Details of VAR-201906-1114

ID

VAR-201906-1114

CVE

CVE-2018-19860

TITLE

Broadcom BCM4335C0 and BCM43438A1 Firmware vulnerabilities related to authorization, authority, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-015613

DESCRIPTION

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command. Broadcom BCM4335C0 and BCM43438A1 Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to a remote code execution vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of a privileged process. Failed exploits may result in denial-of-service conditions. This issue is being tracked by Android Bug ID A-122249979. Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance (OHA). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra address the following: AppleGraphicsControl Available for: macOS Mojave 10.14.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8693: Arash Tohidi of Solita autofs Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper Description: This was addressed with additional checks by Gatekeeper on files mounted through a network share. CVE-2019-8656: Filippo Cavallarin Bluetooth Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-19860 Bluetooth Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB) Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of University of Oxford, England Entry added August 13, 2019 Carbon Core Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8661: Natalie Silvanovich of Google Project Zero Core Data Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Core Data Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project Zero Disk Management Available for: macOS Mojave 10.14.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8697: ccpwd working with Trend Micro's Zero Day Initiative FaceTime Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu Found in Apps Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to leak memory Description: This issue was addressed with improved checks. CVE-2019-8663: Natalie Silvanovich of Google Project Zero Foundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project Zero Grapher Available for: macOS Mojave 10.14.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8695: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Graphics Drivers Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8691: Aleksandr Tarasikov (@astarasikov), Arash Tohidi of Solita, Lilang Wu and Moony Li of Trend Micro's Mobile Security Research Team working with Trend Micro's Zero Day Initiative CVE-2019-8692: Lilang Wu and Moony Li of Trend Micro Mobile Security Research Team working with Trend Micro's Zero Day Initiative Heimdal Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team and Catalyst IOAcceleratorFamily Available for: macOS Mojave 10.14.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8694: Arash Tohidi of Solita libxslt Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with improved input validation. CVE-2019-13118: found by OSS-Fuzz Quick Look Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary Description: This issue was addressed with improved checks. CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project Zero Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8697: ccpwd working with Trend Micro's Zero Day Initiative Siri Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Time Machine Available for: macOS Mojave 10.14.5 Impact: The encryption status of a Time Machine backup may be incorrect Description: An inconsistent user interface issue was addressed with improved state management. CVE-2019-8667: Roland Kletzing of cyber:con GmbH UIFoundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Additional recognition Classroom We would like to acknowledge Jeff Johnson of underpassapp.com for their assistance. Game Center We would like to acknowledge Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc. for their assistance. Installation note: macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl1S688pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3Hiog/+ PcWPEhxDpnU1ctoVPhyoqkV1tUs8z3hdNyX/tPtQZIQVFB7No1Md0GX8Zrv2libb LwrbU25ewe82XE9Es6ngxTdkRaREn8+hm9gxYPCMDXyKRlv904Q1b4zthYUt7/NO 7RG6ZRHEINOQORzrDsmgT/X6TukIy73HNob+4xZJTdJe9ZU3/zDCaqUgyUJSodou vsVFR3oqkwbVby4eT9+YbxJWMvVoFfB1+Qqo1w9kN7WXcYK3gb7sGtnNQlrE70kR pLRogcmwTQsi+sTm8bxQsuXXjdtTHeeCf0FRJg8NY5wZmdV9lNOghtmNxfTwIuir VeWusIgZWaK7IbgHW3PRYv3Sbrk40zcOraDsPv2rdgjOj4ReVyKHw5/f5Fyhcn+v WnIC4iNIBurz0HZU91QqD58Sqp+HtWl8xkM3ZW+Kd9LjnLty3fNw6Au5Aw8DTHzN 5F+lz7JRVV3+j7AYELog3WV6mdzMKW85gJRJtwXJ8hHSYZnvat06faFlPcDiKjBW rW7BehRykZpmZtaSZjL25IeOuXJHHdRfvabuTZ3nk47SSn7EJJ3xFBnvw6TgVFX+ TvmcUg5FinTSR81NkIY0ux6x1kuV/4vIUGZ4O0Houf/FoUhMQvig9ZkSw2B+Ynbd Xl3qBT4SVPWQyFAvjHwjCZA+GpNsnEKgZm8SlYVgqog= =tCwo -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2018-19860 // JVNDB: JVNDB-2018-015613 // BID: 108277 // VULHUB: VHN-130562 // PACKETSTORM: 153723 // PACKETSTORM: 154054

