CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-4265 – Apple Safari FrameView Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4265
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. Se abordaron múltiples problemas de corrupción de memoria con una gestión de memoria mejorada. El problema afectaba a iOS en versiones anteriores a la 11.4.1, tvOS en versiones anteriores a la 11.4.1, Safari en versiones anteriores a la 11.1.2, iTunes para Windows en versiones anteriores a la 12.8 y iCloud para Windows en versiones anteriores a la 7.6. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. • https://support.apple.com/kb/HT208932 https://support.apple.com/kb/HT208933 https://support.apple.com/kb/HT208934 https://support.apple.com/kb/HT208936 https://support.apple.com/kb/HT208938 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 45%CPEs: 11EXPL: 2CVE-2018-4218 – WebKit - Use-After-Free when Resuming Generator
https://notcve.org/view.php?id=CVE-2018-4218
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free. Se ha descubierto un problema en algunos productos Apple. • https://www.exploit-db.com/exploits/44861 http://www.securitytracker.com/id/1041029 https://bugs.chromium.org/p/project-zero/issues/detail?id=1553 https://security.gentoo.org/glsa/201808-04 https://support.apple.com/HT208848 https://support.apple.com/HT208850 https://support.apple.com/HT208851 https://support.apple.com/HT208852 https://support.apple.com/HT208853 https://support.apple.com/HT208854 https://usn.ubuntu.com/3687-1 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-4188
https://notcve.org/view.php?id=CVE-2018-4188
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site. Se ha descubierto un problema en algunos productos Apple. • http://www.securitytracker.com/id/1041029 https://support.apple.com/HT208848 https://support.apple.com/HT208850 https://support.apple.com/HT208852 https://support.apple.com/HT208853 https://support.apple.com/HT208854 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-4214
https://notcve.org/view.php?id=CVE-2018-4214
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to cause a denial of service (memory corruption and Safari crash) or possibly have unspecified other impact via a crafted web site. Se ha descubierto un problema en algunos productos Apple. • http://www.securitytracker.com/id/1041029 https://security.gentoo.org/glsa/201808-04 https://support.apple.com/HT208848 https://support.apple.com/HT208850 https://support.apple.com/HT208851 https://support.apple.com/HT208852 https://support.apple.com/HT208853 https://support.apple.com/HT208854 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 10%CPEs: 8EXPL: 1CVE-2018-4192 – JavaScript Core - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2018-4192
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition. Se ha descubierto un problema en algunos productos Apple. • https://www.exploit-db.com/exploits/45048 http://www.securitytracker.com/id/1041029 https://security.gentoo.org/glsa/201808-04 https://support.apple.com/HT208848 https://support.apple.com/HT208850 https://support.apple.com/HT208851 https://support.apple.com/HT208852 https://support.apple.com/HT208853 https://support.apple.com/HT208854 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •