Page 124 of 2055 results (0.022 seconds)

CVSS: 8.0EPSS: 0%CPEs: 9EXPL: 0

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. El firmware bluetooth o los controladores de software del sistema operativo en versiones de macOS anteriores a la 10.13, versiones High Sierra e iOS anteriores a la 11.4 y versiones de Android anteriores al parche del 05/06/2018, podrían no validar lo suficiente parámetros de curva elíptica empleados para generar claves públicas durante un intercambio de claves Diffie-Hellman, lo que podría permitir que un atacante remoto obtenga la clave de cifrado empleada por el dispositivo. A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service. • http://www.cs.technion.ac.il/~biham/BT http://www.securityfocus.com/bid/104879 http://www.securitytracker.com/id/1041432 https://access.redhat.com/errata/RHSA-2019:2169 https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4095-1 https://usn.ubuntu.com/4095-2 https://usn.ubuntu.com/4118-1 https://usn.ubuntu.com/4351-1 https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig- • CWE-325: Missing Cryptographic Step CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. En macOS High Sierra en versiones anteriores a la 10.13.5, se abordó un problema de acceso con restricciones adicionales del sandbox en CUPS. • https://access.redhat.com/security/cve/cve-2018-4182 https://security.gentoo.org/glsa/201908-08 https://support.apple.com/HT208849 https://www.debian.org/security/2018/dsa-4243 •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions. En macOS High Sierra en versiones anteriores a la 10.13.5, se abordó un problema de acceso con restricciones adicionales del sandbox. • https://bugzilla.redhat.com/show_bug.cgi?id=1607284 https://security.gentoo.org/glsa/201908-08 https://support.apple.com/HT208849 https://www.debian.org/security/2018/dsa-4243 •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. En macOS High Sierra en versiones anteriores a la 10.13.5, existía un problema en CUPS. Este problema se abordó mediante la mejora de las restricciones de acceso. It was discovered that CUPS allows non-root users to pass environment variables to CUPS backends. • https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html https://security.gentoo.org/glsa/201908-08 https://support.apple.com/HT208849 https://usn.ubuntu.com/3713-1 https://www.debian.org/security/2018/dsa-4243 https://access.redhat.com/security/cve/CVE-2018-4180 https://bugzilla.redhat.com/show_bug.cgi?id=1607282 • CWE-642: External Control of Critical State Data •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. En macOS High Sierra en versiones anteriores a la 10.13.5, existía un problema en CUPS. Este problema se abordó mediante la mejora de las restricciones de acceso. • https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html https://security.gentoo.org/glsa/201908-08 https://support.apple.com/HT208849 https://usn.ubuntu.com/3713-1 https://www.debian.org/security/2018/dsa-4243 https://access.redhat.com/security/cve/CVE-2018-4181 https://bugzilla.redhat.com/show_bug.cgi?id=1607291 • CWE-266: Incorrect Privilege Assignment •