Action not permitted
Modal body text goes here.
cve-2018-4361
Vulnerability from cvelistv5
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/HT209106 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT209107 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT209108 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT209109 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT209140 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT209141 | Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209106"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209108"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209109"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209140"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209141"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unexpected interaction causes an ASSERT failure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:16",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209106"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209108"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209109"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209140"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209141"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows",
"version": {
"version_data": [
{
"version_value": "Versions prior to: iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unexpected interaction causes an ASSERT failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209106",
"refsource": "MISC",
"url": "https://support.apple.com/HT209106"
},
{
"name": "https://support.apple.com/HT209107",
"refsource": "MISC",
"url": "https://support.apple.com/HT209107"
},
{
"name": "https://support.apple.com/HT209108",
"refsource": "MISC",
"url": "https://support.apple.com/HT209108"
},
{
"name": "https://support.apple.com/HT209109",
"refsource": "MISC",
"url": "https://support.apple.com/HT209109"
},
{
"name": "https://support.apple.com/HT209140",
"refsource": "MISC",
"url": "https://support.apple.com/HT209140"
},
{
"name": "https://support.apple.com/HT209141",
"refsource": "MISC",
"url": "https://support.apple.com/HT209141"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4361",
"datePublished": "2019-04-03T17:43:16",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-4361\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2019-04-03T18:29:10.393\",\"lastModified\":\"2019-10-03T00:03:26.223\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.\"},{\"lang\":\"es\",\"value\":\"Un problema de consumo de memoria se abord\u00f3 con una gesti\u00f3n de memoria mejorada. El problema afectaba a iOS en versiones anteriores a la 12, tvOS en versiones anteriores a la 12, watchOS en versiones anteriores a la 5, Safari en versiones anteriores a la 12, iTunes para Windows en versiones anteriores a la 12.9 y iCloud para Windows en versiones anteriores a la 7.7.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12\",\"matchCriteriaId\":\"3D250753-EC40-4DEB-B1A7-B2E2E872D705\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.0\",\"matchCriteriaId\":\"37A59AD6-A000-48BE-A575-D1A39DCB0D88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12\",\"matchCriteriaId\":\"072DC7F5-B539-478D-B566-7F3FF2BC2671\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0\",\"matchCriteriaId\":\"397E2910-7F1A-4576-B28D-E5796DE20CC8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.7\",\"matchCriteriaId\":\"E92A7FC9-12AE-4E07-BA72-0A4075119426\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.9\",\"matchCriteriaId\":\"48FFD64E-C6DE-41EA-A70C-3E25F133901F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/HT209106\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT209107\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT209108\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT209109\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT209140\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT209141\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
gsd-2018-4361
Vulnerability from gsd
{
"GSD": {
"alias": "CVE-2018-4361",
"description": "A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",
"id": "GSD-2018-4361",
"references": [
"https://www.suse.com/security/cve/CVE-2018-4361.html",
"https://ubuntu.com/security/CVE-2018-4361"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-4361"
],
"details": "A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",
"id": "GSD-2018-4361",
"modified": "2023-12-13T01:22:28.507201Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows",
"version": {
"version_data": [
{
"version_value": "Versions prior to: iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unexpected interaction causes an ASSERT failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209106",
"refsource": "MISC",
"url": "https://support.apple.com/HT209106"
},
{
"name": "https://support.apple.com/HT209107",
"refsource": "MISC",
