Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2018-AVI-443
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "watchOS versions ant\u00e9rieures \u00e0 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Support pour iOS versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-4322",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4322"
},
{
"name": "CVE-2018-4363",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4363"
},
{
"name": "CVE-2018-4325",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4325"
},
{
"name": "CVE-2018-4329",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4329"
},
{
"name": "CVE-2018-4352",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4352"
},
{
"name": "CVE-2018-4195",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4195"
},
{
"name": "CVE-2018-4307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4307"
},
{
"name": "CVE-2018-4313",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4313"
},
{
"name": "CVE-2018-4397",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4397"
},
{
"name": "CVE-2018-4357",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4357"
},
{
"name": "CVE-2018-4305",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4305"
},
{
"name": "CVE-2018-4335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4335"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2018-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4330"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2018-4338",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4338"
},
{
"name": "CVE-2018-4362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4362"
},
{
"name": "CVE-2018-4356",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4356"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-443",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-18T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 Apple HT209135 du 17 septembre 2018",
"revision_date": "2018-09-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209117 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209117"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209108 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209108"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209135 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209135"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209106 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209106"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209109 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209109"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209107 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209107"
}
]
}
CVE-2018-4338 (GCVE-0-2018-4338)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:11
VLAI?
EPSS
Summary
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
Severity ?
No CVSS data available.
CWE
- An application may be able to read restricted memory
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209139"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: macOS Mojave 10.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An application may be able to read restricted memory",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:15",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209139"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_value": "Versions prior to: macOS Mojave 10.14"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to read restricted memory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209139",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209139"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4338",
"datePublished": "2019-04-03T17:43:15",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1777 (GCVE-0-2016-1777)
Vulnerability from cvelistv5 – Published: 2016-03-24 01:00 – Updated: 2024-08-05 23:10
VLAI?
EPSS
Summary
Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:39.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035342",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035342"
},
{
"name": "85054",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/85054"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206173"
},
{
"name": "APPLE-SA-2016-03-21-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-16T10:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "1035342",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035342"
},
{
"name": "85054",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/85054"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206173"
},
{
"name": "APPLE-SA-2016-03-21-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-1777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035342",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035342"
},
{
"name": "85054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85054"
},
{
"name": "https://support.apple.com/HT206173",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206173"
},
{
"name": "APPLE-SA-2016-03-21-7",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2016-1777",
"datePublished": "2016-03-24T01:00:00",
"dateReserved": "2016-01-13T00:00:00",
"dateUpdated": "2024-08-05T23:10:39.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4356 (GCVE-0-2018-4356)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:11
VLAI?
EPSS
Summary
A permissions issue existed. This issue was addressed with improved permission validation. This issue affected versions prior to iOS 12.
Severity ?
No CVSS data available.
CWE
- An app may be able to learn information about the current camera view before being granted camera access
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: iOS 12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue existed. This issue was addressed with improved permission validation. This issue affected versions prior to iOS 12."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to learn information about the current camera view before being granted camera access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:16",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_value": "Versions prior to: iOS 12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A permissions issue existed. This issue was addressed with improved permission validation. This issue affected versions prior to iOS 12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An app may be able to learn information about the current camera view before being granted camera access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209106",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4356",
"datePublished": "2019-04-03T17:43:16",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4325 (GCVE-0-2018-4325)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:11
VLAI?
EPSS
Summary
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.
Severity ?
No CVSS data available.
CWE
- A person with physical access to an iOSdevice may be able to determine the last used app from the lock screen
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: iOS 12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A person with physical access to an iOSdevice may be able to determine the last used app from the lock screen",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:15",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_value": "Versions prior to: iOS 12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A person with physical access to an iOSdevice may be able to determine the last used app from the lock screen"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209106",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4325",
"datePublished": "2019-04-03T17:43:15",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4313 (GCVE-0-2018-4313)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:11
VLAI?
EPSS
Summary
A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.
Severity ?
No CVSS data available.
CWE
- A local user may be able to discover a user’s deleted messages
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | iOS, tvOS, watchOS |
Affected:
Versions prior to: iOS 12, tvOS 12, watchOS 5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209106"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209108"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS, tvOS, watchOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: iOS 12, tvOS 12, watchOS 5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A local user may be able to discover a user\u2019s deleted messages",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:14",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209106"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209108"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS, tvOS, watchOS",
"version": {
"version_data": [
{
"version_value": "Versions prior to: iOS 12, tvOS 12, watchOS 5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A local user may be able to discover a user\u2019s deleted messages"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209107",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209107"
},
{
"name": "https://support.apple.com/kb/HT209106",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209106"
},
{
"name": "https://support.apple.com/kb/HT209108",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209108"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4313",
"datePublished": "2019-04-03T17:43:14",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4195 (GCVE-0-2018-4195)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:04
VLAI?
EPSS
Summary
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 12.
Severity ?
No CVSS data available.
CWE
- Visiting a malicious website by clicking a link may lead to user interface spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:04:29.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: Safari 12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 12."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Visiting a malicious website by clicking a link may lead to user interface spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:12",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209109"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_value": "Versions prior to: Safari 12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Visiting a malicious website by clicking a link may lead to user interface spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209109",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209109"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4195",
"datePublished": "2019-04-03T17:43:12",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:04:29.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4305 (GCVE-0-2018-4305)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:11
VLAI?
EPSS
Summary
An input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.
Severity ?
No CVSS data available.
CWE
- An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | iOS, tvOS, watchOS |
Affected:
Versions prior to: iOS 12, tvOS 12, watchOS 5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209106"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209108"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS, tvOS, watchOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: iOS 12, tvOS 12, watchOS 5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:14",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209106"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209108"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS, tvOS, watchOS",
"version": {
"version_data": [
{
"version_value": "Versions prior to: iOS 12, tvOS 12, watchOS 5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209107",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209107"
},
{
"name": "https://support.apple.com/kb/HT209106",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209106"
},
{
"name": "https://support.apple.com/kb/HT209108",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209108"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4305",
"datePublished": "2019-04-03T17:43:14",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4352 (GCVE-0-2018-4352)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:11
VLAI?
EPSS
Summary
A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. This issue affected versions prior to iOS 12.
Severity ?
No CVSS data available.
CWE
- A local user may be able to discover a user’s deleted notes
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: iOS 12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. This issue affected versions prior to iOS 12."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A local user may be able to discover a user\u2019s deleted notes",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:16",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_value": "Versions prior to: iOS 12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. This issue affected versions prior to iOS 12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A local user may be able to discover a user\u2019s deleted notes"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209106",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4352",
"datePublished": "2019-04-03T17:43:16",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4363 (GCVE-0-2018-4363)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:11
VLAI?
EPSS
Summary
An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.
Severity ?
No CVSS data available.
CWE
- An application may be able to read restricted memory
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | iOS, tvOS, watchOS |
Affected:
Versions prior to: iOS 12, tvOS 12, watchOS 5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209106"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209108"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS, tvOS, watchOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: iOS 12, tvOS 12, watchOS 5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An application may be able to read restricted memory",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:16",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209106"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209108"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS, tvOS, watchOS",
"version": {
"version_data": [
{
"version_value": "Versions prior to: iOS 12, tvOS 12, watchOS 5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to read restricted memory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209107",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209107"
},
{
"name": "https://support.apple.com/kb/HT209106",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209106"
},
{
"name": "https://support.apple.com/kb/HT209108",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209108"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4363",
"datePublished": "2019-04-03T17:43:16",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5383 (GCVE-0-2018-5383)
Vulnerability from cvelistv5 – Published: 2018-08-07 21:00 – Updated: 2024-09-16 20:36
VLAI?
EPSS
Summary
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
Credits
Lior Neumann and Eli Biham of the Techion Israel Institute of Technology
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.technion.ac.il/~biham/BT/"
},
{
"name": "1041432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name": "VU#304725",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"name": "104879",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104879"
},
{
"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"name": "RHSA-2019:2169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"name": "USN-4094-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4095-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"name": "USN-4095-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "USN-4351-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4351-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.13.6",
"status": "affected",
"version": "10.13 High Sierra",
"versionType": "custom"
}
]
},
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.4",
"status": "affected",
"version": "11",
"versionType": "custom"
}
]
},
{
"product": "Android",
"vendor": "Android Open Source Project",
"versions": [
{
"lessThan": "2018-06-05 patch level",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lior Neumann and Eli Biham of the Techion Israel Institute of Technology"
}
],
"datePublic": "2018-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "CWE-325",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-11T01:06:04",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.technion.ac.il/~biham/BT/"
},
{
"name": "1041432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name": "VU#304725",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"name": "104879",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104879"
},
{
"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"name": "RHSA-2019:2169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"name": "USN-4094-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4095-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"name": "USN-4095-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "USN-4351-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4351-1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2018-07-03T04:00:00.000Z",
"ID": "CVE-2018-5383",
"STATE": "PUBLIC",
"TITLE": "Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "10.13 High Sierra",
"version_value": "10.13.6"
}
]
}
},
{
"product_name": "iOS",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "11",
"version_value": "11.4"
}
]
}
}
]
},
"vendor_name": "Apple"
},
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "2018-06-05 patch level"
}
]
}
}
]
},
"vendor_name": "Android Open Source Project"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lior Neumann and Eli Biham of the Techion Israel Institute of Technology"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-325"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.technion.ac.il/~biham/BT/",
"refsource": "MISC",
"url": "http://www.cs.technion.ac.il/~biham/BT/"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name": "VU#304725",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"name": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update",
"refsource": "CONFIRM",
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"name": "104879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104879"
},
{
"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"name": "RHSA-2019:2169",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"name": "USN-4094-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4095-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"name": "USN-4095-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"name": "USN-4118-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "USN-4351-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4351-1/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2018-5383",
"datePublished": "2018-08-07T21:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T20:36:44.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4307 (GCVE-0-2018-4307)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:11
VLAI?
EPSS
Summary
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12.
Severity ?
No CVSS data available.
CWE
- A malicious website may be able to exfiltrate autofilled data in Safari
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | iOS, Safari |
Affected:
Versions prior to: iOS 12, Safari 12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209106"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS, Safari",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: iOS 12, Safari 12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious website may be able to exfiltrate autofilled data in Safari",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:14",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209106"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209109"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS, Safari",
"version": {
"version_data": [
{
"version_value": "Versions prior to: iOS 12, Safari 12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious website may be able to exfiltrate autofilled data in Safari"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209106",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209106"
},
{
"name": "https://support.apple.com/kb/HT209109",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209109"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4307",
"datePublished": "2019-04-03T17:43:14",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4330 (GCVE-0-2018-4330)
Vulnerability from cvelistv5 – Published: 2019-01-11 18:00 – Updated: 2024-08-05 05:11
VLAI?
EPSS
Summary
In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041665",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041665"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208848"
},
{
"name": "105384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-12T10:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "1041665",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041665"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208848"
},
{
"name": "105384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105384"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041665",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041665"
},
{
"name": "https://support.apple.com/HT208848",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208848"
},
{
"name": "105384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105384"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4330",
"datePublished": "2019-01-11T18:00:00",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4397 (GCVE-0-2018-4397)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:11
VLAI?
EPSS
Summary
Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS.
Severity ?
No CVSS data available.
CWE
- An attacker in a privileged network position may be able to intercept analytics data sent to Apple
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apple Support app |
Affected:
Versions prior to: Apple Support for iOS 2.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apple Support app",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: Apple Support for iOS 2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker in a privileged network position may be able to intercept analytics data sent to Apple",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:19",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apple Support app",
"version": {
"version_data": [
{
"version_value": "Versions prior to: Apple Support for iOS 2.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker in a privileged network position may be able to intercept analytics data sent to Apple"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209117",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4397",
"datePublished": "2019-04-03T17:43:19",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4322 (GCVE-0-2018-4322)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:11
VLAI?
EPSS
Summary
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.
Severity ?
No CVSS data available.
CWE
- A local app may be able to read a persistent account identifier
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: iOS 12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A local app may be able to read a persistent account identifier",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:14",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_value": "Versions prior to: iOS 12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A local app may be able to read a persistent account identifier"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209106",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4322",
"datePublished": "2019-04-03T17:43:14",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4357 (GCVE-0-2018-4357)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:11
VLAI?
EPSS
Summary
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10.
Severity ?
No CVSS data available.
CWE
- An application may be able to execute arbitrary code with kernel privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: Xcode 10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An application may be able to execute arbitrary code with kernel privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:16",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xcode",
"version": {
"version_data": [
{
"version_value": "Versions prior to: Xcode 10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to execute arbitrary code with kernel privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209135",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4357",
"datePublished": "2019-04-03T17:43:16",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4335 (GCVE-0-2018-4335)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:11
VLAI?
EPSS
Summary
A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12.
Severity ?
No CVSS data available.
CWE
- An application may be able to read restricted memory
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: iOS 12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An application may be able to read restricted memory",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:15",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_value": "Versions prior to: iOS 12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to read restricted memory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209106",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4335",
"datePublished": "2019-04-03T17:43:15",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4362 (GCVE-0-2018-4362)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:11
VLAI?
EPSS
Summary
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12.
Severity ?
No CVSS data available.
CWE
- Visiting a malicious website may lead to address bar spoofing
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Safari, iOS |
Affected:
Versions prior to: Safari 11.1.2, iOS 12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209106"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT208934"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari, iOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: Safari 11.1.2, iOS 12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Visiting a malicious website may lead to address bar spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:16",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209106"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT208934"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Safari, iOS",
"version": {
"version_data": [
{
"version_value": "Versions prior to: Safari 11.1.2, iOS 12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Visiting a malicious website may lead to address bar spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209106",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209106"
},
{
"name": "https://support.apple.com/kb/HT208934",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT208934"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4362",
"datePublished": "2019-04-03T17:43:16",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4329 (GCVE-0-2018-4329)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:11
VLAI?
EPSS
Summary
Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12.
Severity ?
No CVSS data available.
CWE
- A user may be unable to delete browsing history items
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | iOS, Safari |
Affected:
Versions prior to: iOS 12, Safari 12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209106"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS, Safari",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: iOS 12, Safari 12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A user may be unable to delete browsing history items",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:15",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209106"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209109"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS, Safari",
"version": {
"version_data": [
{
"version_value": "Versions prior to: iOS 12, Safari 12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A user may be unable to delete browsing history items"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209106",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209106"
},
{
"name": "https://support.apple.com/kb/HT209109",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209109"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4329",
"datePublished": "2019-04-03T17:43:15",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…