CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4335
https://notcve.org/view.php?id=CVE-2018-4335
A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12. Un problema de validación se abordó con un saneamiento de entradas mejorado. Este problema afectaba a iOS en versiones anteriores a la 12. • https://support.apple.com/kb/HT209106 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-4363
https://notcve.org/view.php?id=CVE-2018-4363
An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5. Existía un problema de validación de entradas en el kernel. Este problema se abordó con una validación de entradas mejorada. • https://support.apple.com/kb/HT209106 https://support.apple.com/kb/HT209107 https://support.apple.com/kb/HT209108 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-4307
https://notcve.org/view.php?id=CVE-2018-4307
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12. Un problema de lógica se abordó con una gestión de estado mejorada. Este problema afectaba a iOS en versiones anteriores a la 12 y Safari en versiones anteriores a la 12. • https://support.apple.com/kb/HT209106 https://support.apple.com/kb/HT209109 • CWE-20: Improper Input Validation •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4325
https://notcve.org/view.php?id=CVE-2018-4325
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12. Se abordó un problema de lógica con restricciones mejoradas. Este problema afectaba a iOS en versiones anteriores a la 12. • https://support.apple.com/kb/HT209106 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 0%CPEs: 9EXPL: 0CVE-2018-5383 – Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
https://notcve.org/view.php?id=CVE-2018-5383
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. El firmware bluetooth o los controladores de software del sistema operativo en versiones de macOS anteriores a la 10.13, versiones High Sierra e iOS anteriores a la 11.4 y versiones de Android anteriores al parche del 05/06/2018, podrían no validar lo suficiente parámetros de curva elíptica empleados para generar claves públicas durante un intercambio de claves Diffie-Hellman, lo que podría permitir que un atacante remoto obtenga la clave de cifrado empleada por el dispositivo. A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service. • http://www.cs.technion.ac.il/~biham/BT http://www.securityfocus.com/bid/104879 http://www.securitytracker.com/id/1041432 https://access.redhat.com/errata/RHSA-2019:2169 https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4095-1 https://usn.ubuntu.com/4095-2 https://usn.ubuntu.com/4118-1 https://usn.ubuntu.com/4351-1 https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig- • CWE-325: Missing Cryptographic Step CWE-347: Improper Verification of Cryptographic Signature •