"url": "https://support.apple.com/HT209107"
},
{
"name": "https://support.apple.com/HT209108",
"refsource": "MISC",
"url": "https://support.apple.com/HT209108"
},
{
"name": "https://support.apple.com/HT209109",
"refsource": "MISC",
"url": "https://support.apple.com/HT209109"
},
{
"name": "https://support.apple.com/HT209140",
"refsource": "MISC",
"url": "https://support.apple.com/HT209140"
},
{
"name": "https://support.apple.com/HT209141",
"refsource": "MISC",
"url": "https://support.apple.com/HT209141"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4361"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209141",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT209141"
},
{
"name": "https://support.apple.com/HT209140",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT209140"
},
{
"name": "https://support.apple.com/HT209109",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT209109"
},
{
"name": "https://support.apple.com/HT209108",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT209108"
},
{
"name": "https://support.apple.com/HT209107",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT209107"
},
{
"name": "https://support.apple.com/HT209106",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT209106"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-03T00:03Z",
"publishedDate": "2019-04-03T18:29Z"
}
}
}
ghsa-6wr3-pp75-368j
Vulnerability from github
A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
{
"affected": [],
"aliases": [
"CVE-2018-4361"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-03T18:29:00Z",
"severity": "HIGH"
},
"details": "A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",
"id": "GHSA-6wr3-pp75-368j",
"modified": "2022-05-13T01:52:40Z",
"published": "2022-05-13T01:52:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4361"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT209106"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT209107"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT209108"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT209109"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT209140"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT209141"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
var-201904-1475
Vulnerability from variot
A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. plural Apple The product has a memory consumption vulnerability due to flaws in memory handling.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Service operation interruption (DoS) * Arbitrary code execution * Script execution * information leak * Access restriction avoidance. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A resource management error vulnerability exists in the WebKit component of several Apple products. An attacker could exploit this vulnerability to cause an assertion failure (memory consumption). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201812-04
https://security.gentoo.org/
Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: December 02, 2018 Bugs: #667892 ID: 201812-04
Synopsis
Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.22.0 >= 2.22.0
Description
Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.0"
References
[ 1 ] CVE-2018-4191 https://nvd.nist.gov/vuln/detail/CVE-2018-4191 [ 2 ] CVE-2018-4197 https://nvd.nist.gov/vuln/detail/CVE-2018-4197 [ 3 ] CVE-2018-4207 https://nvd.nist.gov/vuln/detail/CVE-2018-4207 [ 4 ] CVE-2018-4208 https://nvd.nist.gov/vuln/detail/CVE-2018-4208 [ 5 ] CVE-2018-4209 https://nvd.nist.gov/vuln/detail/CVE-2018-4209 [ 6 ] CVE-2018-4210 https://nvd.nist.gov/vuln/detail/CVE-2018-4210 [ 7 ] CVE-2018-4212 https://nvd.nist.gov/vuln/detail/CVE-2018-4212 [ 8 ] CVE-2018-4213 https://nvd.nist.gov/vuln/detail/CVE-2018-4213 [ 9 ] CVE-2018-4299 https://nvd.nist.gov/vuln/detail/CVE-2018-4299 [ 10 ] CVE-2018-4306 https://nvd.nist.gov/vuln/detail/CVE-2018-4306 [ 11 ] CVE-2018-4309 https://nvd.nist.gov/vuln/detail/CVE-2018-4309 [ 12 ] CVE-2018-4311 https://nvd.nist.gov/vuln/detail/CVE-2018-4311 [ 13 ] CVE-2018-4312 https://nvd.nist.gov/vuln/detail/CVE-2018-4312 [ 14 ] CVE-2018-4314 https://nvd.nist.gov/vuln/detail/CVE-2018-4314 [ 15 ] CVE-2018-4315 https://nvd.nist.gov/vuln/detail/CVE-2018-4315 [ 16 ] CVE-2018-4316 https://nvd.nist.gov/vuln/detail/CVE-2018-4316 [ 17 ] CVE-2018-4317 https://nvd.nist.gov/vuln/detail/CVE-2018-4317 [ 18 ] CVE-2018-4318 https://nvd.nist.gov/vuln/detail/CVE-2018-4318 [ 19 ] CVE-2018-4319 https://nvd.nist.gov/vuln/detail/CVE-2018-4319 [ 20 ] CVE-2018-4323 https://nvd.nist.gov/vuln/detail/CVE-2018-4323 [ 21 ] CVE-2018-4328 https://nvd.nist.gov/vuln/detail/CVE-2018-4328 [ 22 ] CVE-2018-4358 https://nvd.nist.gov/vuln/detail/CVE-2018-4358 [ 23 ] CVE-2018-4359 https://nvd.nist.gov/vuln/detail/CVE-2018-4359 [ 24 ] CVE-2018-4361 https://nvd.nist.gov/vuln/detail/CVE-2018-4361
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201812-04
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.
License
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, and Zach Malone of CA Technologies for their assistance. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2018-10-30-10 Additional information for APPLE-SA-2018-9-24-5 watchOS 5
watchOS 5 addresses the following:
CFNetwork Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018
CoreFoundation Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018
CoreFoundation Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4414: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018
CoreText Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4347: an anonymous researcher Entry added October 30, 2018
Grand Central Dispatch Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Entry added October 30, 2018
Heimdal Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4331: Brandon Azad CVE-2018-4332: Brandon Azad CVE-2018-4343: Brandon Azad Entry added October 30, 2018
IOHIDFamily Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero Entry added October 30, 2018
IOKit Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero Entry added October 30, 2018
IOKit Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2018-4383: Apple Entry added October 30, 2018
IOUserEthernet Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple Entry added October 30, 2018
iTunes Store Available for: Apple Watch Series 1 and later Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime
Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. CVE-2018-4399: Fabiano Anemone (@anoane) Entry added October 30, 2018
Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4337: Ian Beer of Google Project Zero CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018
Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. CVE-2018-4363: Ian Beer of Google Project Zero
Kernel Available for: Apple Watch Series 1 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Entry added October 30, 2018
Safari Available for: Apple Watch Series 1 and later Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)
Security Available for: Apple Watch Series 1 and later Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Entry added October 30, 2018
Security Available for: Apple Watch Series 1 and later Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky
Symptom Framework Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018
Text Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Entry added October 30, 2018
WebKit Available for: Apple Watch Series 1 and later Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption issue was addressed with improved validation. CVE-2018-4319: John Pettitt of Google
WebKit Available for: Apple Watch Series 1 and later Impact: Unexpected interaction causes an ASSERT failure Description: A memory consumption issue was addressed with improved memory handling. CVE-2018-4361: found by OSS-Fuzz
Additional recognition
Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.
Kernel We would like to acknowledge Brandon Azad for their assistance.
SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GbihAA rJrGRlOECVnj/z6kzobQ6SjqeXQanrEJKOEbP12pOEgOcqhJd/CsRIGMGxtG8cRC H60/qGsVtDXhqmGZQl2cBaMeg+bagLvSaRUC6urXqYLIKoGay7zsbQyWS4hAbyNu Gpu0k5bvb2tr3IZIfqHfUcScxpsB3zJiYejtgLow2MDbkt84qNqx73xYbOIXDJoc kfyNhb/RKqiXOi5Yvh+E84GARjUSGUFD5fMbIMu7Lf0cwGpL3XakKG8S+8L0W3/W vGsl7V8DWeH6qbVoMkLUxWGxWzCd4bUr88J0cybski3L4SvpYbDPMMKxQkyn4Rfq qSDG3RMS0MUeoGn/iwRcJ8p6gPMGjWTT+lvX0XaZzG3b/mkOw8C2jRs1Ds8vUbRB Pxn1AQvg0x+EW/HIKqrvbE6i5pLjhurHYChy9tI9AS2iSHsAnrSB8DV8mc4T4v6a zJqJO5qPPCVJ9K328l+FyXe+X5erQP4/dwol71VjweA/peSJCL34/YL3oSs9e41R ApabYVIphnq0Ion5gVNancPhgQEbkIjMncFiGRg4wF0jly2Ni+NsnDquTKEM3VvG mOlo0VVw3XxLhtiQF/RKbQSy+6dK0YGykIsmnz/DsstxS4xRiWbk75XErA/nSwPs fHAicxI2AmpI+PbdYcPI4D3eJr/1ZDH8NvY1897WX5c= =fz+z -----END PGP SIGNATURE----- . CVE-2018-4329: Hugo S.
Installation note:
Safari 12 may be obtained from the Mac App Store. ----------------------------------------------------------------------- WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0007
Date reported : September 26, 2018 Advisory ID : WSA-2018-0007 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0007.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0007.html CVE identifiers : CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4311, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361.
Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.
CVE-2018-4207 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure.
CVE-2018-4208 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure.
CVE-2018-4209 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure.
CVE-2018-4210 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction with indexing types caused a failure. An array indexing issue existed in the handling of a function in JavaScriptCore.
CVE-2018-4212 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure.
CVE-2018-4213 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure.
CVE-2018-4191 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure.
CVE-2018-4197 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4299 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4306 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4309 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to an anonymous researcher working with Trend Micro's Zero Day Initiative. A malicious website may be able to execute scripts in the context of another website. A cross-site scripting issue existed in WebKit.
CVE-2018-4311 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Erling Alf Ellingsen (@steike). Cross-origin SecurityErrors includes the accessed frameas origin. The issue was addressed by removing origin information.
CVE-2018-4312 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4314 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4315 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4316 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4317 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4318 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4319 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to John Pettitt of Google. A malicious website may cause unexepected cross-origin behavior. A cross-origin issue existed with iframe elements.
CVE-2018-4323 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4328 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4358 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4359 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroA (@5aelo). Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4361 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure.
We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.
Further information about WebKitGTK+ and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/.