AFFECTED PRODUCTS

vendor:	cypress	model:	cyw20733a2kml1gt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20733a2kfb1gt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20706ua1kffb4g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20707va2pkwbgt	scope:	eq	version:	-	Trust: 1.0
vendor:	broadcom	model:	bcm43438a1	scope:	eq	version:	2014-06-02	Trust: 1.0
vendor:	cypress	model:	cyw4343w1kubgt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20704ua1kffb1g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20705a1kwfbgt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20702b0kwfbgt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw4343wkwbgt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20730a1kml2gt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20730a1kmlg	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20705b0kwfbg	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20733a2kml1g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20734ua1kffb3g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20733a3kfb1g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20734ua2kffb3g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20704ua2kffb1g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20704ua2kffb1gt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20707va1pkwbgt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw89335l2cubgt	scope:	eq	version:	-	Trust: 1.0
vendor:	broadcom	model:	bcm4335c0	scope:	eq	version:	2012-12-11	Trust: 1.0
vendor:	cypress	model:	cyw20702a1kwfbgt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20704ua1kffb1gt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20707ua2kffb4gt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20703ua1kffb1gt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20707ua1kffb4g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20707a2kubgt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20733a3kfb1gt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20706ua1kffb1gt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20730a2kfbg	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw4354xkubgt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20730a1kmlgt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20733a3kml1gt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20702b0kwfbg	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw89072brfb5gt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20730a2kfbgt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20730a1kml2g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20730a1kfbgt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20730a2kml2g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw89071a1cubxgt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw89335lcubgt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20707ua2kffb4g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20733a1kfb1gt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20730a1kfbg	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20707ua1kffb4gt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20733a3kml1g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20702a1kwfbg	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20703ua1kffb1g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw4354kkwbgt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20730a2kml2gt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20733a3kfb2gt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20733a2kfb1g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20706ua1kffb1g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20705b0kwfbgt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20707ua1kffb1g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20734ua2kffb3gt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20706ua2kffb4gt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw43438kubgt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw89072brfb5g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20706ua2kffb4g	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw4343wkubgt	scope:	eq	version:	-	Trust: 1.0
vendor:	cypress	model:	cyw20734ua1kffb3gt	scope:	eq	version:	-	Trust: 1.0
vendor:	broadcom	model:	bcm43438a1	scope:	-	version:	-	Trust: 0.8
vendor:	broadcom	model:	bcm4355c0	scope:	-	version:	-	Trust: 0.8
vendor:	cypress	model:	cyw20702a1kwfbg	scope:	-	version:	-	Trust: 0.8
vendor:	cypress	model:	cyw20702a1kwfbgt	scope:	-	version:	-	Trust: 0.8
vendor:	cypress	model:	cyw20702b0kwfbg	scope:	-	version:	-	Trust: 0.8
vendor:	cypress	model:	cyw20702b0kwfbgt	scope:	-	version:	-	Trust: 0.8
vendor:	cypress	model:	cyw20703ua1kffb1g	scope:	-	version:	-	Trust: 0.8
vendor:	cypress	model:	cyw20703ua1kffb1gt	scope:	-	version:	-	Trust: 0.8
vendor:	cypress	model:	cyw20704ua1kffb1g	scope:	-	version:	-	Trust: 0.8
vendor:	cypress	model:	cyw20704ua1kffb1gt	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3

sources: BID: 108277 // JVNDB: JVNDB-2018-015613 // NVD: CVE-2018-19860

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-19860
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-19860
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201905-176
value:	HIGH
Trust: 0.6
VULHUB:	VHN-130562
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-19860
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-130562
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-19860
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-130562 // JVNDB: JVNDB-2018-015613 // CNNVD: CNNVD-201905-176 // NVD: CVE-2018-19860

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-130562 // JVNDB: JVNDB-2018-015613 // NVD: CVE-2018-19860

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201905-176

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201905-176

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015613

PATCH

title:	Product Security Center	url:	https://www.broadcom.com/support/resources/product-security-center	Trust: 0.8
title:	Android Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92320	Trust: 0.6

sources: JVNDB: JVNDB-2018-015613 // CNNVD: CNNVD-201905-176

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19860	Trust: 3.0
db:	BID	id:	108277	Trust: 1.0
db:	JVNDB	id:	JVNDB-2018-015613	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-176	Trust: 0.7
db:	PACKETSTORM	id:	153723	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2743	Trust: 0.6
db:	VULHUB	id:	VHN-130562	Trust: 0.1
db:	PACKETSTORM	id:	154054	Trust: 0.1

sources: VULHUB: VHN-130562 // BID: 108277 // JVNDB: JVNDB-2018-015613 // PACKETSTORM: 153723 // PACKETSTORM: 154054 // CNNVD: CNNVD-201905-176 // NVD: CVE-2018-19860

REFERENCES

url:	https://source.android.com/security/bulletin/2019-05-01	Trust: 2.8
url:	https://seclists.org/bugtraq/2019/aug/21	Trust: 1.7
url:	https://support.apple.com/kb/ht210348	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2019/jul/22	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2019/aug/11	Trust: 1.7
url:	https://www.broadcom.com/support/resources/product-security-center	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19860	Trust: 1.6
url:	http://www.android.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19860	Trust: 0.8
url:	https://support.apple.com/en-au/ht210348	Trust: 0.6
url:	https://packetstormsecurity.com/files/153723/apple-security-advisory-2019-7-22-2.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-may-2019-29239	Trust: 0.6
url:	https://www.securityfocus.com/bid/108277	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-29859	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2743/	Trust: 0.6
url:	https://support.apple.com/en-us/ht210348	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8691	Trust: 0.2
url:	https://support.apple.com/kb/ht201222	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16860	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8695	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8692	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8646	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8694	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13118	Trust: 0.2
url:	https://support.apple.com/downloads/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8693	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8663	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8656	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8648	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8641	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8660	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8657	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8667	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8697	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8662	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8661	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/>	Trust: 0.1
url:	https://support.apple.com/downloads/>	Trust: 0.1
url:	https://support.apple.com/kb/ht201222>	Trust: 0.1
url:	http://underpassapp.com/>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8670	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9506	Trust: 0.1

sources: VULHUB: VHN-130562 // BID: 108277 // JVNDB: JVNDB-2018-015613 // PACKETSTORM: 153723 // PACKETSTORM: 154054 // CNNVD: CNNVD-201905-176 // NVD: CVE-2018-19860

CREDITS

Apple

Trust: 0.8

sources: PACKETSTORM: 153723 // PACKETSTORM: 154054 // CNNVD: CNNVD-201905-176

SOURCES

db:	VULHUB	id:	VHN-130562
db:	BID	id:	108277
db:	JVNDB	id:	JVNDB-2018-015613
db:	PACKETSTORM	id:	153723
db:	PACKETSTORM	id:	154054
db:	CNNVD	id:	CNNVD-201905-176
db:	NVD	id:	CVE-2018-19860

LAST UPDATE DATE

2024-11-23T19:48:35.638000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-130562	date:	2020-08-24T00:00:00
db:	BID	id:	108277	date:	2019-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-015613	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201905-176	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2018-19860	date:	2024-11-21T03:58:42.217

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-130562	date:	2019-06-07T00:00:00
db:	BID	id:	108277	date:	2019-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-015613	date:	2019-06-20T00:00:00
db:	PACKETSTORM	id:	153723	date:	2019-07-23T18:02:22
db:	PACKETSTORM	id:	154054	date:	2019-08-14T18:32:22
db:	CNNVD	id:	CNNVD-201905-176	date:	2019-05-07T00:00:00
db:	NVD	id:	CVE-2018-19860	date:	2019-06-07T17:29:00.740