11042 Mac OS
- The remote host is running a version of macOS / Mac OS X that is prior to 10.15. But has instead relied only on the operating system's self., CVE-2019-11042.
- Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012.
11042 Mac Os X
The maximum version of Mac OS X, OS X, or macOS supported by each G3 and later Mac follows. For complete specs on a particular system, click the name of the Mac. For all Macs that are compatible with a specifc maximum supported version of Mac OS X - courtesy of EveryMac.com's Ultimate Mac Sort - click the OS of interest.
Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2019-11042 | First vendor Publication | 2019-08-09 |
| Vendor | Cve | Last vendor Modification | 2020-10-02 |
Security-Database Scoring CVSS v3
11042 Mac Os Catalina
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 7.1 | ||
| Base Score | 7.1 | Environmental Score | 7.1 |
| impact SubScore | 4.2 | Temporal Score | 7.1 |
| Exploitabality Sub Score | 2.8 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | None | User Interaction | Required |
| Scope | Unchanged | Confidentiality Impact | Low |
| Integrity Impact | None | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5.8 | Attack Range | Network |
| Cvss Impact Score | 4.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11042 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-125 | Out-of-bounds Read |
Sources (Detail)
| Source | Url |
|---|---|
| BUGTRAQ | https://seclists.org/bugtraq/2019/Oct/9 https://seclists.org/bugtraq/2019/Sep/35 https://seclists.org/bugtraq/2019/Sep/38 |
| CONFIRM | https://bugs.php.net/bug.php?id=78256 https://security.netapp.com/advisory/ntap-20190822-0003/ https://support.apple.com/kb/HT210634 https://support.apple.com/kb/HT210722 |
| DEBIAN | https://www.debian.org/security/2019/dsa-4527 https://www.debian.org/security/2019/dsa-4529 |
| FULLDISC | http://seclists.org/fulldisclosure/2019/Oct/15 http://seclists.org/fulldisclosure/2019/Oct/55 |
| MLIST | https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html |
| REDHAT | https://access.redhat.com/errata/RHSA-2019:3299 |
| SUSE | http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html |
| UBUNTU | https://usn.ubuntu.com/4097-1/ https://usn.ubuntu.com/4097-2/ |
Alert History
If you want to see full details history, please login or register.
| Date | Informations |
|---|---|
| 2021-04-22 02:37:41 |
|
| 2021-04-09 01:28:08 |
|
| 2021-04-08 01:27:59 |
|
| 2020-10-02 21:22:59 |
|
| 2020-05-23 02:21:24 |
|
| 2019-10-09 12:10:54 |
|
| 2019-10-09 01:11:09 |
|
| 2019-10-07 12:01:09 |
|
| 2019-09-25 01:10:38 |
|
| 2019-09-21 12:04:50 |
|
| 2019-08-22 13:19:39 |
|
| 2019-08-16 21:19:39 |
|
| 2019-08-14 05:18:56 |
|
| 2019-08-13 09:19:10 |
|
| 2019-08-12 05:19:35 |
|
| 2019-08-10 05:19:49 |
|