CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-4321
https://notcve.org/view.php?id=CVE-2018-4321
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12. Existía un problema de validación en la verificación de autorización. Este problema se abordó con una validación mejorada de la autorización de procesos. • https://support.apple.com/kb/HT209106 https://support.apple.com/kb/HT209107 https://support.apple.com/kb/HT209139 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-4336
https://notcve.org/view.php?id=CVE-2018-4336
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. Un problema de corrupción de memoria se abordó con una gestión de memoria mejorada. Este problema afectaba a iOS en versiones anteriores a la 12, macOS Mojave en versiones anteriores a la 10.14, tvOS en versiones anteriores a la 12, watchOS en versiones anteriores a la 5. • https://support.apple.com/kb/HT209106 https://support.apple.com/kb/HT209107 https://support.apple.com/kb/HT209108 https://support.apple.com/kb/HT209139 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4338 – Apple macOS AirPort BrcmNIC Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-4338
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. Un problema de validación se abordó con un saneamiento de entradas mejorado. Este problema afectaba a macOS Mojave en versiones anteriores a la 10.14. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. • https://support.apple.com/kb/HT209139 • CWE-20: Improper Input Validation •
CVSS: 8.0EPSS: 0%CPEs: 9EXPL: 0CVE-2018-5383 – Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
https://notcve.org/view.php?id=CVE-2018-5383
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. El firmware bluetooth o los controladores de software del sistema operativo en versiones de macOS anteriores a la 10.13, versiones High Sierra e iOS anteriores a la 11.4 y versiones de Android anteriores al parche del 05/06/2018, podrían no validar lo suficiente parámetros de curva elíptica empleados para generar claves públicas durante un intercambio de claves Diffie-Hellman, lo que podría permitir que un atacante remoto obtenga la clave de cifrado empleada por el dispositivo. A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service. • http://www.cs.technion.ac.il/~biham/BT http://www.securityfocus.com/bid/104879 http://www.securitytracker.com/id/1041432 https://access.redhat.com/errata/RHSA-2019:2169 https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4095-1 https://usn.ubuntu.com/4095-2 https://usn.ubuntu.com/4118-1 https://usn.ubuntu.com/4351-1 https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig- • CWE-325: Missing Cryptographic Step CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4182
https://notcve.org/view.php?id=CVE-2018-4182
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. En macOS High Sierra en versiones anteriores a la 10.13.5, se abordó un problema de acceso con restricciones adicionales del sandbox en CUPS. • https://access.redhat.com/security/cve/cve-2018-4182 https://security.gentoo.org/glsa/201908-08 https://support.apple.com/HT208849 https://www.debian.org/security/2018/dsa-4243 •