CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2CVE-2018-4243 – Apple macOS/iOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist
https://notcve.org/view.php?id=CVE-2018-4243
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code in a privileged context via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.4, las versiones de macOS anteriores a la 10.13.5, las versiones de tvOS anteriores a la 11.4 y las versiones de watchOS anteriores a la 4.3.1 se han visto afectadas. • https://www.exploit-db.com/exploits/44848 http://www.securitytracker.com/id/1041027 https://bugs.chromium.org/p/project-zero/issues/detail?id=1564 https://support.apple.com/HT208848 https://support.apple.com/HT208849 https://support.apple.com/HT208850 https://support.apple.com/HT208851 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2018-4211
https://notcve.org/view.php?id=CVE-2018-4211
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.4, las versiones de macOS anteriores a la 10.13.5, las versiones de tvOS anteriores a la 11.4 y las versiones de watchOS anteriores a la 4.3.1 se han visto afectadas. • http://www.securitytracker.com/id/1041027 https://support.apple.com/HT208848 https://support.apple.com/HT208849 https://support.apple.com/HT208850 https://support.apple.com/HT208851 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 2CVE-2018-4230 – Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver
https://notcve.org/view.php?id=CVE-2018-4230
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.5 se han visto afectadas. • https://www.exploit-db.com/exploits/44847 http://www.securitytracker.com/id/1041027 https://bugs.chromium.org/p/project-zero/issues/detail?id=1549 https://support.apple.com/HT208849 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4236
https://notcve.org/view.php?id=CVE-2018-4236
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.5 se han visto afectadas. • http://www.securitytracker.com/id/1041027 https://support.apple.com/HT208849 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4219
https://notcve.org/view.php?id=CVE-2018-4219
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "ATS" component. It allows attackers to gain privileges via a crafted app that leverages type confusion. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.5 se han visto afectadas. • http://www.securitytracker.com/id/1041027 https://support.apple.com/HT208849 • CWE-704: Incorrect Type Conversion or Cast •