CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4322
https://notcve.org/view.php?id=CVE-2018-4322
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12. Este problema se abordó con autorizaciones mejoradas. Este problema afectaba a iOS en versiones anteriores a la 12. • https://support.apple.com/kb/HT209106 • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4352
https://notcve.org/view.php?id=CVE-2018-4352
A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. This issue affected versions prior to iOS 12. Existía un problema de consistencia en la gestión de las instantáneas de aplicación. El problema se abordó con una gestión de borrado de notas mejorada. • https://support.apple.com/kb/HT209106 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4356
https://notcve.org/view.php?id=CVE-2018-4356
A permissions issue existed. This issue was addressed with improved permission validation. This issue affected versions prior to iOS 12. Existía un problema de permisos. Este problema se abordó con una validación de permisos mejorada. • https://support.apple.com/kb/HT209106 •
CVSS: 8.0EPSS: 0%CPEs: 9EXPL: 0CVE-2018-5383 – Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
https://notcve.org/view.php?id=CVE-2018-5383
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. El firmware bluetooth o los controladores de software del sistema operativo en versiones de macOS anteriores a la 10.13, versiones High Sierra e iOS anteriores a la 11.4 y versiones de Android anteriores al parche del 05/06/2018, podrían no validar lo suficiente parámetros de curva elíptica empleados para generar claves públicas durante un intercambio de claves Diffie-Hellman, lo que podría permitir que un atacante remoto obtenga la clave de cifrado empleada por el dispositivo. A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service. • http://www.cs.technion.ac.il/~biham/BT http://www.securityfocus.com/bid/104879 http://www.securitytracker.com/id/1041432 https://access.redhat.com/errata/RHSA-2019:2169 https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4095-1 https://usn.ubuntu.com/4095-2 https://usn.ubuntu.com/4118-1 https://usn.ubuntu.com/4351-1 https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig- • CWE-325: Missing Cryptographic Step CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0CVE-2018-4269
https://notcve.org/view.php?id=CVE-2018-4269
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. Un problema de corrupción de memoria se abordó con una validación de entradas mejorada. El problema afectaba a iOS en versiones anteriores a la 11.4.1, macOS High Sierra en versiones anteriores a la 10.13.6, tvOS en versiones anteriores a la 11.4.1, watchOS en versiones anteriores a la 4.3.2, iTunes para Windows en versiones anteriores a la 12.8 y iCloud para Windows en versiones anteriores a la 7.6. • https://support.apple.com/kb/HT208932 https://support.apple.com/kb/HT208935 https://support.apple.com/kb/HT208936 https://support.apple.com/kb/HT208937 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •