Vulnerability & Exploit Database

SUSE: CVE-2018-18849: SUSE Linux Security Advisory Vulnerability

• Severity: 4
• Published: November 26, 2018

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2018-18849:

This CVE is addressed in the SUSE advisories SUSE-SU-2018:3912-1, SUSE-SU-2018:3927-1, SUSE-SU-2018:3973-1, SUSE-SU-2018:3975-1, SUSE...

Apple Safari security update for CVE-2018-4147 Vulnerability

• Severity: 7
• Published: October 19, 2018

In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling.

OS X update for WebKit (CVE-2018-4147) Vulnerability

• Severity: 7
• Published: October 19, 2018

In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling.

Apple iTunes security update for CVE-2018-4147 Vulnerability

• Severity: 7
• Published: October 19, 2018

In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling.

Gentoo Linux: CVE-2018-0488: mbed TLS: Multiple vulnerabilites Vulnerability

• Severity: 8
• Published: February 13, 2018

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.

Gentoo Linux: CVE-2018-0487: mbed TLS: Multiple vulnerabilites Vulnerability

• Severity: 8
• Published: February 13, 2018

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.

Debian: CVE-2018-0488: mbedtls, polarssl -- security update Vulnerability

• Severity: 8
• Published: February 13, 2018

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.

Debian: CVE-2018-0487: mbedtls, polarssl -- security update Vulnerability

• Severity: 8
• Published: February 13, 2018

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.

Alpine Linux: CVE-2018-0488: mbedtls Multiple vulnerabilities Vulnerability

• Severity: 8
• Published: February 13, 2018

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.

Alpine Linux: CVE-2018-0487: mbedtls Multiple vulnerabilities Vulnerability

• Severity: 8
• Published: February 13, 2018

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.