CVSS: 8.8EPSS: 86%CPEs: 7EXPL: 2CVE-2018-4416 – WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion
https://notcve.org/view.php?id=CVE-2018-4416
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Se abordaron múltiples problemas de corrupción de memoria con una gestión de memoria mejorada. El problema afectaba a iOS en versiones anteriores a la 12.1; tvOS en versiones anteriores a la 12.1; watchOS en versiones anteriores a la 5.1; Safari en versiones anteriores a la 12.0.1; iTunes en versiones anteriores a la 12.9.1 y iCloud para Windows en versiones anteriores a la 7.8. When a for-in loop is executed, a JSPropertyNameEnumerator object is created at the beginning and used to store the information of the input object to the for-in loop. • https://www.exploit-db.com/exploits/45910 https://github.com/erupmi/CVE-2018-4416-exploit https://support.apple.com/kb/HT209192 https://support.apple.com/kb/HT209194 https://support.apple.com/kb/HT209195 https://support.apple.com/kb/HT209196 https://support.apple.com/kb/HT209197 https://support.apple.com/kb/HT209198 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-4375 – Apple Safari FrameLoader Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4375
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Se abordaron múltiples problemas de corrupción de memoria con una gestión de memoria mejorada. El problema afectaba a iOS en versiones anteriores a la 12.1, watchOS en versiones anteriores a la 5.1, Safari en versiones anteriores a la 12.0.1, iTunes en versiones anteriores a la 12.9.1 y iCloud para Windows en versiones anteriores a la 7.8. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. • https://support.apple.com/kb/HT209192 https://support.apple.com/kb/HT209195 https://support.apple.com/kb/HT209196 https://support.apple.com/kb/HT209197 https://support.apple.com/kb/HT209198 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-4376 – Apple Safari RenderCounter Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4376
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Se abordaron múltiples problemas de corrupción de memoria con una gestión de memoria mejorada. El problema afectaba a iOS en versiones anteriores a la 12.1, watchOS en versiones anteriores a la 5.1, Safari en versiones anteriores a la 12.0.1, iTunes en versiones anteriores a la 12.9.1 y iCloud para Windows en versiones anteriores a la 7.8. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. • https://support.apple.com/kb/HT209192 https://support.apple.com/kb/HT209195 https://support.apple.com/kb/HT209196 https://support.apple.com/kb/HT209197 https://support.apple.com/kb/HT209198 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-4373 – Apple Safari WebCrypto Race Condition Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4373
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Se abordaron múltiples problemas de corrupción de memoria con una gestión de memoria mejorada. El problema afectaba a iOS en versiones anteriores a la 12.1, watchOS en versiones anteriores a la 5.1, Safari en versiones anteriores a la 12.0.1, iTunes en versiones anteriores a la 12.9.1 y iCloud para Windows en versiones anteriores a la 7.8. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. • https://support.apple.com/kb/HT209192 https://support.apple.com/kb/HT209195 https://support.apple.com/kb/HT209196 https://support.apple.com/kb/HT209197 https://support.apple.com/kb/HT209198 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-4360
https://notcve.org/view.php?id=CVE-2018-4360
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Se abordaron múltiples problemas de corrupción de memoria con una gestión de memoria mejorada. El problema afectaba a iOS en versiones anteriores a la 12, tvOS en versiones anteriores a la 12, Safari en versiones anteriores a la 12, iTunes para Windows en versiones anteriores a la 12.9 y iCloud para Windows en versiones anteriores a la 7.7. • https://devcraft.io/2019/02/19/cve-2018-4360-webkit-information-leakage-with-dommatrixinvertself.html https://github.com/WebKit/webkit/commit/a0b0e01648892b0bb60a01aca619eec85eb27f7a https://support.apple.com/kb/HT209106 https://support.apple.com/kb/HT209107 https://support.apple.com/kb/HT209109 https://support.apple.com/kb/HT209140 https://support.apple.com/kb/HT209141 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •