Details of VAR-201912-0130

ID

VAR-201912-0130

CVE

CVE-2019-8772

TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-012754

DESCRIPTION

An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Falsification of information * Arbitrary code execution * Service operation interruption (DoS) * Privilege escalation * Authentication bypass. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. PDFKit is one of the PDF document generation components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-07-1 macOS Catalina 10.15 macOS Catalina 10.15 is now available and addresses the following: AMD Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8748: Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team apache_mod_php Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in PHP Description: Multiple issues were addressed by updating to PHP version 7.3.8. CVE-2019-11041 CVE-2019-11042 CoreAudio Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted movie may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved validation. CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Crash Reporter Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics Description: A race condition existed when reading and writing user preferences. This was addressed with improved state handling. CVE-2019-8757: William Cerniuk of Core Development, LLC Intel Graphics Driver Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8758: Lilang Wu and Moony Li of Trend Micro IOGraphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved restrictions. CVE-2019-8755: Lilang Wu and Moony Li of Trend Micro Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8717: Jann Horn of Google Project Zero Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2019-8781: Linus Henze (pinauten.de) Notes Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to view a user's locked notes Description: The contents of locked notes sometimes appeared in search results. CVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia Polytechnic Institute and State University PDFKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker may be able to exfiltrate the contents of an encrypted PDF Description: An issue existed in the handling of links in encrypted PDFs. CVE-2019-8772: Jens Müller of Ruhr University Bochum, Fabian Ising of FH Münster University of Applied Sciences, Vladislav Mladenov of Ruhr University Bochum, Christian Mainka of Ruhr University Bochum, Sebastian Schinzel of FH Münster University of Applied Sciences, and Jörg Schwenk of Ruhr University Bochum SharedFileList Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to access recent documents Description: The issue was addressed with improved permissions logic. CVE-2019-8770: Stanislav Zinukhov of Parallels International GmbH sips Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8701: Simon Huang(@HuangShaomang), Rong Fan(@fanrong1992) and pjf of IceSword Lab of Qihoo 360 UIFoundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative WebKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Visiting a maliciously crafted website may reveal browsing history Description: An issue existed in the drawing of web page elements. CVE-2019-8769: Piérre Reimertz (@reimertz) WebKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A user may be unable to delete browsing history items Description: "Clear History and Website Data" did not clear the history. CVE-2019-8768: Hugo S. Diaz (coldpointblue) Additional recognition Finder We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance. Gatekeeper We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance. Safari Data Importing We would like to acknowledge Kent Zoya for their assistance. Simple certificate enrollment protocol (SCEP) We would like to acknowledge an anonymous researcher for their assistance. Telephony We would like to acknowledge Phil Stokes from SentinelOne for their assistance. Installation note: macOS Catalina 10.15 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2blu0ACgkQBz4uGe3y 0M1A7g//e9fSj7PMQLPpztkv54U3jAPgU5jxKEIeSxvImDLg94YFDH1RxiZ8UP+4 R8tb2vEi+gEV/MWHQyExunrUoxMc0szqFEEyTcA1nxUMTsYtmQNDVeMlv4nc9sOs n3Eh1wajdkmnBJoEzQoJfM7W09ND0eFcyr2ucnH7bZXQWkG4ZdJwgtCA0kdlcODK Y7730ZREKqt88cBKJMow0y2CyeCWK4E1yWD6OTx0Iqf2fZXNinZw/ViDQEOrULy0 Dydi9GF8BmTWNQfiRd9quYN3k0ETe3jMYv7SFwv3LV820OobvY0qlSOAucjkjcNe SKhbewe2MRo5EXCRVPYgVMW9elVFtjgSITr7B7a/u6NGUW2jhFj1EeonvOaKDUqu Kybq7oa3F4EY1hZRs288GzIFdV8osjwggAJ4AithJVEa8fhepS4Q9wIDsEHgkHZa /epkzfoXTRNBMC2qf87i1vbLSrN9qxegxHoGn/dVzz/p008m3AfKZmndZ6vRG0ac jv/lw1lhaKVKyusvix3MU5GVwZvGVqYuqfISp+uaJEBJ4nuUw4LKuzimCAjjCmnw CV2Mz9aZG1PX5KrfuYwEc/bw49ODnCW3KiaCD0XlO4MdtEDA9lYoUdmsCbnmMzIa rJ3xEcFpjOnJVVXLIWopXzIb23/5YaKctqcRScfmGpoHKRIkzQo= =ibLV -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2019-8772 // JVNDB: JVNDB-2019-012754 // VULHUB: VHN-160207 // PACKETSTORM: 154768

