Details of VAR-201904-1369

ID

VAR-201904-1369

CVE

CVE-2018-4409

TITLE

plural Apple Product validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014978

DESCRIPTION

A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. plural Apple The product has a flaw in resource validation due to flaws in processing related to input validation.Service operation interruption (DoS) There is a possibility of being put into a state. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A resource management error vulnerability exists in the WebKit component of several Apple products. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe Team Installation note: Safari 12.0.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-1 iOS 12.1 iOS 12.1 is now available and addresses the following: AppleAVD Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing malicious video via FaceTime may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4384: Natalie Silvanovich of Google Project Zero Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted vcf file may lead to a denial of service Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4365: an anonymous researcher CoreCrypto Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers Description: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum FaceTime Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to leak memory Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4366: Natalie Silvanovich of Google Project Zero FaceTime Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4367: Natalie Silvanovich of Google Project Zero Graphics Driver Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4384: Natalie Silvanovich of Google Project Zero ICU Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4394: an anonymous researcher IOHIDFamily Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4427: Pangu Team IPSec Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2018-4420: Mohamed Ghannam (@_simo36) Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security Team Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4419: Mohamed Ghannam (@_simo36) Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text message may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter CVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter NetworkExtension Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Connecting to a VPN server may leak DNS queries to a DNS proxy Description: A logic issue was addressed with improved state management. CVE-2018-4369: an anonymous researcher Notes Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local attacker may be able to share items from the lock screen Description: A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. CVE-2018-4388: videosdebarraquito Safari Reader Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting Description: A logic issue was addressed with improved validation. CVE-2018-4374: Ryan Pickren (ryanpickren.com) Safari Reader Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting Description: A cross-site scripting issue existed in Safari. CVE-2018-4377: Ryan Pickren (ryanpickren.com) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted S/MIME signed message may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd. VoiceOver Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local attacker may be able to view photos from the lock screen Description: A lock screen issue allowed access to photos via Reply With Message on a locked device. CVE-2018-4387: videosdebarraquito WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: A logic issue was addressed with improved state management. CVE-2018-4385: an anonymous researcher WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea CVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with Trend Micro's Zero Day Initiative CVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological University working with Trend Micro's Zero Day Initiative CVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative CVE-2018-4382: lokihardt of Google Project Zero CVE-2018-4386: lokihardt of Google Project Zero CVE-2018-4392: zhunki of 360 ESG Codesafe Team CVE-2018-4416: lokihardt of Google Project Zero WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to cause a denial of service Description: A resource exhaustion issue was addressed with improved input validation. CVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved validation. CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe Team WiFi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische UniversitA$?t Darmstadt Additional recognition Certificate Signing We would like to acknowledge YiAit Can YILMAZ (@yilmazcanyigit) for their assistance. CommonCrypto We would like to acknowledge an anonymous researcher for their assistance. iBooks We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool ICT for their assistance. Security We would like to acknowledge Marinos Bernitsas of Parachute for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HpTw/7 Bkh9bUEddgGUejpnjO1DRiBlHUDQMssF7nG2LM5JOcCDoLkeHSdcr86KnR7VEyYp qSllLijO9ZzrLtJuZSEelDCi+eL1Ojk3kP/6ZeMRIxDkYItR7EFWQUK71wcInk5k qPZp2FnKU3qx0Ax7wzQi3GTQk8CZCVWcuCzh0UA0Nc3rgk0bf29+7AKmgiTaT2Ra Yo4bRIXRuyi+jE39hN4x41vwjSbaxr5EZb9rvL5HT6Idipcoc9aS+sDbsscXjz/5 9WHlwAB5mxeqO3vY5WNlLhOUXXqMVRfPC/qxQocl86r2AE9jJedQFl/p9qpG59we FrAejzKTU+1GpI4dGY6puAJval5DlcedWBxsyBxFAT04HdY0pfgF4zpFDTHRj6no HnEvtF+pNgqX2OTTLCXtMG4r5c7b1yrOPYkM6FS+BjLV2H0X9n3PpvX0qvAqSTn3 RGbkJqHFV4G/DwsWUQQOOXNCthEwhzbT2n7mc+rCtN1WPUu99fGGZusMAqetmVvl hgUIVPp9+ZHs64BlTzD+xu8e6jyoJ8YoPD9a/r+ENXxHJz6Mr8Jd/E2ZesN5tWpi sO3ajUx/d158T4jfAvIE8tJGungUgehPVIIR5120nYxHc6gMUAYzirwFptfvSpb8 HWzMnE69KcP9Lnhtgp7fRv+HKpJmrsjOLKyldZzjZlA= =cetI -----END PGP SIGNATURE-----

Trust: 2.88

sources: NVD: CVE-2018-4409 // JVNDB: JVNDB-2018-014978 // JVNDB: JVNDB-2018-008908 // VULHUB: VHN-134440 // PACKETSTORM: 150106 // PACKETSTORM: 150107 // PACKETSTORM: 150109 // PACKETSTORM: 150104 // PACKETSTORM: 150103

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	lt	version:	12.9.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	12.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	12.0.1	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.8	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	12.1	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.8 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.1 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.1 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.1 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.9.1 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.0.1 (macos high sierra 10.13.6)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.0.1 (macos mojave 10.14)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.0.1 (macos sierra 10.12.6)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.1 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.1 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.8 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.1 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	12.9.1 earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	(security update 2018-001 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14.1 earlier	Trust: 0.8
vendor:	apple	model:	macos sierra	scope:	eq	version:	(security update 2018-005 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.0.1 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.1 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.1 earlier	Trust: 0.8

sources: JVNDB: JVNDB-2018-014978 // JVNDB: JVNDB-2018-008908 // NVD: CVE-2018-4409

