Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-4279 (GCVE-0-2018-4279)
Vulnerability from cvelistv5
Published
2019-04-03 17:43
Modified
2024-08-05 05:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Visiting a malicious website may lead to address bar spoofing
Summary
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT208934"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: Safari 11.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Visiting a malicious website may lead to address bar spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:13",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT208934"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_value": "Versions prior to: Safari 11.1.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Visiting a malicious website may lead to address bar spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT208934",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT208934"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4279",
"datePublished": "2019-04-03T17:43:13",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-4279\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2019-04-03T18:29:05.033\",\"lastModified\":\"2024-11-21T04:07:06.857\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de inconsistencia en la interfaz de usuario con una gesti\u00f3n de estado mejorada. Este problema afectaba a Safari en versiones anteriores a la 11.1.2.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.1.2\",\"matchCriteriaId\":\"16B9B534-35A4-49C4-B19C-C18BA185E0C4\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/kb/HT208934\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT208934\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
var-201904-1348
Vulnerability from variot
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2. Safari Contains a spoofing vulnerability due to incomplete handling of state management.Information may be obtained. An attacker may exploit this vulnerability to spoof the originating URL of a trusted web site. This issue may allow a remote attacker to carry out phishing-style attacks. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with MacOSX and iOS operating systems. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2018-7-9-5 Safari 11.1.2
Safari 11.1.2 is now available and addresses the following:
Safari Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4279: Ruilin Yang, Xu Taoyu (xia0yu.win)
WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6 Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4270: found by OSS-Fuzz
WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6 Impact: A malicious website may exfiltrate audio data cross-origin Description: Sound fetched through audio elements may be exfiltrated cross-origin. CVE-2018-4278: Jun Kokatsu (@shhnjk)
WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4284: Found by OSS-Fuzz
WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6 Impact: A malicious website may be able to cause a denial of service Description: A race condition was addressed with additional validation. CVE-2018-4266: found by OSS-Fuzz
WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4261: Omair working with Trend Micro's Zero Day Initiative CVE-2018-4262: Mateusz Krzywicki working with Trend Micro's Zero Day Initiative CVE-2018-4263: Arayz working with Trend Micro's Zero Day Initiative CVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab CVE-2018-4265: cc working with Trend Micro's Zero Day Initiative CVE-2018-4267: Arayz of Pangu team working with Trend Micro's Zero Day Initiative CVE-2018-4272: found by OSS-Fuzz
WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6 Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2018-4271: found by OSS-Fuzz CVE-2018-4273: found by OSS-Fuzz
WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6 Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. CVE-2018-4274: an anonymous researcher
WebKit Page Loading Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4260: xisigr of Tencent's Xuanwu Lab (tencent.com)
Installation note:
Safari 11.1.2 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltDyFMpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQ8ecVjteJiCZJ7xAA o2HCi+IV2AXcKkZ7RQiNr25U77qMoPg6t4lOd9YlRo8dD7m+aVYtL0TJxLyum3KO NjXhl/toW6Y1Y++iKfDLKtVtdX9eXTh2n4qDylPkknHCGiuYGk7VX1xh10EDvWLN uIHEBj/WF9+d7uAv2XrKzfyQ8rTzL960UUywBchO2HfVPk74x27+AVXzcb2Yu98m DkwtODwQtTtINqdMerdCuIGWM3BN1iwzxxX16c+hPuuDP7HTE77TNZrzz09FC4M9 ikMG8JvZmkBWEZaGnb/IRrRJWhZ+k1s33YNFc8wKt8wMsgGvV+l5Bndb7D2d3qQC BHyvokfiWLdVeUAdLpli7RcRgRZDYkaC/Y76VIaZH5frp/bAUm2mb3C6uAaQVR8+ 4f6r9go/gnkQzoNPZuqvzGsi6Nr+gl2B91SqgUdTF5fRw9zXFk7mgkcOYmzsj2uq ZdsRx+i0kkmzZYyffSNU8Y8PCHwnPj9a9D3UThJgAz7HKThI5fH5tbyxKV2wjlPb KBAWkgqMGkwWmsMNLpNJbABbK7TZhOGASb9776n2ZFOWS2u9KNbqNpALZFvaCA/0 uu9Y4aUPPPpz+/c87IviLC2HTUOOKmvhuIGWJF5sKVc8y83b7Loi/P5K90EwiF3i /7DbcAOdfMAEdgDygzzQSzRV97EQWYpLDr97VLCPGI4= =bv9B -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-1348",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.1.2"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1.2 (macos high sierra 10.13.6)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1.2 (macos sierra 10.12.6)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1.2 (os x el capitan 10.11.6)"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.10"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.34"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.33"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.31"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.31"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.30"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.28"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.52"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.6"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.2"
}
],
"sources": [
{
"db": "BID",
"id": "104749"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014834"
},
{
"db": "NVD",
"id": "CVE-2018-4279"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014834"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruilin Yang, Xu Taoyu (xia0yu.win)",
"sources": [
{
"db": "BID",
"id": "104749"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2000"
}
],
"trust": 0.9
},
"cve": "CVE-2018-4279",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-4279",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-134310",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2018-4279",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-4279",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-4279",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-2000",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-134310",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134310"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014834"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2000"
},
{
"db": "NVD",
"id": "CVE-2018-4279"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2. Safari Contains a spoofing vulnerability due to incomplete handling of state management.Information may be obtained. \nAn attacker may exploit this vulnerability to spoof the originating URL of a trusted web site. This issue may allow a remote attacker to carry out phishing-style attacks. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with MacOSX and iOS operating systems. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-7-9-5 Safari 11.1.2\n\nSafari 11.1.2 is now available and addresses the following:\n\nSafari\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and\nmacOS High Sierra 10.13.6\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2018-4279: Ruilin Yang, Xu Taoyu (xia0yu.win)\n\nWebKit\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and\nmacOS High Sierra 10.13.6\nImpact: Processing maliciously crafted web content may lead to an\nunexpected Safari crash\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4270: found by OSS-Fuzz\n\nWebKit\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and\nmacOS High Sierra 10.13.6\nImpact: A malicious website may exfiltrate audio data cross-origin\nDescription: Sound fetched through audio elements may be exfiltrated\ncross-origin. \nCVE-2018-4278: Jun Kokatsu (@shhnjk)\n\nWebKit\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and\nmacOS High Sierra 10.13.6\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2018-4284: Found by OSS-Fuzz\n\nWebKit\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and\nmacOS High Sierra 10.13.6\nImpact: A malicious website may be able to cause a denial of service\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2018-4266: found by OSS-Fuzz\n\nWebKit\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and\nmacOS High Sierra 10.13.6\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2018-4261: Omair working with Trend Micro\u0027s Zero Day Initiative\nCVE-2018-4262: Mateusz Krzywicki working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2018-4263: Arayz working with Trend Micro\u0027s Zero Day Initiative\nCVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of\nAnt-financial Light-Year Security Lab\nCVE-2018-4265: cc working with Trend Micro\u0027s Zero Day Initiative\nCVE-2018-4267: Arayz of Pangu team working with Trend Micro\u0027s Zero\nDay Initiative\nCVE-2018-4272: found by OSS-Fuzz\n\nWebKit\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and\nmacOS High Sierra 10.13.6\nImpact: Processing maliciously crafted web content may lead to an\nunexpected Safari crash\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2018-4271: found by OSS-Fuzz\nCVE-2018-4273: found by OSS-Fuzz\n\nWebKit\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and\nmacOS High Sierra 10.13.6\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: A spoofing issue existed in the handling of URLs. \nCVE-2018-4274: an anonymous researcher\n\nWebKit Page Loading\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and\nmacOS High Sierra 10.13.6\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2018-4260: xisigr of Tencent\u0027s Xuanwu Lab (tencent.com)\n\nInstallation note:\n\nSafari 11.1.2 may be obtained from the Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltDyFMpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQ8ecVjteJiCZJ7xAA\no2HCi+IV2AXcKkZ7RQiNr25U77qMoPg6t4lOd9YlRo8dD7m+aVYtL0TJxLyum3KO\nNjXhl/toW6Y1Y++iKfDLKtVtdX9eXTh2n4qDylPkknHCGiuYGk7VX1xh10EDvWLN\nuIHEBj/WF9+d7uAv2XrKzfyQ8rTzL960UUywBchO2HfVPk74x27+AVXzcb2Yu98m\nDkwtODwQtTtINqdMerdCuIGWM3BN1iwzxxX16c+hPuuDP7HTE77TNZrzz09FC4M9\nikMG8JvZmkBWEZaGnb/IRrRJWhZ+k1s33YNFc8wKt8wMsgGvV+l5Bndb7D2d3qQC\nBHyvokfiWLdVeUAdLpli7RcRgRZDYkaC/Y76VIaZH5frp/bAUm2mb3C6uAaQVR8+\n4f6r9go/gnkQzoNPZuqvzGsi6Nr+gl2B91SqgUdTF5fRw9zXFk7mgkcOYmzsj2uq\nZdsRx+i0kkmzZYyffSNU8Y8PCHwnPj9a9D3UThJgAz7HKThI5fH5tbyxKV2wjlPb\nKBAWkgqMGkwWmsMNLpNJbABbK7TZhOGASb9776n2ZFOWS2u9KNbqNpALZFvaCA/0\nuu9Y4aUPPPpz+/c87IviLC2HTUOOKmvhuIGWJF5sKVc8y83b7Loi/P5K90EwiF3i\n/7DbcAOdfMAEdgDygzzQSzRV97EQWYpLDr97VLCPGI4=\n=bv9B\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4279"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014834"
