CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0397
https://notcve.org/view.php?id=CVE-2018-0397
A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. The vulnerability exists if the affected software is running in Block network conviction mode. Exploitation could occur if the system that is running the affected software starts a server process and an address in the IP blacklist cache of the affected software attempts to connect to the affected system. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition. Cisco Bug IDs: CSCvk08192. • http://www.securityfocus.com/bid/104946 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-fampmac • CWE-399: Resource Management Errors •
CVSS: 8.0EPSS: 0%CPEs: 9EXPL: 0CVE-2018-5383 – Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
https://notcve.org/view.php?id=CVE-2018-5383
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. El firmware bluetooth o los controladores de software del sistema operativo en versiones de macOS anteriores a la 10.13, versiones High Sierra e iOS anteriores a la 11.4 y versiones de Android anteriores al parche del 05/06/2018, podrían no validar lo suficiente parámetros de curva elíptica empleados para generar claves públicas durante un intercambio de claves Diffie-Hellman, lo que podría permitir que un atacante remoto obtenga la clave de cifrado empleada por el dispositivo. A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service. • http://www.cs.technion.ac.il/~biham/BT http://www.securityfocus.com/bid/104879 http://www.securitytracker.com/id/1041432 https://access.redhat.com/errata/RHSA-2019:2169 https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4095-1 https://usn.ubuntu.com/4095-2 https://usn.ubuntu.com/4118-1 https://usn.ubuntu.com/4351-1 https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig- • CWE-325: Missing Cryptographic Step CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-4180 – cups: Local privilege escalation to root due to insecure environment variable handling
https://notcve.org/view.php?id=CVE-2018-4180
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. En macOS High Sierra en versiones anteriores a la 10.13.5, existía un problema en CUPS. Este problema se abordó mediante la mejora de las restricciones de acceso. It was discovered that CUPS allows non-root users to pass environment variables to CUPS backends. • https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html https://security.gentoo.org/glsa/201908-08 https://support.apple.com/HT208849 https://usn.ubuntu.com/3713-1 https://www.debian.org/security/2018/dsa-4243 https://access.redhat.com/security/cve/CVE-2018-4180 https://bugzilla.redhat.com/show_bug.cgi?id=1607282 • CWE-642: External Control of Critical State Data •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4183
https://notcve.org/view.php?id=CVE-2018-4183
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions. En macOS High Sierra en versiones anteriores a la 10.13.5, se abordó un problema de acceso con restricciones adicionales del sandbox. • https://bugzilla.redhat.com/show_bug.cgi?id=1607284 https://security.gentoo.org/glsa/201908-08 https://support.apple.com/HT208849 https://www.debian.org/security/2018/dsa-4243 •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4182
https://notcve.org/view.php?id=CVE-2018-4182
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. En macOS High Sierra en versiones anteriores a la 10.13.5, se abordó un problema de acceso con restricciones adicionales del sandbox en CUPS. • https://access.redhat.com/security/cve/cve-2018-4182 https://security.gentoo.org/glsa/201908-08 https://support.apple.com/HT208849 https://www.debian.org/security/2018/dsa-4243 •