Vulnerability-Lookup

alsa-2020:4451

Vulnerability from osv_almalinux

Published

2020-11-03 12:05

Modified

2021-11-12 10:20

Summary

Moderate: GNOME security, bug fix, and enhancement update

Details

GNOME is the default desktop environment of AlmaLinux.

The following packages have been upgraded to a later upstream version: gnome-remote-desktop (0.1.8), pipewire (0.3.6), vte291 (0.52.4), webkit2gtk3 (2.28.4), xdg-desktop-portal (1.6.0), xdg-desktop-portal-gtk (1.6.0). (BZ#1775345, BZ#1779691, BZ#1817143, BZ#1832347, BZ#1837406)

Security Fix(es):

webkitgtk: Multiple security issues (CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925, CVE-2020-10018, CVE-2020-11793)
gnome-settings-daemon: AlmaLinux Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391)
LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://errata.almalinux.org/8/ALSA-2020-4451.html	ADVISORY
	https://vulners.com/cve/CVE-2019-8625	REPORT
	https://vulners.com/cve/CVE-2019-8710	REPORT
	https://vulners.com/cve/CVE-2019-8720	REPORT
	https://vulners.com/cve/CVE-2019-8743	REPORT
	https://vulners.com/cve/CVE-2019-8764	REPORT
	https://vulners.com/cve/CVE-2019-8766	REPORT
	https://vulners.com/cve/CVE-2019-8769	REPORT
	https://vulners.com/cve/CVE-2019-8771	REPORT
	https://vulners.com/cve/CVE-2019-8782	REPORT
	https://vulners.com/cve/CVE-2019-8783	REPORT
	https://vulners.com/cve/CVE-2019-8808	REPORT
	https://vulners.com/cve/CVE-2019-8811	REPORT
	https://vulners.com/cve/CVE-2019-8812	REPORT
	https://vulners.com/cve/CVE-2019-8813	REPORT
	https://vulners.com/cve/CVE-2019-8814	REPORT
	https://vulners.com/cve/CVE-2019-8815	REPORT
	https://vulners.com/cve/CVE-2019-8816	REPORT
	https://vulners.com/cve/CVE-2019-8819	REPORT
	https://vulners.com/cve/CVE-2019-8820	REPORT
	https://vulners.com/cve/CVE-2019-8823	REPORT
	https://vulners.com/cve/CVE-2019-8835	REPORT
	https://vulners.com/cve/CVE-2019-8844	REPORT
	https://vulners.com/cve/CVE-2019-8846	REPORT
	https://vulners.com/cve/CVE-2020-10018	REPORT
	https://vulners.com/cve/CVE-2020-11793	REPORT
	https://vulners.com/cve/CVE-2020-14391	REPORT
	https://vulners.com/cve/CVE-2020-15503	REPORT
	https://vulners.com/cve/CVE-2020-3862	REPORT
	https://vulners.com/cve/CVE-2020-3864	REPORT
	https://vulners.com/cve/CVE-2020-3865	REPORT
	https://vulners.com/cve/CVE-2020-3867	REPORT
	https://vulners.com/cve/CVE-2020-3868	REPORT
	https://vulners.com/cve/CVE-2020-3885	REPORT
	https://vulners.com/cve/CVE-2020-3894	REPORT
	https://vulners.com/cve/CVE-2020-3895	REPORT
	https://vulners.com/cve/CVE-2020-3897	REPORT
	https://vulners.com/cve/CVE-2020-3899	REPORT
	https://vulners.com/cve/CVE-2020-3900	REPORT
	https://vulners.com/cve/CVE-2020-3901	REPORT
	https://vulners.com/cve/CVE-2020-3902	REPORT
	https://vulners.com/cve/CVE-2020-9802	REPORT
	https://vulners.com/cve/CVE-2020-9803	REPORT
	https://vulners.com/cve/CVE-2020-9805	REPORT
	https://vulners.com/cve/CVE-2020-9806	REPORT
	https://vulners.com/cve/CVE-2020-9807	REPORT
	https://vulners.com/cve/CVE-2020-9843	REPORT
	https://vulners.com/cve/CVE-2020-9850	REPORT
	https://vulners.com/cve/CVE-2020-9862	REPORT
	https://vulners.com/cve/CVE-2020-9893	REPORT
	https://vulners.com/cve/CVE-2020-9894	REPORT
	https://vulners.com/cve/CVE-2020-9895	REPORT
	https://vulners.com/cve/CVE-2020-9915	REPORT
	https://vulners.com/cve/CVE-2020-9925	REPORT
	https://vulners.com/cve/CVE-2020-9952	REPORT
	https://vulners.com/cve/CVE-2021-30666	REPORT
	https://vulners.com/cve/CVE-2021-30761	REPORT
	https://vulners.com/cve/CVE-2021-30762	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "LibRaw-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.19.5-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "PackageKit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.12-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "PackageKit-command-not-found"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.12-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "PackageKit-cron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.12-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "PackageKit-glib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.12-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "PackageKit-glib-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.12-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "PackageKit-gstreamer-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.12-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "PackageKit-gtk3-module"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.12-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dleyna-renderer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.0-3.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "frei0r-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.1-7.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "frei0r-plugins"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.1-7.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "frei0r-plugins-opencv"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.1-7.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-remote-desktop"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.1.8-3.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gtk-doc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.28-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gvfs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.36.2-10.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libsoup"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.62.3-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libsoup-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.62.3-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mutter-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.2-48.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nautilus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.1-14.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nautilus-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.1-14.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "pipewire"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "pipewire-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "pipewire-doc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "pipewire-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "pipewire-utils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "pipewire0.2-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.7-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "pipewire0.2-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.7-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "potrace"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15-3.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "pygobject3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.3-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-gobject"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.3-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-gobject-base"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.3-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "tracker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.5-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "tracker-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.5-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "vte-profile"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.52.4-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "vte291"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.52.4-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "vte291-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.52.4-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webrtc-audio-processing"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3-9.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "xdg-desktop-portal-gtk"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.0-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "GNOME is the default desktop environment of AlmaLinux.\n\nThe following packages have been upgraded to a later upstream version: gnome-remote-desktop (0.1.8), pipewire (0.3.6), vte291 (0.52.4), webkit2gtk3 (2.28.4), xdg-desktop-portal (1.6.0), xdg-desktop-portal-gtk (1.6.0). (BZ#1775345, BZ#1779691, BZ#1817143, BZ#1832347, BZ#1837406)\n\nSecurity Fix(es):\n\n* webkitgtk: Multiple security issues (CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925, CVE-2020-10018, CVE-2020-11793)\n\n* gnome-settings-daemon: AlmaLinux Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391)\n\n* LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2020:4451",
  "modified": "2021-11-12T10:20:56Z",
  "published": "2020-11-03T12:05:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2020-4451.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8625"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8710"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8720"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8743"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8764"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8766"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8769"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8771"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8782"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8783"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8808"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8811"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8812"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8813"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8814"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8815"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8816"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8819"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8820"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8823"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8835"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8844"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8846"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-10018"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11793"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14391"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-15503"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3862"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3864"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3865"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3867"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3868"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3885"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3894"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3895"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3897"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3899"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3900"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3901"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3902"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9802"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9803"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9805"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9806"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9807"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9843"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9850"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9862"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9893"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9894"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9895"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9915"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9925"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9952"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30666"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30761"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30762"
    }
  ],
  "related": [
    "CVE-2019-8625",
    "CVE-2019-8710",
    "CVE-2019-8720",
    "CVE-2019-8743",
    "CVE-2019-8764",
    "CVE-2019-8766",
    "CVE-2019-8769",
    "CVE-2019-8771",
    "CVE-2019-8782",
    "CVE-2019-8783",
    "CVE-2019-8808",
    "CVE-2019-8811",
    "CVE-2019-8812",
    "CVE-2019-8813",
    "CVE-2019-8814",
    "CVE-2019-8815",
    "CVE-2019-8816",
    "CVE-2019-8819",
    "CVE-2019-8820",
    "CVE-2019-8823",
    "CVE-2019-8835",
    "CVE-2019-8844",
    "CVE-2019-8846",
    "CVE-2020-3862",
    "CVE-2020-3864",
    "CVE-2020-3865",
    "CVE-2020-3867",
    "CVE-2020-3868",
    "CVE-2020-3885",
    "CVE-2020-3894",
    "CVE-2020-3895",
    "CVE-2020-3897",
    "CVE-2020-3899",
    "CVE-2020-3900",
    "CVE-2020-3901",
    "CVE-2020-3902",
    "CVE-2020-9802",
    "CVE-2020-9803",
    "CVE-2020-9805",
    "CVE-2020-9806",
    "CVE-2020-9807",
    "CVE-2020-9843",
    "CVE-2020-9850",
    "CVE-2020-9862",
    "CVE-2020-9893",
    "CVE-2020-9894",
    "CVE-2020-9895",
    "CVE-2020-9915",
    "CVE-2020-9925",
    "CVE-2020-10018",
    "CVE-2020-11793",
    "CVE-2020-14391",
    "CVE-2020-15503"
  ],
  "summary": "Moderate: GNOME security, bug fix, and enhancement update"
}

CVE-2019-8625 (GCVE-0-2019-8625)

Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24

Summary

A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.

Severity ?

No CVSS data available.

CWE

Processing maliciously crafted web content may lead to universal cross site scripting

Assigner

apple

References

4 references

URL	Tags
https://support.apple.com/HT210635	x_refsource_MISC
https://support.apple.com/HT210636	x_refsource_MISC
https://support.apple.com/HT210637	x_refsource_MISC
https://security.gentoo.org/glsa/202003-22	vendor-advisoryx_refsource_GENTOO

Impacted products

4 products

Vendor	Product	Version
Apple	tvOS	Affected: unspecified , < tvOS 13 (custom)
Apple	iTunes for Windows	Affected: unspecified , < iTunes for Windows 12.10.1 (custom)
Apple	iCloud for Windows	Affected: unspecified , < iCloud for Windows 10.7 (custom)
Apple	iCloud for Windows (Legacy)	Affected: unspecified , < iCloud for Windows 7.14 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:24:29.136Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210635"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210636"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210637"
          },
          {
            "name": "GLSA-202003-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "tvOS 13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iTunes for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iTunes for Windows 12.10.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iCloud for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iCloud for Windows 10.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iCloud for Windows (Legacy)",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iCloud for Windows 7.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to universal cross site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-15T06:06:22.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210635"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210636"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210637"
        },
        {
          "name": "GLSA-202003-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-22"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8625",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "tvOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "tvOS 13"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iTunes for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iTunes for Windows 12.10.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iCloud for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iCloud for Windows 10.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iCloud for Windows (Legacy)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iCloud for Windows 7.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Processing maliciously crafted web content may lead to universal cross site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210635",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210635"
            },
            {
              "name": "https://support.apple.com/HT210636",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210636"
            },
            {
              "name": "https://support.apple.com/HT210637",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210637"
            },
            {
              "name": "GLSA-202003-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-22"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2019-8625",
    "datePublished": "2019-12-18T17:33:19.000Z",
    "dateReserved": "2019-02-18T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:24:29.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-8710 (GCVE-0-2019-8710)

Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24

Summary

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.

Severity ?

No CVSS data available.

CWE

Processing maliciously crafted web content may lead to arbitrary code execution

Assigner

apple

References

2 references

URL	Tags
https://support.apple.com/HT210727	x_refsource_MISC
https://security.gentoo.org/glsa/202003-22	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Apple	iCloud for Windows	Affected: unspecified , < iCloud for Windows 11.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:24:29.527Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210727"
          },
          {
            "name": "GLSA-202003-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iCloud for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iCloud for Windows 11.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to arbitrary code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-15T06:06:32.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210727"
        },
        {
          "name": "GLSA-202003-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-22"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8710",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iCloud for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iCloud for Windows 11.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Processing maliciously crafted web content may lead to arbitrary code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210727",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210727"
            },
            {
              "name": "GLSA-202003-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-22"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2019-8710",
    "datePublished": "2019-12-18T17:33:22.000Z",
    "dateReserved": "2019-02-18T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:24:29.527Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-8720 (GCVE-0-2019-8720)

Vulnerability from cvelistv5 – Published: 2023-03-06 00:00 – Updated: 2025-10-21 23:15

Summary

A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-119

Assigner

redhat

References

2 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1876611
https://webkitgtk.org/security/WSA-2019-0005.html

Impacted products

1 product

Vendor	Product	Version
n/a	webkitgtk	Affected: Fixed in webkitgtk 2.26.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:24:29.610Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876611"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://webkitgtk.org/security/WSA-2019-0005.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2019-8720",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T21:22:50.417013Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-05-23",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8720"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:24.508Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8720"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-05-23T00:00:00.000Z",
            "value": "CVE-2019-8720 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "webkitgtk",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in webkitgtk 2.26.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-06T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876611"
        },
        {
          "url": "https://webkitgtk.org/security/WSA-2019-0005.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-8720",
    "datePublished": "2023-03-06T00:00:00.000Z",
    "dateReserved": "2019-02-18T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:15:24.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-8743 (GCVE-0-2019-8743)

Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24

Summary

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.

Severity ?

No CVSS data available.

CWE

Processing maliciously crafted web content may lead to arbitrary code execution

Assigner

apple

References

2 references

URL	Tags
https://support.apple.com/HT210724	x_refsource_MISC
https://security.gentoo.org/glsa/202003-22	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Apple	watchOS	Affected: unspecified , < watchOS 6.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:24:29.613Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210724"
          },
          {
            "name": "GLSA-202003-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "watchOS 6.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to arbitrary code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-15T06:06:16.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210724"
        },
        {
          "name": "GLSA-202003-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-22"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8743",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "watchOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "watchOS 6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Processing maliciously crafted web content may lead to arbitrary code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210724",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210724"
            },
            {
              "name": "GLSA-202003-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-22"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2019-8743",
    "datePublished": "2019-12-18T17:33:21.000Z",
    "dateReserved": "2019-02-18T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:24:29.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-8764 (GCVE-0-2019-8764)

Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:31

Summary

A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting.

Severity ?

No CVSS data available.

CWE

Processing maliciously crafted web content may lead to universal cross site scripting

Assigner

apple

References

2 references

URL	Tags
https://support.apple.com/HT210724	x_refsource_MISC
https://security.gentoo.org/glsa/202003-22	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Apple	watchOS	Affected: unspecified , < watchOS 6.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:31:36.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210724"
          },
          {
            "name": "GLSA-202003-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "watchOS 6.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to universal cross site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-15T06:06:13.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210724"
        },
        {
          "name": "GLSA-202003-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-22"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8764",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "watchOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "watchOS 6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Processing maliciously crafted web content may lead to universal cross site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210724",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210724"
            },
            {
              "name": "GLSA-202003-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-22"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2019-8764",
    "datePublished": "2019-12-18T17:33:22.000Z",
    "dateReserved": "2019-02-18T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:31:36.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-8766 (GCVE-0-2019-8766)

Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:31

Summary

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.

Severity ?

No CVSS data available.

CWE

Processing maliciously crafted web content may lead to arbitrary code execution

Assigner

apple

References

3 references

URL	Tags
https://support.apple.com/HT210724	x_refsource_MISC
https://support.apple.com/HT210727	x_refsource_MISC
https://security.gentoo.org/glsa/202003-22	vendor-advisoryx_refsource_GENTOO

Impacted products

2 products

Vendor	Product	Version
Apple	watchOS	Affected: unspecified , < watchOS 6.1 (custom)
Apple	iCloud for Windows	Affected: unspecified , < iCloud for Windows 11.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:31:36.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210724"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210727"
          },
          {
            "name": "GLSA-202003-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "watchOS 6.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iCloud for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iCloud for Windows 11.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to arbitrary code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-15T06:06:07.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210724"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210727"
        },
        {
          "name": "GLSA-202003-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-22"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8766",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "watchOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "watchOS 6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iCloud for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iCloud for Windows 11.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Processing maliciously crafted web content may lead to arbitrary code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210724",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210724"
            },
            {
              "name": "https://support.apple.com/HT210727",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210727"
            },
            {
              "name": "GLSA-202003-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-22"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2019-8766",
    "datePublished": "2019-12-18T17:33:23.000Z",
    "dateReserved": "2019-02-18T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:31:36.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-8769 (GCVE-0-2019-8769)

Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:31

Summary

An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history.

Severity ?

No CVSS data available.