},
{
"db": "BID",
"id": "104749"
},
{
"db": "VULHUB",
"id": "VHN-134310"
},
{
"db": "PACKETSTORM",
"id": "148469"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4279",
"trust": 2.9
},
{
"db": "JVN",
"id": "JVNVU93082496",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014834",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2000",
"trust": 0.7
},
{
"db": "BID",
"id": "104749",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-134310",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148469",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134310"
},
{
"db": "BID",
"id": "104749"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014834"
},
{
"db": "PACKETSTORM",
"id": "148469"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2000"
},
{
"db": "NVD",
"id": "CVE-2018-4279"
}
]
},
"id": "VAR-201904-1348",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-134310"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:08:33.512000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT208934",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT208934"
},
{
"title": "HT208934",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT208934"
},
{
"title": "Apple Safari Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82728"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014834"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2000"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134310"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014834"
},
{
"db": "NVD",
"id": "CVE-2018-4279"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht208934"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4279"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4279"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93082496/index.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"trust": 0.3,
"url": "https://lists.apple.com/archives/security-announce/2018/jul/msg00004.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4265"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4260"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4271"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4272"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4274"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4262"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4266"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4273"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4263"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4270"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134310"
},
{
"db": "BID",
"id": "104749"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014834"
},
{
"db": "PACKETSTORM",
"id": "148469"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2000"
},
{
"db": "NVD",
"id": "CVE-2018-4279"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-134310"
},
{
"db": "BID",
"id": "104749"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014834"
},
{
"db": "PACKETSTORM",
"id": "148469"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2000"
},
{
"db": "NVD",
"id": "CVE-2018-4279"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-134310"
},
{
"date": "2018-07-09T00:00:00",
"db": "BID",
"id": "104749"
},
{
"date": "2019-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014834"
},
{
"date": "2018-07-09T21:11:11",
"db": "PACKETSTORM",
"id": "148469"
},
{
"date": "2018-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-2000"
},
{
"date": "2019-04-03T18:29:05.033000",
"db": "NVD",
"id": "CVE-2018-4279"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-134310"
},
{
"date": "2018-07-09T00:00:00",
"db": "BID",
"id": "104749"
},
{
"date": "2019-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014834"
},
{
"date": "2019-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-2000"
},
{
"date": "2024-11-21T04:07:06.857000",
"db": "NVD",
"id": "CVE-2018-4279"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-2000"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Safari Spoofing vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014834"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-2000"
}
],
"trust": 0.6
}
}
gsd-2018-4279
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-4279",
"description": "An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2.",
"id": "GSD-2018-4279"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-4279"
],
"details": "An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2.",
"id": "GSD-2018-4279",
"modified": "2023-12-13T01:22:28.443137Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_value": "Versions prior to: Safari 11.1.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Visiting a malicious website may lead to address bar spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT208934",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT208934"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4279"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT208934",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT208934"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2019-04-04T14:10Z",
"publishedDate": "2019-04-03T18:29Z"
}
}
}
fkie_cve-2018-4279
Vulnerability from fkie_nvd
Published
2019-04-03 18:29
Modified
2024-11-21 04:07
Severity ?