The WebKitGTK+ and WPE WebKit team, September 26, 2018
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-1475",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.7"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "5.0"
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.9"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 7.7 (windows 7 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (ipad air or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (iphone 5s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (ipod touch first 6 generation )"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 12.9 (windows 7 or later )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (macos high sierra 10.13.6)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (macos mojave 10.14)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (macos sierra 10.12.6)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (apple tv 4k)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (apple tv first 4 generation )"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5 (apple watch series 1 or later )"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.7 earlier"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.0.1 earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014916"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008148"
},
{
"db": "NVD",
"id": "CVE-2018-4361"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:icloud",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:watchos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014916"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "150115"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "149511"
},
{
"db": "PACKETSTORM",
"id": "150113"
},
{
"db": "PACKETSTORM",
"id": "149515"
},
{
"db": "PACKETSTORM",
"id": "149513"
},
{
"db": "PACKETSTORM",
"id": "149722"
}
],
"trust": 0.7
},
"cve": "CVE-2018-4361",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-4361",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-134392",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-4361",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-4361",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-4361",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1165",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-134392",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-4361",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134392"
},
{
"db": "VULMON",
"id": "CVE-2018-4361"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014916"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1165"
},
{
"db": "NVD",
"id": "CVE-2018-4361"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. plural Apple The product has a memory consumption vulnerability due to flaws in memory handling.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Service operation interruption (DoS) * Arbitrary code execution * Script execution * information leak * Access restriction avoidance. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A resource management error vulnerability exists in the WebKit component of several Apple products. An attacker could exploit this vulnerability to cause an assertion failure (memory consumption). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201812-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: December 02, 2018\n Bugs: #667892\n ID: 201812-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in WebKitGTK+, the worst of\nwhich may lead to arbitrary code execution. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from\nhybrid HTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.22.0 \u003e= 2.22.0 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.22.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-4191\n https://nvd.nist.gov/vuln/detail/CVE-2018-4191\n[ 2 ] CVE-2018-4197\n https://nvd.nist.gov/vuln/detail/CVE-2018-4197\n[ 3 ] CVE-2018-4207\n https://nvd.nist.gov/vuln/detail/CVE-2018-4207\n[ 4 ] CVE-2018-4208\n https://nvd.nist.gov/vuln/detail/CVE-2018-4208\n[ 5 ] CVE-2018-4209\n https://nvd.nist.gov/vuln/detail/CVE-2018-4209\n[ 6 ] CVE-2018-4210\n https://nvd.nist.gov/vuln/detail/CVE-2018-4210\n[ 7 ] CVE-2018-4212\n https://nvd.nist.gov/vuln/detail/CVE-2018-4212\n[ 8 ] CVE-2018-4213\n https://nvd.nist.gov/vuln/detail/CVE-2018-4213\n[ 9 ] CVE-2018-4299\n https://nvd.nist.gov/vuln/detail/CVE-2018-4299\n[ 10 ] CVE-2018-4306\n https://nvd.nist.gov/vuln/detail/CVE-2018-4306\n[ 11 ] CVE-2018-4309\n https://nvd.nist.gov/vuln/detail/CVE-2018-4309\n[ 12 ] CVE-2018-4311\n https://nvd.nist.gov/vuln/detail/CVE-2018-4311\n[ 13 ] CVE-2018-4312\n https://nvd.nist.gov/vuln/detail/CVE-2018-4312\n[ 14 ] CVE-2018-4314\n https://nvd.nist.gov/vuln/detail/CVE-2018-4314\n[ 15 ] CVE-2018-4315\n https://nvd.nist.gov/vuln/detail/CVE-2018-4315\n[ 16 ] CVE-2018-4316\n https://nvd.nist.gov/vuln/detail/CVE-2018-4316\n[ 17 ] CVE-2018-4317\n https://nvd.nist.gov/vuln/detail/CVE-2018-4317\n[ 18 ] CVE-2018-4318\n https://nvd.nist.gov/vuln/detail/CVE-2018-4318\n[ 19 ] CVE-2018-4319\n https://nvd.nist.gov/vuln/detail/CVE-2018-4319\n[ 20 ] CVE-2018-4323\n https://nvd.nist.gov/vuln/detail/CVE-2018-4323\n[ 21 ] CVE-2018-4328\n https://nvd.nist.gov/vuln/detail/CVE-2018-4328\n[ 22 ] CVE-2018-4358\n https://nvd.nist.gov/vuln/detail/CVE-2018-4358\n[ 23 ] CVE-2018-4359\n https://nvd.nist.gov/vuln/detail/CVE-2018-4359\n[ 24 ] CVE-2018-4361\n https://nvd.nist.gov/vuln/detail/CVE-2018-4361\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201812-04\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \nCVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. \n\nWebKit\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360\nVuclan team, and Zach Malone of CA Technologies for their assistance. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-10-30-10 Additional information for\nAPPLE-SA-2018-9-24-5 watchOS 5\n\nwatchOS 5 addresses the following:\n\nCFNetwork\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nCoreFoundation\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4412: The UK\u0027s National Cyber Security Centre (NCSC)\nEntry added October 30, 2018\n\nCoreFoundation\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to gain elevated privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4414: The UK\u0027s National Cyber Security Centre (NCSC)\nEntry added October 30, 2018\n\nCoreText\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2018-4347: an anonymous researcher\nEntry added October 30, 2018\n\nGrand Central Dispatch\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4426: Brandon Azad\nEntry added October 30, 2018\n\nHeimdal\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4331: Brandon Azad\nCVE-2018-4332: Brandon Azad\nCVE-2018-4343: Brandon Azad\nEntry added October 30, 2018\n\nIOHIDFamily\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation\nCVE-2018-4408: Ian Beer of Google Project Zero\nEntry added October 30, 2018\n\nIOKit\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4341: Ian Beer of Google Project Zero\nCVE-2018-4354: Ian Beer of Google Project Zero\nEntry added October 30, 2018\n\nIOKit\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2018-4383: Apple\nEntry added October 30, 2018\n\nIOUserEthernet\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4401: Apple\nEntry added October 30, 2018\n\niTunes Store\nAvailable for: Apple Watch Series 1 and later\nImpact: An attacker in a privileged network position may be able to\nspoof password prompts in the iTunes Store\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2018-4305: Jerry Decime\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: An access issue existed with privileged API calls. \nCVE-2018-4399: Fabiano Anemone (@anoane)\nEntry added October 30, 2018\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4336: Brandon Azad\nCVE-2018-4337: Ian Beer of Google Project Zero\nCVE-2018-4340: Mohamed Ghannam (@_simo36)\nCVE-2018-4344: The UK\u0027s National Cyber Security Centre (NCSC)\nCVE-2018-4425: cc working with Trend Micro\u0027s Zero Day Initiative,\nJuwei Lin (@panicaII) of Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to read restricted memory\nDescription: An input validation issue existed in the kernel. \nCVE-2018-4363: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2018-4407: Kevin Backhouse of Semmle Ltd. \nEntry added October 30, 2018\n\nSafari\nAvailable for: Apple Watch Series 1 and later\nImpact: A local user may be able to discover websites a user has\nvisited\nDescription: A consistency issue existed in the handling of\napplication snapshots. \nCVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert\nUlu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -\nAnkara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l\nUniversity, Metin Altug Karakaya of Kaliptus Medical Organization,\nVinodh Swami of Western Governor\u0027s University (WGU)\n\nSecurity\nAvailable for: Apple Watch Series 1 and later\nImpact: A local user may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2018-4395: Patrick Wardle of Digita Security\nEntry added October 30, 2018\n\nSecurity\nAvailable for: Apple Watch Series 1 and later\nImpact: An attacker may be able to exploit weaknesses in the RC4\ncryptographic algorithm\nDescription: This issue was addressed by removing RC4. \nCVE-2016-1777: Pepi Zawodsky\n\nSymptom Framework\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nText\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing a maliciously crafted text file may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-4304: jianan.huang (@Sevck)\nEntry added October 30, 2018\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: Unexpected interaction causes an ASSERT failure\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2018-4319: John Pettitt of Google\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: Unexpected interaction causes an ASSERT failure\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2018-4361: found by OSS-Fuzz\n\nAdditional recognition\n\nCore Data\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security\nLabs GmbH for their assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad for their assistance. \n\nSQLite\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security\nLabs GmbH for their assistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GbihAA\nrJrGRlOECVnj/z6kzobQ6SjqeXQanrEJKOEbP12pOEgOcqhJd/CsRIGMGxtG8cRC\nH60/qGsVtDXhqmGZQl2cBaMeg+bagLvSaRUC6urXqYLIKoGay7zsbQyWS4hAbyNu\nGpu0k5bvb2tr3IZIfqHfUcScxpsB3zJiYejtgLow2MDbkt84qNqx73xYbOIXDJoc\nkfyNhb/RKqiXOi5Yvh+E84GARjUSGUFD5fMbIMu7Lf0cwGpL3XakKG8S+8L0W3/W\nvGsl7V8DWeH6qbVoMkLUxWGxWzCd4bUr88J0cybski3L4SvpYbDPMMKxQkyn4Rfq\nqSDG3RMS0MUeoGn/iwRcJ8p6gPMGjWTT+lvX0XaZzG3b/mkOw8C2jRs1Ds8vUbRB\nPxn1AQvg0x+EW/HIKqrvbE6i5pLjhurHYChy9tI9AS2iSHsAnrSB8DV8mc4T4v6a\nzJqJO5qPPCVJ9K328l+FyXe+X5erQP4/dwol71VjweA/peSJCL34/YL3oSs9e41R\nApabYVIphnq0Ion5gVNancPhgQEbkIjMncFiGRg4wF0jly2Ni+NsnDquTKEM3VvG\nmOlo0VVw3XxLhtiQF/RKbQSy+6dK0YGykIsmnz/DsstxS4xRiWbk75XErA/nSwPs\nfHAicxI2AmpI+PbdYcPI4D3eJr/1ZDH8NvY1897WX5c=\n=fz+z\n-----END PGP SIGNATURE-----\n. \nCVE-2018-4329: Hugo S. \n\nInstallation note:\n\nSafari 12 may be obtained from the Mac App Store. -----------------------------------------------------------------------\nWebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0007\n------------------------------------------------------------------------\n\nDate