4.3

CVE-2018-4278

EPSS 0.51%
Veröffentlicht 11.01.2019 18:29:02
Zuletzt bearbeitet 21.11.2024 04:07:06
Quelle product-security@apple.com
CVE-Watchlists
Login
Unerledigt
Login

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ Safari Version < 11.1.2

Apple ≫ iPhone OS Version < 11.4.1

Apple ≫ tvOS Version < 11.4.1

Apple ≫ iCloud Version < 7.6

Microsoft ≫ Windows

Apple ≫ iTunes Version < 12.8

Microsoft ≫ Windows

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.51%	0.658

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

https://security.gentoo.org/glsa/201808-04

Third Party Advisory

https://usn.ubuntu.com/3743-1/

Third Party Advisory

http://www.securitytracker.com/id/1041232

Third Party Advisory

VDB Entry

https://support.apple.com/HT208934%2C

https://support.apple.com/HT208938%2C

https://support.apple.com/HT208932

Vendor Advisory

https://support.apple.com/HT208933%2C

https://support.apple.com/HT208936%2C

https://exchange.xforce.ibmcloud.com/vulnerabilities/146479

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-4278

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-4278

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-4278

EUVD