Vulnerability-Lookup

CVE-2019-8761 (GCVE-0-2019-8761)

Vulnerability from cvelistv5 – Published: 2020-10-27 19:49 – Updated: 2024-08-04 21:31

Summary

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information.

Severity ?

No CVSS data available.

CWE

Parsing a maliciously crafted text file may lead to disclosure of user information

Assigner

apple

References

URL

FKIE_CVE-2019-8761

Vulnerability from fkie_nvd - Published: 2020-10-27 20:15 - Updated: 2024-11-21 04:50

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/HT210634	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT210722	Vendor Advisory
product-security@apple.com	https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT210634	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT210722	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28B89FF-E2E1-498A-AF43-C8DE5DA352CD",
              "versionEndExcluding": "10.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information."
    },
    {
      "lang": "es",
      "value": "Este problema se corrigi\u00f3 con comprobaciones mejoradas.\u0026#xa0;Este problema se corrigi\u00f3 en macOS Catalina versi\u00f3n 10.15.1, Security Update 2019-001 y Security Update 2019-006, macOS Catalina versi\u00f3n 10.15.\u0026#xa0;Analizar un archivo de texto dise\u00f1ado maliciosamente puede conllevar a una divulgaci\u00f3n de informaci\u00f3n del usuario"
    }
  ],
  "id": "CVE-2019-8761",
  "lastModified": "2024-11-21T04:50:25.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-27T20:15:19.017",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT210634"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT210722"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT210634"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT210722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2019-44541

Vulnerability from cnvd - Published: 2019-12-10

Title

Apple macOS Catalina信息泄露漏洞

Description

Apple macOS Catalina是美国苹果（Apple）公司的一套专为Mac计算机所开发的专用操作系统。UIFoundation是其中的一个UI框架组件。 Apple macOS Catalina 10.15.1之前版本中的UIFoundation组件存在安全漏洞。攻击者可借助恶意制作的文本文件利用该漏洞泄露用户信息。

Severity

中

Patch Name

Apple macOS Catalina信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/zh-cn/HT210722

Reference

https://packetstormsecurity.com/files/155067/Apple-Security-Advisory-2019-10-29-2.html https://vigilance.fr/vulnerability/Apple-macOS-multiple-vulnerabilities-30747

Impacted products

Name
Apple macOS Catalina <10.15.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-8761"
    }
  },
  "description": "Apple macOS Catalina\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002UIFoundation\u662f\u5176\u4e2d\u7684\u4e00\u4e2aUI\u6846\u67b6\u7ec4\u4ef6\u3002\n\nApple macOS Catalina 10.15.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684UIFoundation\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u5236\u4f5c\u7684\u6587\u672c\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u7528\u6237\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT210722",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-44541",
  "openTime": "2019-12-10",
  "patchDescription": "Apple macOS Catalina\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002UIFoundation\u662f\u5176\u4e2d\u7684\u4e00\u4e2aUI\u6846\u67b6\u7ec4\u4ef6\u3002\r\n\r\nApple macOS Catalina 10.15.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684UIFoundation\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u5236\u4f5c\u7684\u6587\u672c\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u7528\u6237\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple macOS Catalina\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple macOS Catalina \u003c10.15.1"
  },
  "referenceLink": "https://packetstormsecurity.com/files/155067/Apple-Security-Advisory-2019-10-29-2.html\r\nhttps://vigilance.fr/vulnerability/Apple-macOS-multiple-vulnerabilities-30747",
  "serverity": "\u4e2d",
  "submitTime": "2019-11-05",
  "title": "Apple macOS Catalina\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CERTFR-2019-AVI-539

