CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-4329
https://notcve.org/view.php?id=CVE-2018-4329
Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12. Limpiar un elemento del historial podría no limpiar las visitas con cadenas de redirección. Este problema se abordó con una supresión de datos mejorada. • https://support.apple.com/kb/HT209106 https://support.apple.com/kb/HT209109 • CWE-19: Data Processing Errors •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4322
https://notcve.org/view.php?id=CVE-2018-4322
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12. Este problema se abordó con autorizaciones mejoradas. Este problema afectaba a iOS en versiones anteriores a la 12. • https://support.apple.com/kb/HT209106 • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4352
https://notcve.org/view.php?id=CVE-2018-4352
A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. This issue affected versions prior to iOS 12. Existía un problema de consistencia en la gestión de las instantáneas de aplicación. El problema se abordó con una gestión de borrado de notas mejorada. • https://support.apple.com/kb/HT209106 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4356
https://notcve.org/view.php?id=CVE-2018-4356
A permissions issue existed. This issue was addressed with improved permission validation. This issue affected versions prior to iOS 12. Existía un problema de permisos. Este problema se abordó con una validación de permisos mejorada. • https://support.apple.com/kb/HT209106 •
CVSS: 8.0EPSS: 0%CPEs: 9EXPL: 0CVE-2018-5383 – Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
https://notcve.org/view.php?id=CVE-2018-5383
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. El firmware bluetooth o los controladores de software del sistema operativo en versiones de macOS anteriores a la 10.13, versiones High Sierra e iOS anteriores a la 11.4 y versiones de Android anteriores al parche del 05/06/2018, podrían no validar lo suficiente parámetros de curva elíptica empleados para generar claves públicas durante un intercambio de claves Diffie-Hellman, lo que podría permitir que un atacante remoto obtenga la clave de cifrado empleada por el dispositivo. A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service. • http://www.cs.technion.ac.il/~biham/BT http://www.securityfocus.com/bid/104879 http://www.securitytracker.com/id/1041432 https://access.redhat.com/errata/RHSA-2019:2169 https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4095-1 https://usn.ubuntu.com/4095-2 https://usn.ubuntu.com/4118-1 https://usn.ubuntu.com/4351-1 https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig- • CWE-325: Missing Cryptographic Step CWE-347: Improper Verification of Cryptographic Signature •