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4409
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-4409
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201810-1512
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-134440
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4409
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-134440
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4409
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134440 // JVNDB: JVNDB-2018-014978 // CNNVD: CNNVD-201810-1512 // NVD: CVE-2018-4409

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.9

sources: VULHUB: VHN-134440 // JVNDB: JVNDB-2018-014978 // NVD: CVE-2018-4409

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1512

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1512

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014978

PATCH

title:	HT209198	url:	https://support.apple.com/en-us/HT209198	Trust: 1.6
title:	HT209192	url:	https://support.apple.com/en-us/HT209192	Trust: 1.6
title:	HT209194	url:	https://support.apple.com/en-us/HT209194	Trust: 1.6
title:	HT209196	url:	https://support.apple.com/en-us/HT209196	Trust: 1.6
title:	HT209197	url:	https://support.apple.com/en-us/HT209197	Trust: 1.6
title:	HT209192	url:	https://support.apple.com/ja-jp/HT209192	Trust: 0.8
title:	HT209194	url:	https://support.apple.com/ja-jp/HT209194	Trust: 0.8
title:	HT209196	url:	https://support.apple.com/ja-jp/HT209196	Trust: 0.8
title:	HT209197	url:	https://support.apple.com/ja-jp/HT209197	Trust: 0.8
title:	HT209198	url:	https://support.apple.com/ja-jp/HT209198	Trust: 0.8
title:	About the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra	url:	https://support.apple.com/en-us/HT209193	Trust: 0.8
title:	About the security content of watchOS 5.1	url:	https://support.apple.com/en-us/HT209195	Trust: 0.8
title:	Multiple Apple product WebKit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86489	Trust: 0.6

sources: JVNDB: JVNDB-2018-014978 // JVNDB: JVNDB-2018-008908 // CNNVD: CNNVD-201810-1512

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4409	Trust: 3.0
db:	JVN	id:	JVNVU96365720	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-014978	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-008908	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-1512	Trust: 0.7
db:	VULHUB	id:	VHN-134440	Trust: 0.1
db:	PACKETSTORM	id:	150106	Trust: 0.1
db:	PACKETSTORM	id:	150107	Trust: 0.1
db:	PACKETSTORM	id:	150109	Trust: 0.1
db:	PACKETSTORM	id:	150104	Trust: 0.1
db:	PACKETSTORM	id:	150103	Trust: 0.1

sources: VULHUB: VHN-134440 // JVNDB: JVNDB-2018-014978 // JVNDB: JVNDB-2018-008908 // PACKETSTORM: 150106 // PACKETSTORM: 150107 // PACKETSTORM: 150109 // PACKETSTORM: 150104 // PACKETSTORM: 150103 // CNNVD: CNNVD-201810-1512 // NVD: CVE-2018-4409

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2018-4409	Trust: 1.9
url:	https://support.apple.com/kb/ht209192	Trust: 1.7
url:	https://support.apple.com/kb/ht209194	Trust: 1.7
url:	https://support.apple.com/kb/ht209196	Trust: 1.7
url:	https://support.apple.com/kb/ht209197	Trust: 1.7
url:	https://support.apple.com/kb/ht209198	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4409	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu96365720/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu96365720/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4386	Trust: 0.5
url:	https://support.apple.com/kb/ht201222	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4372	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4378	Trust: 0.5
url:	https://www.apple.com/support/security/pgp/	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4392	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4382	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4416	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4375	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4376	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4377	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4373	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4398	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4374	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4394	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4371	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4369	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4413	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4368	Trust: 0.2
url:	https://www.apple.com/itunes/download/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4420	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4419	Trust: 0.1
url:	https://support.apple.com/ht204283	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4366	Trust: 0.1
url:	https://www.apple.com/itunes/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4388	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4390	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4367	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4400	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4391	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4365	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4384	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4385	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4387	Trust: 0.1

CREDITS

Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH

Trust: 0.6

sources: CNNVD: CNNVD-201810-1512

SOURCES

db:	VULHUB	id:	VHN-134440
db:	JVNDB	id:	JVNDB-2018-014978
db:	JVNDB	id:	JVNDB-2018-008908
db:	PACKETSTORM	id:	150106
db:	PACKETSTORM	id:	150107
db:	PACKETSTORM	id:	150109
db:	PACKETSTORM	id:	150104
db:	PACKETSTORM	id:	150103
db:	CNNVD	id:	CNNVD-201810-1512
db:	NVD	id:	CVE-2018-4409

LAST UPDATE DATE

2024-11-23T21:31:35.854000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134440	date:	2019-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-014978	date:	2019-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-008908	date:	2018-11-01T00:00:00
db:	CNNVD	id:	CNNVD-201810-1512	date:	2019-04-10T00:00:00
db:	NVD	id:	CVE-2018-4409	date:	2024-11-21T04:07:21.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134440	date:	2019-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-014978	date:	2019-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-008908	date:	2018-11-01T00:00:00
db:	PACKETSTORM	id:	150106	date:	2018-10-31T15:49:44
db:	PACKETSTORM	id:	150107	date:	2018-10-31T15:49:54
db:	PACKETSTORM	id:	150109	date:	2018-10-31T15:55:08
db:	PACKETSTORM	id:	150104	date:	2018-10-31T15:48:57
db:	PACKETSTORM	id:	150103	date:	2018-10-31T15:48:45
db:	CNNVD	id:	CNNVD-201810-1512	date:	2018-10-31T00:00:00
db:	NVD	id:	CVE-2018-4409	date:	2019-04-03T18:29:13.847