CVE-2018-4117 – chromium-browser: Cross origin information leak in Blink
https://notcve.org/view.php?id=CVE-2018-4117
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Se ha descubierto un problema en algunos productos Apple. • http://www.securityfocus.com/bid/104887 http://www.securitytracker.com/id/1040604 https://access.redhat.com/errata/RHSA-2018:2282 https://security.gentoo.org/glsa/201808-01 https://security.gentoo.org/glsa/201808-04 https://support.apple.com/HT208693 https://support.apple.com/HT208694 https://support.apple.com/HT208695 https://support.apple.com/HT208696 https://support.apple.com/HT208697 https://usn.ubuntu.com/3635-1 https://www.debian.org/security/2018/dsa-4256 ht • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-4122 – Apple Safari Spread Operator Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4122
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en algunos productos Apple. • http://www.securitytracker.com/id/1040604 https://security.gentoo.org/glsa/201808-04 https://support.apple.com/HT208693 https://support.apple.com/HT208694 https://support.apple.com/HT208695 https://support.apple.com/HT208696 https://support.apple.com/HT208697 https://support.apple.com/HT208698 https://usn.ubuntu.com/3635-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-4129 – Apple Safari TypedArray Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4129
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en algunos productos Apple. • http://www.securitytracker.com/id/1040604 https://security.gentoo.org/glsa/201808-04 https://support.apple.com/HT208693 https://support.apple.com/HT208694 https://support.apple.com/HT208695 https://support.apple.com/HT208696 https://support.apple.com/HT208697 https://support.apple.com/HT208698 https://usn.ubuntu.com/3635-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-7161
https://notcve.org/view.php?id=CVE-2017-7161
An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection. Se ha descubierto un problema en algunos productos Apple. • https://support.apple.com/HT208324 https://usn.ubuntu.com/3551-1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2017-7165 – Apple Safari HTMLButtonElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7165
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en algunos productos Apple. • https://support.apple.com/HT208324 https://support.apple.com/HT208325 https://support.apple.com/HT208326 https://support.apple.com/HT208327 https://support.apple.com/HT208328 https://support.apple.com/HT208334 https://usn.ubuntu.com/3551-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •