 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	12.10.2 for windows earlier	Trust: 0.8
vendor:	apple	model:	macos catalina	scope:	lt	version:	10.15.1 earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	10.13.6 (security update 2019-006 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	eq	version:	10.14.6 (security update 2019-001 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	13.0.3 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	13.2 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	6.1 earlier	Trust: 0.8
vendor:	apple	model:	xcode	scope:	lt	version:	11.2 earlier	Trust: 0.8

sources: JVNDB: JVNDB-2019-011304 // NVD: CVE-2019-8807

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8807
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201910-1748
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160242
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-8807
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-160242
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8807
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-160242 // CNNVD: CNNVD-201910-1748 // NVD: CVE-2019-8807

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-119	Trust: 0.1

sources: VULHUB: VHN-160242 // NVD: CVE-2019-8807

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-1748

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1748

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011304

PATCH

title:	About the security content of iCloud for Windows 11.0	url:	https://support.apple.com/en-us/HT210727	Trust: 0.8
title:	About the security content of iCloud for Windows 7.15	url:	https://support.apple.com/en-us/HT210728	Trust: 0.8
title:	About the security content of iOS 13.2 and iPadOS 13.2	url:	https://support.apple.com/en-us/HT210721	Trust: 0.8
title:	About the security content of Xcode 11.2	url:	https://support.apple.com/en-us/HT210729	Trust: 0.8
title:	About the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006	url:	https://support.apple.com/en-us/HT210722	Trust: 0.8
title:	About the security content of tvOS 13.2	url:	https://support.apple.com/en-us/HT210723	Trust: 0.8
title:	About the security content of watchOS 6.1	url:	https://support.apple.com/en-us/HT210724	Trust: 0.8
title:	About the security content of Safari 13.0.3	url:	https://support.apple.com/en-us/HT210725	Trust: 0.8
title:	About the security content of iTunes 12.10.2 for Windows	url:	https://support.apple.com/en-us/HT210726	Trust: 0.8
title:	Mac に搭載されている macOS を調べる	url:	https://support.apple.com/ja-jp/HT201260	Trust: 0.8
title:	Apple macOS Catalina Intel Graphics Driver Fix for component buffer error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105597	Trust: 0.6

sources: JVNDB: JVNDB-2019-011304 // CNNVD: CNNVD-201910-1748

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8807	Trust: 2.5
db:	JVN	id:	JVNVU96749516	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-011304	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-1748	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4010	Trust: 0.6
db:	CNVD	id:	CNVD-2020-03284	Trust: 0.1
db:	VULHUB	id:	VHN-160242	Trust: 0.1

sources: VULHUB: VHN-160242 // JVNDB: JVNDB-2019-011304 // CNNVD: CNNVD-201910-1748 // NVD: CVE-2019-8807

REFERENCES

url:	https://support.apple.com/ht210722	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8807	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8788	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8803	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8815	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8766	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8735	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8789	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8804	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8816	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8775	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8793	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8805	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8710	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8819	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8782	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8794	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8807	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8743	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8820	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8783	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8795	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8811	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8747	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8821	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8784	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8797	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8812	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8750	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8822	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8785	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8798	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8813	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8764	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8823	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8786	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8802	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8814	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8765	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8787	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu96749516/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8812	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8750	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8822	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8785	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8797	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8813	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8764	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8823	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8786	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8798	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8814	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8765	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8787	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8802	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8815	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8766	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8788	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8803	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8804	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8816	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8775	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8789	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8805	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8710	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8819	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8782	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8793	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8743	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8820	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8783	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8794	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8811	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8747	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8821	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8784	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8735	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8795	Trust: 0.8
url:	https://support.apple.com/en-au/ht201222	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-30747	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4010/	Trust: 0.6
url:	https://support.apple.com/en-us/ht210722	Trust: 0.6

sources: VULHUB: VHN-160242 // JVNDB: JVNDB-2019-011304 // CNNVD: CNNVD-201910-1748 // NVD: CVE-2019-8807

SOURCES

db:	VULHUB	id:	VHN-160242
db:	JVNDB	id:	JVNDB-2019-011304
db:	CNNVD	id:	CNNVD-201910-1748
db:	NVD	id:	CVE-2019-8807

LAST UPDATE DATE

2024-08-14T12:38:49+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-160242	date:	2019-12-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-011304	date:	2020-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201910-1748	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2019-8807	date:	2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-160242	date:	2019-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-011304	date:	2019-11-01T00:00:00
db:	CNNVD	id:	CNNVD-201910-1748	date:	2019-10-30T00:00:00
db:	NVD	id:	CVE-2019-8807	date:	2019-12-18T18:15:43.333