CWE

Visiting a maliciously crafted website may reveal browsing history

Assigner

apple

References

2 references

URL	Tags
https://support.apple.com/HT210634	x_refsource_MISC
https://security.gentoo.org/glsa/202003-22	vendor-advisoryx_refsource_GENTOO

Impacted products

2 products

Vendor	Product	Version
Apple	iOS	Affected: unspecified , < iOS 13.1 and iPadOS 13.1 (custom)
Apple	macOS	Affected: unspecified , < macOS Catalina 10.15 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:31:36.891Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210634"
          },
          {
            "name": "GLSA-202003-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iOS 13.1 and iPadOS 13.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "macOS Catalina 10.15",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Visiting a maliciously crafted website may reveal browsing history",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-15T06:06:24.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210634"
        },
        {
          "name": "GLSA-202003-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-22"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8769",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iOS 13.1 and iPadOS 13.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "macOS Catalina 10.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Visiting a maliciously crafted website may reveal browsing history"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210634",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210634"
            },
            {
              "name": "GLSA-202003-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-22"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2019-8769",
    "datePublished": "2019-12-18T17:33:22.000Z",
    "dateReserved": "2019-02-18T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:31:36.891Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-8771 (GCVE-0-2019-8771)

Vulnerability from cvelistv5 – Published: 2020-10-27 19:47 – Updated: 2024-08-04 21:31

Summary

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy.

Severity ?

No CVSS data available.

CWE

Maliciously crafted web content may violate iframe sandboxing policy

Assigner

apple

References

2 references

URL	Tags
https://support.apple.com/en-us/HT210606	x_refsource_MISC
https://support.apple.com/en-us/HT210605	x_refsource_MISC

Impacted products

2 products

Vendor	Product	Version
Apple	Safari	Affected: unspecified , < 13.0 (custom)
Apple	iOS	Affected: unspecified , < 13 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:31:37.050Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT210606"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT210605"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Maliciously crafted web content may violate iframe sandboxing policy",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-27T19:47:19.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT210606"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT210605"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8771",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Safari",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "13.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "13"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Maliciously crafted web content may violate iframe sandboxing policy"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT210606",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT210606"
            },
            {
              "name": "https://support.apple.com/en-us/HT210605",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT210605"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2019-8771",
    "datePublished": "2020-10-27T19:47:19.000Z",
    "dateReserved": "2019-02-18T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:31:37.050Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-8782 (GCVE-0-2019-8782)

Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:31

Summary

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.

Severity ?

No CVSS data available.

CWE

Processing maliciously crafted web content may lead to arbitrary code execution

Assigner

apple

References

6 references

URL	Tags
https://support.apple.com/HT210727	x_refsource_MISC
https://support.apple.com/HT210721	x_refsource_MISC
https://support.apple.com/HT210726	x_refsource_MISC
https://support.apple.com/HT210723	x_refsource_MISC
https://support.apple.com/HT210725	x_refsource_MISC
https://security.gentoo.org/glsa/202003-22	vendor-advisoryx_refsource_GENTOO

Impacted products

5 products

Vendor	Product	Version
Apple	iOS	Affected: unspecified , < iOS 13.2 and iPadOS 13.2 (custom)
Apple	tvOS	Affected: unspecified , < tvOS 13.2 (custom)
Apple	Safari	Affected: unspecified , < Safari 13.0.3 (custom)
Apple	iTunes for Windows	Affected: unspecified , < iTunes for Windows 12.10.2 (custom)
Apple	iCloud for Windows	Affected: unspecified , < iCloud for Windows 11.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:31:37.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210727"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210721"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210726"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210723"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210725"
          },
          {
            "name": "GLSA-202003-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iOS 13.2 and iPadOS 13.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "tvOS 13.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "Safari 13.0.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iTunes for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iTunes for Windows 12.10.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iCloud for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iCloud for Windows 11.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to arbitrary code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-15T06:06:29.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210727"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210721"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210726"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210723"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210725"
        },
        {
          "name": "GLSA-202003-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-22"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8782",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iOS 13.2 and iPadOS 13.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "tvOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "tvOS 13.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Safari",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "Safari 13.0.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iTunes for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iTunes for Windows 12.10.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iCloud for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iCloud for Windows 11.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Processing maliciously crafted web content may lead to arbitrary code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210727",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210727"
            },
            {
              "name": "https://support.apple.com/HT210721",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210721"
            },
            {
              "name": "https://support.apple.com/HT210726",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210726"
            },
            {
              "name": "https://support.apple.com/HT210723",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210723"
            },
            {
              "name": "https://support.apple.com/HT210725",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210725"
            },
            {
              "name": "GLSA-202003-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-22"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2019-8782",
    "datePublished": "2019-12-18T17:33:23.000Z",
    "dateReserved": "2019-02-18T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:31:37.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-8783 (GCVE-0-2019-8783)

Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:31

Summary

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.

Severity ?

No CVSS data available.

CWE

Processing maliciously crafted web content may lead to arbitrary code execution

Assigner

apple

References

7 references

URL	Tags
https://support.apple.com/HT210727	x_refsource_MISC
https://support.apple.com/HT210721	x_refsource_MISC
https://support.apple.com/HT210726	x_refsource_MISC
https://support.apple.com/HT210723	x_refsource_MISC
https://support.apple.com/HT210728	x_refsource_MISC
https://support.apple.com/HT210725	x_refsource_MISC
https://security.gentoo.org/glsa/202003-22	vendor-advisoryx_refsource_GENTOO

Impacted products

6 products

Vendor	Product	Version
Apple	iOS	Affected: unspecified , < iOS 13.2 and iPadOS 13.2 (custom)
Apple	tvOS	Affected: unspecified , < tvOS 13.2 (custom)
Apple	Safari	Affected: unspecified , < Safari 13.0.3 (custom)
Apple	iTunes for Windows	Affected: unspecified , < iTunes for Windows 12.10.2 (custom)
Apple	iCloud for Windows	Affected: unspecified , < iCloud for Windows 11.0 (custom)
Apple	iCloud for Windows (Legacy)	Affected: unspecified , < iCloud for Windows 7.15 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:31:37.219Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210727"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210721"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210726"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210723"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210728"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210725"
          },
          {
            "name": "GLSA-202003-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iOS 13.2 and iPadOS 13.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "tvOS 13.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "Safari 13.0.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iTunes for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iTunes for Windows 12.10.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iCloud for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iCloud for Windows 11.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iCloud for Windows (Legacy)",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iCloud for Windows 7.15",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to arbitrary code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-15T06:06:25.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210727"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210721"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210726"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210723"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210728"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210725"
        },
        {
          "name": "GLSA-202003-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-22"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8783",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iOS 13.2 and iPadOS 13.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "tvOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "tvOS 13.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Safari",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "Safari 13.0.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iTunes for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iTunes for Windows 12.10.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iCloud for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iCloud for Windows 11.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iCloud for Windows (Legacy)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iCloud for Windows 7.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Processing maliciously crafted web content may lead to arbitrary code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210727",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210727"
            },
            {
              "name": "https://support.apple.com/HT210721",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210721"
            },
            {
              "name": "https://support.apple.com/HT210726",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210726"
            },
            {
              "name": "https://support.apple.com/HT210723",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210723"
            },
            {
              "name": "https://support.apple.com/HT210728",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210728"
            },
            {
              "name": "https://support.apple.com/HT210725",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210725"
            },
            {
              "name": "GLSA-202003-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-22"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2019-8783",
    "datePublished": "2019-12-18T17:33:24.000Z",
    "dateReserved": "2019-02-18T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:31:37.219Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2020:4451

Vulnerability from osv_almalinux

CVE-2019-8625 (GCVE-0-2019-8625)

CVE-2019-8710 (GCVE-0-2019-8710)

CVE-2019-8720 (GCVE-0-2019-8720)

CVE-2019-8743 (GCVE-0-2019-8743)

CVE-2019-8764 (GCVE-0-2019-8764)

CVE-2019-8766 (GCVE-0-2019-8766)

CVE-2019-8769 (GCVE-0-2019-8769)

CVE-2019-8771 (GCVE-0-2019-8771)

CVE-2019-8782 (GCVE-0-2019-8782)

CVE-2019-8783 (GCVE-0-2019-8783)

Tags

Sightings

Nomenclature