CVE-2018-5383 – Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
https://notcve.org/view.php?id=CVE-2018-5383
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. El firmware bluetooth o los controladores de software del sistema operativo en versiones de macOS anteriores a la 10.13, versiones High Sierra e iOS anteriores a la 11.4 y versiones de Android anteriores al parche del 05/06/2018, podrían no validar lo suficiente parámetros de curva elíptica empleados para generar claves públicas durante un intercambio de claves Diffie-Hellman, lo que podría permitir que un atacante remoto obtenga la clave de cifrado empleada por el dispositivo. A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service. • http://www.cs.technion.ac.il/~biham/BT http://www.securityfocus.com/bid/104879 http://www.securitytracker.com/id/1041432 https://access.redhat.com/errata/RHSA-2019:2169 https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4095-1 https://usn.ubuntu.com/4095-2 https://usn.ubuntu.com/4118-1 https://usn.ubuntu.com/4351-1 https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig- • CWE-325: Missing Cryptographic Step CWE-347: Improper Verification of Cryptographic Signature •
CVE-2018-4182
https://notcve.org/view.php?id=CVE-2018-4182
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. En macOS High Sierra en versiones anteriores a la 10.13.5, se abordó un problema de acceso con restricciones adicionales del sandbox en CUPS. • https://access.redhat.com/security/cve/cve-2018-4182 https://security.gentoo.org/glsa/201908-08 https://support.apple.com/HT208849 https://www.debian.org/security/2018/dsa-4243 •
CVE-2018-4183
https://notcve.org/view.php?id=CVE-2018-4183
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions. En macOS High Sierra en versiones anteriores a la 10.13.5, se abordó un problema de acceso con restricciones adicionales del sandbox. • https://bugzilla.redhat.com/show_bug.cgi?id=1607284 https://security.gentoo.org/glsa/201908-08 https://support.apple.com/HT208849 https://www.debian.org/security/2018/dsa-4243 •
CVE-2018-4180 – cups: Local privilege escalation to root due to insecure environment variable handling
https://notcve.org/view.php?id=CVE-2018-4180
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. En macOS High Sierra en versiones anteriores a la 10.13.5, existía un problema en CUPS. Este problema se abordó mediante la mejora de las restricciones de acceso. It was discovered that CUPS allows non-root users to pass environment variables to CUPS backends. • https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html https://security.gentoo.org/glsa/201908-08 https://support.apple.com/HT208849 https://usn.ubuntu.com/3713-1 https://www.debian.org/security/2018/dsa-4243 https://access.redhat.com/security/cve/CVE-2018-4180 https://bugzilla.redhat.com/show_bug.cgi?id=1607282 • CWE-642: External Control of Critical State Data •
CVE-2018-4181 – cups: Manipulation of cupsd.conf by a local attacker resulting in limited reads of arbitrary files as root
https://notcve.org/view.php?id=CVE-2018-4181
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. En macOS High Sierra en versiones anteriores a la 10.13.5, existía un problema en CUPS. Este problema se abordó mediante la mejora de las restricciones de acceso. • https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html https://security.gentoo.org/glsa/201908-08 https://support.apple.com/HT208849 https://usn.ubuntu.com/3713-1 https://www.debian.org/security/2018/dsa-4243 https://access.redhat.com/security/cve/CVE-2018-4181 https://bugzilla.redhat.com/show_bug.cgi?id=1607291 • CWE-266: Incorrect Privilege Assignment •