Summary
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/kb/HT208934 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT208934 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16B9B534-35A4-49C4-B19C-C18BA185E0C4",
"versionEndExcluding": "11.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2."
},
{
"lang": "es",
"value": "Se abord\u00f3 un problema de inconsistencia en la interfaz de usuario con una gesti\u00f3n de estado mejorada. Este problema afectaba a Safari en versiones anteriores a la 11.1.2."
}
],
"id": "CVE-2018-4279",
"lastModified": "2024-11-21T04:07:06.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-03T18:29:05.033",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT208934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT208934"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cnvd-2018-14959
Vulnerability from cnvd
Title
Apple Safari地址栏欺骗漏洞(CNVD-2018-14959)
Description
Apple Safari是美国苹果(Apple)公司开发的一款Web浏览器,是Mac OS X和iOS操作系统附带的默认浏览器。Safari是其中的一个用于Safari浏览器的专用组件。
Apple Safari 11.1.2之前版本中的Safari组件存在安全漏洞。远程攻击者可借助恶意的网站利用该漏洞伪造地址栏内容。
Severity
中
VLAI Severity ?
Patch Name
Apple Safari地址栏欺骗漏洞(CNVD-2018-14959)的补丁
Patch Description
Apple Safari是美国苹果(Apple)公司开发的一款Web浏览器,是Mac OS X和iOS操作系统附带的默认浏览器。Safari是其中的一个用于Safari浏览器的专用组件。
Apple Safari 11.1.2之前版本中的Safari组件存在安全漏洞。远程攻击者可借助恶意的网站利用该漏洞伪造地址栏内容。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://lists.apple.com/archives/security-announce/2018/Jul/msg00004.html
Reference
http://www.securityfocus.com/bid/104749
Impacted products
| Name | Apple Safari <11.1.2 |
|---|
{
"bids": {
"bid": {
"bidNumber": "104749"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2018-4279"
}
},
"description": "Apple Safari\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002Safari\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8eSafari\u6d4f\u89c8\u5668\u7684\u4e13\u7528\u7ec4\u4ef6\u3002\r\n\r\nApple Safari 11.1.2\u4e4b\u524d\u7248\u672c\u4e2d\u7684Safari\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u7684\u7f51\u7ad9\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u5730\u5740\u680f\u5185\u5bb9\u3002",
"discovererName": "Ruilin Yang, Xu Taoyu (xia0yu.win)",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apple.com/archives/security-announce/2018/Jul/msg00004.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-14959",
"openTime": "2018-08-10",
"patchDescription": "Apple Safari\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002Safari\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8eSafari\u6d4f\u89c8\u5668\u7684\u4e13\u7528\u7ec4\u4ef6\u3002\r\n\r\nApple Safari 11.1.2\u4e4b\u524d\u7248\u672c\u4e2d\u7684Safari\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u7684\u7f51\u7ad9\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u5730\u5740\u680f\u5185\u5bb9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apple Safari\u5730\u5740\u680f\u6b3a\u9a97\u6f0f\u6d1e\uff08CNVD-2018-14959\uff09\u7684\u8865\u4e01",
"products": {
"product": "Apple Safari \u003c11.1.2"
},
"referenceLink": "http://www.securityfocus.com/bid/104749",
"serverity": "\u4e2d",
"submitTime": "2018-08-01",
"title": "Apple Safari\u5730\u5740\u680f\u6b3a\u9a97\u6f0f\u6d1e\uff08CNVD-2018-14959\uff09"
}
CERTFR-2018-AVI-329
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | OS X El Capitan 10.11.6 sans le correctif de sécurité 2018-004 | ||
| Apple | N/A | iCloud for Windows versions antérieures à 7.6 | ||
| Apple | Safari | Safari versions antérieures à 11.1.2 | ||
| Apple | N/A | watchOS versions antérieures à 4.3.2 | ||
| Apple | macOS | macOS High Sierra versions antérieures à 10.13.6 | ||
| Apple | macOS | macOS Sierra versions 10.12.6 sans le correctif de sécurité 2018-004 | ||
| Apple | N/A | iOS versions antérieures à 11.4.1 | ||
| Apple | N/A | iTunes versions antérieures à 12.8 | ||
| Apple | N/A | tvOS versions antérieures à 11.4.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OS X El Capitan 10.11.6 sans le correctif de s\u00e9curit\u00e9 2018-004",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud for Windows versions ant\u00e9rieures \u00e0 7.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 11.1.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 4.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS High Sierra versions ant\u00e9rieures \u00e0 10.13.6",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sierra versions 10.12.6 sans le correctif de s\u00e9curit\u00e9 2018-004",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 11.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iTunes versions ant\u00e9rieures \u00e0 12.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 11.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-4274",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4274"