Vulnerability from certfr_avis - Published: 2019-10-30 - Updated: 2019-10-31

De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une exécution de code arbitraire à distance, un déni de service ou un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions antérieures à 6.1
Apple	N/A	tvOS versions antérieures à 13.2
Apple	N/A	iCloud pour Windows 10 versions antérieures à 11.0
Apple	Safari	Safari versions antérieures à 13.0.3
Apple	N/A	iOS versions antérieures à 13.2
Apple	N/A	iPadOS versions antérieures à 13.2
Apple	N/A	iCloud pour Windows 7 versions antérieures à 7.15
Apple	N/A	iTunes versions antérieures à 12.10.2
Apple	macOS	macOS Catalina versions antérieures à 10.15.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 28, 29 et 30 octobre 2019	None	vendor-advisory
Bulletin de sécurité Apple MacOS du 29 octobre 2019	-	other
Bulletin de sécurité iCloud pour Windows 11.0 du 30 octobre 2019	-	other
Bulletin de sécurité iOS et iPadOS du 28 octobre 2019	-	other
Bulletin de sécurité Apple tvOS du 28 octobre 2019	-	other
Bulletin de sécurité iCloud pour Windows 7.15 du 30 octobre 2019	-	other
Bulletin de sécurité Safari du 28 octobre 2019	-	other
Bulletin de sécurité iTunes du 30 octobre 2019	-	other
Bulletin de sécurité Apple WatchOS du 29 octobre 2019	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows 10 versions ant\u00e9rieures \u00e0 11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 13.0.3",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows 7 versions ant\u00e9rieures \u00e0 7.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.10.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-8788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8788"
    },
    {
      "name": "CVE-2019-8764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8764"
    },
    {
      "name": "CVE-2019-8793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8793"
    },
    {
      "name": "CVE-2019-8715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8715"
    },
    {
      "name": "CVE-2019-8747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8747"
    },
    {
      "name": "CVE-2018-12153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12153"
    },
    {
      "name": "CVE-2019-8767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8767"
    },
    {
      "name": "CVE-2019-8813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8813"
    },
    {
      "name": "CVE-2019-8736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8736"
    },
    {
      "name": "CVE-2019-8756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8756"
    },
    {
      "name": "CVE-2019-8808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8808"
    },
    {
      "name": "CVE-2019-8815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8815"
    },
    {
      "name": "CVE-2019-8807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8807"
    },
    {
      "name": "CVE-2019-8765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8765"
    },
    {
      "name": "CVE-2019-8710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8710"
    },
    {
      "name": "CVE-2019-8509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8509"
    },
    {
      "name": "CVE-2017-7152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7152"
    },
    {
      "name": "CVE-2019-8794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8794"
    },
    {
      "name": "CVE-2019-8804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8804"
    },
    {
      "name": "CVE-2019-8706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8706"
    },
    {
      "name": "CVE-2019-8785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8785"
    },
    {
      "name": "CVE-2019-8708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8708"
    },
    {
      "name": "CVE-2019-8743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8743"
    },
    {
      "name": "CVE-2019-8749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8749"
    },
    {
      "name": "CVE-2019-8775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8775"
    },
    {
      "name": "CVE-2019-8716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8716"
    },
    {
      "name": "CVE-2019-8812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8812"
    },
    {
      "name": "CVE-2019-8802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8802"
    },
    {
      "name": "CVE-2019-8784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8784"
    },
    {
      "name": "CVE-2019-8737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8737"
    },
    {
      "name": "CVE-2019-8821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8821"
    },
    {
      "name": "CVE-2019-8820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8820"
    },
    {
      "name": "CVE-2019-8795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8795"
    },
    {
      "name": "CVE-2019-8766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8766"
    },
    {
      "name": "CVE-2019-8816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8816"
    },
    {
      "name": "CVE-2019-8819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8819"
    },
    {
      "name": "CVE-2019-8789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8789"
    },
    {
      "name": "CVE-2019-8759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8759"
    },
    {
      "name": "CVE-2019-8744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8744"
    },
    {
      "name": "CVE-2019-8822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8822"
    },
    {
      "name": "CVE-2019-8801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8801"
    },
    {
      "name": "CVE-2019-8803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8803"
    },
    {
      "name": "CVE-2019-8783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8783"
    },
    {
      "name": "CVE-2019-8805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8805"
    },
    {
      "name": "CVE-2019-8750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8750"
    },
    {
      "name": "CVE-2018-12152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12152"
    },
    {
      "name": "CVE-2019-8786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8786"
    },
    {
      "name": "CVE-2019-8787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8787"
    },
    {
      "name": "CVE-2019-8823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8823"
    },
    {
      "name": "CVE-2019-8798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8798"
    },
    {
      "name": "CVE-2019-8817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8817"
    },
    {
      "name": "CVE-2019-8761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8761"
    },
    {
      "name": "CVE-2019-8814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8814"
    },
    {
      "name": "CVE-2019-8797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8797"
    },
    {
      "name": "CVE-2018-12154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12154"
    },
    {
      "name": "CVE-2019-8811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8811"
    },
    {
      "name": "CVE-2019-8782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8782"
    }
  ],
  "initial_release_date": "2019-10-30T00:00:00",
  "last_revision_date": "2019-10-31T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple MacOS du 29 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210722"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iCloud pour Windows 11.0 du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210727"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iOS et iPadOS du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210721"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple tvOS du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210723"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iCloud pour Windows 7.15 du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210728"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Safari du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210725"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iTunes du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210726"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple WatchOS du 29 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210724"
    }
  ],
  "reference": "CERTFR-2019-AVI-539",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-10-30T00:00:00.000000"
    },
    {
      "description": "Rajout des avis pour Safari, iOS, iPadOS, tvOS, iTunes et iCloud",
      "revision_date": "2019-10-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, une ex\u00e9cution de code arbitraire \u00e0\ndistance, un d\u00e9ni de service ou un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 28, 29 et 30 octobre 2019",
      "url": null
    }
  ]
}

GHSA-PQJH-MMH7-2G8C

Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2024-07-08 12:31

Details

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-8761"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-27T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information.",
  "id": "GHSA-pqjh-mmh7-2g8c",
  "modified": "2024-07-08T12:31:04Z",
  "published": "2022-05-24T17:32:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8761"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210634"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210722"
    },
    {
      "type": "WEB",
      "url": "https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-8761

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-8761

Aliases

CVE-2019-8761

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-8761",
    "description": "This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information.",
    "id": "GSD-2019-8761"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-8761"
      ],
      "details": "This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information.",
      "id": "GSD-2019-8761",
      "modified": "2023-12-13T01:23:48.497682Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2019-8761",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "10.15"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "10.15"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Parsing a maliciously crafted text file may lead to disclosure of user information"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT210634",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT210634"
          },
          {
            "name": "https://support.apple.com/en-us/HT210722",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT210722"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8761"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT210634",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT210634"
            },
            {
              "name": "https://support.apple.com/en-us/HT210722",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT210722"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-10-27T20:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-8761 (GCVE-0-2019-8761)

FKIE_CVE-2019-8761

CNVD-2019-44541

CERTFR-2019-AVI-539

Solution

GHSA-PQJH-MMH7-2G8C

GSD-2019-8761

Tags

Sightings

Nomenclature