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.15	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 10.9 earlier	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.16 (includes aas 8.2) earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.4.4 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	13.3 earlier	Trust: 0.8
vendor:	apple	model:	ipados	scope:	lt	version:	13.3 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	12.10.3 for windows earlier	Trust: 0.8
vendor:	apple	model:	macos catalina	scope:	lt	version:	10.15.2 earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	10.13.6 (security update 2019-007 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	eq	version:	10.14.6 (security update 2019-002 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	13.0.4 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	13.3 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.3.4 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	6.1.1 earlier	Trust: 0.8
vendor:	apple	model:	xcode	scope:	lt	version:	11.3 earlier	Trust: 0.8

sources: JVNDB: JVNDB-2019-012754 // NVD: CVE-2019-8772

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8772
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201910-331
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160207
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-8772
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-160207
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8772
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-160207 // CNNVD: CNNVD-201910-331 // NVD: CVE-2019-8772

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-326	Trust: 0.1

sources: VULHUB: VHN-160207 // NVD: CVE-2019-8772

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-331

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201910-331

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012754

PATCH

title:	About the security content of Safari 13.0.4	url:	https://support.apple.com/en-us/HT210792	Trust: 0.8
title:	About the security content of Xcode 11.3	url:	https://support.apple.com/en-us/HT210796	Trust: 0.8
title:	Mac に搭載されている macOS を調べる	url:	https://support.apple.com/ja-jp/HT201260	Trust: 0.8
title:	About the security content of iOS 13.3 and iPadOS 13.3	url:	https://support.apple.com/en-us/HT210785	Trust: 0.8
title:	About the security content of iCloud for Windows 10.9	url:	https://support.apple.com/en-us/HT210794	Trust: 0.8
title:	About the security content of iOS 12.4.4	url:	https://support.apple.com/en-us/HT210787	Trust: 0.8
title:	About the security content of iCloud for Windows 7.16 (includes AAS 8.2)	url:	https://support.apple.com/en-us/HT210795	Trust: 0.8
title:	About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra	url:	https://support.apple.com/en-us/HT210788	Trust: 0.8
title:	About the security content of iTunes 12.10.3 for Windows	url:	https://support.apple.com/en-us/HT210793	Trust: 0.8
title:	About the security content of watchOS 6.1.1	url:	https://support.apple.com/en-us/HT210789	Trust: 0.8
title:	About the security content of tvOS 13.3	url:	https://support.apple.com/en-us/HT210790	Trust: 0.8
title:	About the security content of watchOS 5.3.4	url:	https://support.apple.com/en-us/HT210791	Trust: 0.8
title:	Apple macOS Catalina Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99035	Trust: 0.6

sources: JVNDB: JVNDB-2019-012754 // CNNVD: CNNVD-201910-331

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8772	Trust: 2.6
db:	JVN	id:	JVNVU99404393	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-012754	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-331	Trust: 0.7
db:	PACKETSTORM	id:	154768	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3758	Trust: 0.6
db:	VULHUB	id:	VHN-160207	Trust: 0.1

sources: VULHUB: VHN-160207 // JVNDB: JVNDB-2019-012754 // PACKETSTORM: 154768 // CNNVD: CNNVD-201910-331 // NVD: CVE-2019-8772

REFERENCES

url:	https://support.apple.com/kb/ht210722	Trust: 1.7
url:	https://support.apple.com/ht210634	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8772	Trust: 1.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8758	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8730	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8768	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8769	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8701	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8745	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8770	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8705	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8748	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8755	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8781	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8717	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8757	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8701	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8745	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8770	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8705	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8748	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8772	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8707	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8755	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8781	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8717	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8757	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8719	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8758	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8726	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8763	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8730	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8768	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8625	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8733	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8769	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99404393/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8719	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8726	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8763	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8733	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8625	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8707	Trust: 0.8
url:	https://support.apple.com/en-il/ht210634	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3758/	Trust: 0.6
url:	https://packetstormsecurity.com/files/154768/apple-security-advisory-2019-10-07-1.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht210722	Trust: 0.6
url:	https://support.apple.com/en-us/ht210634	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11042	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11041	Trust: 0.1
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1

sources: VULHUB: VHN-160207 // JVNDB: JVNDB-2019-012754 // PACKETSTORM: 154768 // CNNVD: CNNVD-201910-331 // NVD: CVE-2019-8772

CREDITS

Apple

Trust: 0.7

sources: PACKETSTORM: 154768 // CNNVD: CNNVD-201910-331

SOURCES

db:	VULHUB	id:	VHN-160207
db:	JVNDB	id:	JVNDB-2019-012754
db:	PACKETSTORM	id:	154768
db:	CNNVD	id:	CNNVD-201910-331
db:	NVD	id:	CVE-2019-8772

LAST UPDATE DATE

2024-08-14T12:45:42.470000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-160207	date:	2020-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-012754	date:	2020-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201910-331	date:	2022-01-04T00:00:00
db:	NVD	id:	CVE-2019-8772	date:	2022-01-01T20:08:23.077

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-160207	date:	2019-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-012754	date:	2019-12-12T00:00:00
db:	PACKETSTORM	id:	154768	date:	2019-10-08T19:59:26
db:	CNNVD	id:	CNNVD-201910-331	date:	2019-10-08T00:00:00
db:	NVD	id:	CVE-2019-8772	date:	2019-12-18T18:15:40.147