},
{
"name": "CVE-2018-4266",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4266"
},
{
"name": "CVE-2018-4270",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4270"
},
{
"name": "CVE-2018-4260",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4260"
},
{
"name": "CVE-2018-4293",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4293"
},
{
"name": "CVE-2018-4248",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4248"
},
{
"name": "CVE-2018-4280",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4280"
},
{
"name": "CVE-2018-4275",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4275"
},
{
"name": "CVE-2018-4284",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4284"
},
{
"name": "CVE-2018-4279",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4279"
},
{
"name": "CVE-2018-4263",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4263"
},
{
"name": "CVE-2018-4271",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4271"
},
{
"name": "CVE-2018-4290",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4290"
},
{
"name": "CVE-2018-4282",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4282"
},
{
"name": "CVE-2018-4269",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4269"
},
{
"name": "CVE-2018-4277",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4277"
},
{
"name": "CVE-2018-3665",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3665"
},
{
"name": "CVE-2018-4268",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4268"
},
{
"name": "CVE-2018-4178",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4178"
},
{
"name": "CVE-2018-4267",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4267"
},
{
"name": "CVE-2018-4289",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4289"
},
{
"name": "CVE-2018-4264",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4264"
},
{
"name": "CVE-2018-4265",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4265"
},
{
"name": "CVE-2018-4278",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4278"
},
{
"name": "CVE-2018-4285",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4285"
},
{
"name": "CVE-2018-4262",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4262"
},
{
"name": "CVE-2018-4272",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4272"
},
{
"name": "CVE-2018-4273",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4273"
},
{
"name": "CVE-2018-4283",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4283"
},
{
"name": "CVE-2018-4261",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4261"
}
],
"initial_release_date": "2018-07-10T00:00:00",
"last_revision_date": "2018-07-10T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-329",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208936 du 09 juillet 2018",
"url": "https://support.apple.com/en-gb/HT208936"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208935 du 09 juillet 2018",
"url": "https://support.apple.com/en-gb/HT208935"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208934 du 09 juillet 2018",
"url": "https://support.apple.com/en-gb/HT208934"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208938 du 09 juillet 2018",
"url": "https://support.apple.com/en-gb/HT208938"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208932 du 09 juillet 2018",
"url": "https://support.apple.com/en-gb/HT208932"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208937 du 09 juillet 2018",
"url": "https://support.apple.com/en-gb/HT208937"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208933 du 09 juillet 2018",
"url": "https://support.apple.com/en-gb/HT208933"
}
]
}
ghsa-r33h-w5ww-fqm8
Vulnerability from github
Published
2022-05-14 01:13
Modified
2022-05-14 01:13
Severity ?
VLAI Severity ?
Details
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2.
{
"affected": [],
"aliases": [
"CVE-2018-4279"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-03T18:29:00Z",
"severity": "MODERATE"
},
"details": "An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2.",
"id": "GHSA-r33h-w5ww-fqm8",
"modified": "2022-05-14T01:13:33Z",
"published": "2022-05-14T01:13:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4279"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT208934"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…