reported : September 26, 2018\nAdvisory ID : WSA-2018-0007\nWebKitGTK+ Advisory URL : \nhttps://webkitgtk.org/security/WSA-2018-0007.html\nWPE WebKit Advisory URL : \nhttps://wpewebkit.org/security/WSA-2018-0007.html\nCVE identifiers : CVE-2018-4207, CVE-2018-4208, CVE-2018-4209,\n CVE-2018-4210, CVE-2018-4212, CVE-2018-4213,\n CVE-2018-4191, CVE-2018-4197, CVE-2018-4299,\n CVE-2018-4306, CVE-2018-4309, CVE-2018-4311,\n CVE-2018-4312, CVE-2018-4314, CVE-2018-4315,\n CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,\n CVE-2018-4319, CVE-2018-4323, CVE-2018-4328,\n CVE-2018-4358, CVE-2018-4359, CVE-2018-4361. \n\nSeveral vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. \n\nCVE-2018-4207\n Versions affected: WebKitGTK+ before 2.20.0. \n Credit to Google OSS-Fuzz. \n Unexpected interaction causes an ASSERT failure. \n\nCVE-2018-4208\n Versions affected: WebKitGTK+ before 2.20.0. \n Credit to Google OSS-Fuzz. \n Unexpected interaction causes an ASSERT failure. \n\nCVE-2018-4209\n Versions affected: WebKitGTK+ before 2.20.0. \n Credit to Google OSS-Fuzz. \n Unexpected interaction causes an ASSERT failure. \n\nCVE-2018-4210\n Versions affected: WebKitGTK+ before 2.20.0. \n Credit to Google OSS-Fuzz. \n Unexpected interaction with indexing types caused a failure. An\n array indexing issue existed in the handling of a function in\n JavaScriptCore. \n\nCVE-2018-4212\n Versions affected: WebKitGTK+ before 2.20.0. \n Credit to Google OSS-Fuzz. \n Unexpected interaction causes an ASSERT failure. \n\nCVE-2018-4213\n Versions affected: WebKitGTK+ before 2.20.0. \n Credit to Google OSS-Fuzz. \n Unexpected interaction causes an ASSERT failure. \n\nCVE-2018-4191\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to Google OSS-Fuzz. \n Unexpected interaction causes an ASSERT failure. \n\nCVE-2018-4197\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to Ivan Fratric of Google Project Zero. \n Processing maliciously crafted web content may lead to arbitrary\n code execution. \n\nCVE-2018-4299\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to Samuel GroI2 (saelo) working with Trend Micro\u0027s Zero Day\n Initiative. \n Processing maliciously crafted web content may lead to arbitrary\n code execution. \n\nCVE-2018-4306\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to Ivan Fratric of Google Project Zero. \n Processing maliciously crafted web content may lead to arbitrary\n code execution. \n\nCVE-2018-4309\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to an anonymous researcher working with Trend Micro\u0027s Zero\n Day Initiative. \n A malicious website may be able to execute scripts in the context of\n another website. A cross-site scripting issue existed in WebKit. \n\nCVE-2018-4311\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to Erling Alf Ellingsen (@steike). \n Cross-origin SecurityErrors includes the accessed frameas origin. \n The issue was addressed by removing origin information. \n\nCVE-2018-4312\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to Ivan Fratric of Google Project Zero. \n Processing maliciously crafted web content may lead to arbitrary\n code execution. \n\nCVE-2018-4314\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to Ivan Fratric of Google Project Zero. \n Processing maliciously crafted web content may lead to arbitrary\n code execution. \n\nCVE-2018-4315\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to Ivan Fratric of Google Project Zero. \n Processing maliciously crafted web content may lead to arbitrary\n code execution. \n\nCVE-2018-4316\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan\n Team. \n Processing maliciously crafted web content may lead to arbitrary\n code execution. \n\nCVE-2018-4317\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to Ivan Fratric of Google Project Zero. \n Processing maliciously crafted web content may lead to arbitrary\n code execution. \n\nCVE-2018-4318\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to Ivan Fratric of Google Project Zero. \n Processing maliciously crafted web content may lead to arbitrary\n code execution. \n\nCVE-2018-4319\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to John Pettitt of Google. \n A malicious website may cause unexepected cross-origin behavior. A\n cross-origin issue existed with iframe elements. \n\nCVE-2018-4323\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to Ivan Fratric of Google Project Zero. \n Processing maliciously crafted web content may lead to arbitrary\n code execution. \n\nCVE-2018-4328\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to Ivan Fratric of Google Project Zero. \n Processing maliciously crafted web content may lead to arbitrary\n code execution. \n\nCVE-2018-4358\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to @phoenhex team (@bkth_ @5aelo @_niklasb) working with\n Trend Micro\u0027s Zero Day Initiative. \n Processing maliciously crafted web content may lead to arbitrary\n code execution. \n\nCVE-2018-4359\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to Samuel GroA (@5aelo). \n Processing maliciously crafted web content may lead to arbitrary\n code execution. \n\nCVE-2018-4361\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to Google OSS-Fuzz. \n Unexpected interaction causes an ASSERT failure. \n\n\nWe recommend updating to the latest stable versions of WebKitGTK+ and\nWPE WebKit. It is the best way to ensure that you are running safe\nversions of WebKit. Please check our websites for information about the\nlatest stable releases. \n\nFurther information about WebKitGTK+ and WPE WebKit security advisories\ncan be found at: https://webkitgtk.org/security.html or\nhttps://wpewebkit.org/security/. \n\nThe WebKitGTK+ and WPE WebKit team,\nSeptember 26, 2018\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4361"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014916"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008148"
},
{
"db": "VULHUB",
"id": "VHN-134392"
},
{
"db": "VULMON",
"id": "CVE-2018-4361"
},
{
"db": "PACKETSTORM",
"id": "150115"
},
{
"db": "PACKETSTORM",
"id": "150560"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "149511"
},
{
"db": "PACKETSTORM",
"id": "150113"
},
{
"db": "PACKETSTORM",
"id": "149515"
},
{
"db": "PACKETSTORM",
"id": "149513"
},
{
"db": "PACKETSTORM",
"id": "149605"
},
{
"db": "PACKETSTORM",
"id": "149722"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4361",
"trust": 3.5
},
{
"db": "JVN",
"id": "JVNVU92800088",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU93341447",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014916",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008148",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1165",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-134392",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-4361",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150115",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150560",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149511",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150113",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149515",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149513",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149605",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149722",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134392"
},
{
"db": "VULMON",
"id": "CVE-2018-4361"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014916"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008148"
},
{
"db": "PACKETSTORM",
"id": "150115"
},
{
"db": "PACKETSTORM",
"id": "150560"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "149511"
},
{
"db": "PACKETSTORM",
"id": "150113"
},
{
"db": "PACKETSTORM",
"id": "149515"
},
{
"db": "PACKETSTORM",
"id": "149513"
},
{
"db": "PACKETSTORM",
"id": "149605"
},
{
"db": "PACKETSTORM",
"id": "149722"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1165"
},
{
"db": "NVD",
"id": "CVE-2018-4361"
}
]
},
"id": "VAR-201904-1475",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-134392"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T21:33:34.674000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT209141",
"trust": 1.6,
"url": "https://support.apple.com/en-us/HT209141"
},
{
"title": "HT209140",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209140"
},
{
"title": "HT209106",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209106"
},
{
"title": "HT209107",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209107"
},
{
"title": "HT209108",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209108"
},
{
"title": "HT209109",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209109"
},
{
"title": "HT209106",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT209106"
},
{
"title": "HT209107",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT209107"
},
{
"title": "HT209108",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT209108"
},
{
"title": "HT209109",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT209109"
},
{
"title": "HT209140",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT209140"
},
{
"title": "HT209141",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT209141"
},
{
"title": "About the security content of iOS 12.0.1",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209162"
},
{
"title": "Multiple Apple product WebKit Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85199"
},
{
"title": "Ubuntu Security Notice: webkit2gtk vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3781-1"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/apple-releases-security-updates-for-ios-and-icloud-fixes-passcode-bypass/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-4361"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014916"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008148"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1165"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134392"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014916"
},
{
"db": "NVD",
"id": "CVE-2018-4361"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4361"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht209106"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht209107"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht209108"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht209109"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht209140"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht209141"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4191"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4359"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4358"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4299"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4361"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93341447/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92800088/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92800088"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4319"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4311"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4323"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4318"
},
{
"trust": 0.7,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4309"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4315"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4197"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4316"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4317"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4306"
},
{
"trust": 0.7,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4312"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4328"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4314"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4345"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4336"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4305"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4344"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4313"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1777"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4363"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht204283"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4126"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4347"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4213"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4212"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4209"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4207"
},
{
"trust": 0.2,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2018/sep/45"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3781-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4412"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4414"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/201812-04"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5383"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4321"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4203"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4332"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4401"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4383"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4340"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4354"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4399"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4395"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4329"
},
{
"trust": 0.1,
"url": "https://www.tencent.com)"
},
{
"trust": 0.1,
"url": "https://wpewebkit.org/security/."
},
{
"trust": 0.1,
"url": "https://wpewebkit.org/security/wsa-2018-0007.html"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security.html"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2018-0007.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134392"
},
{
"db": "VULMON",
"id": "CVE-2018-4361"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014916"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008148"
},
{
"db": "PACKETSTORM",
"id": "150115"
},
{
"db": "PACKETSTORM",
"id": "150560"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "149511"
},
{
"db": "PACKETSTORM",
"id": "150113"
},
{
"db": "PACKETSTORM",
"id": "149515"
},
{
"db": "PACKETSTORM",
"id": "149513"
},
{
"db": "PACKETSTORM",
"id": "149605"
},
{
"db": "PACKETSTORM",
"id": "149722"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1165"
},
{
"db": "NVD",
"id": "CVE-2018-4361"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-134392"
},
{
"db": "VULMON",
"id": "CVE-2018-4361"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014916"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008148"
},
{
"db": "PACKETSTORM",
"id": "150115"
},
{
"db": "PACKETSTORM",
"id": "150560"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "149511"
},
{
"db": "PACKETSTORM",
"id": "150113"
},
{
"db": "PACKETSTORM",
"id": "149515"
},
{
"db": "PACKETSTORM",
"id": "149513"
},
{
"db": "PACKETSTORM",
"id": "149605"
},
{
"db": "PACKETSTORM",
"id": "149722"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1165"
},
{
"db": "NVD",
"id": "CVE-2018-4361"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-134392"
},
{
"date": "2019-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4361"
},
{
"date": "2019-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014916"
},
{
"date": "2018-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008148"
},
{
"date": "2018-10-31T16:10:39",
"db": "PACKETSTORM",
"id": "150115"
},
{
"date": "2018-12-03T21:06:30",
"db": "PACKETSTORM",
"id": "150560"
},
{
"date": "2018-09-25T16:32:23",
"db": "PACKETSTORM",
"id": "149516"
},
{
"date": "2018-09-25T16:20:49",
"db": "PACKETSTORM",
"id": "149511"
},
{
"date": "2018-10-31T16:10:19",
"db": "PACKETSTORM",
"id": "150113"
},
{
"date": "2018-09-25T16:31:15",
"db": "PACKETSTORM",
"id": "149515"
},
{
"date": "2018-09-25T16:25:47",
"db": "PACKETSTORM",
"id": "149513"
},
{
"date": "2018-10-01T17:13:20",
"db": "PACKETSTORM",
"id": "149605"
},
{
"date": "2018-10-09T16:58:43",
"db": "PACKETSTORM",
"id": "149722"
},
{
"date": "2018-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1165"
},
{
"date": "2019-04-03T18:29:10.393000",
"db": "NVD",
"id": "CVE-2018-4361"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-134392"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4361"
},
{
"date": "2019-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014916"
},
{
"date": "2018-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008148"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1165"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-4361"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1165"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Memory consumption vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014916"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1165"
}
],
"trust": 0.6
}
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.