CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-4371
https://notcve.org/view.php?id=CVE-2018-4371
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. Se abordó un problema de lectura fuera de límites con una validación de entradas mejorada. Este problema afectaba a iOS en versiones anteriores a la 12.1; macOS Mojave en versiones anteriores a la 10.14.1; tvOS en versiones anteriores a la 12.1 y watchOS 5.1. • https://support.apple.com/kb/HT209192 https://support.apple.com/kb/HT209193 https://support.apple.com/kb/HT209194 https://support.apple.com/kb/HT209195 • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4422 – Apple macOS IOFramebufferUserClient Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-4422
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1. Un problema de corrupción de memoria se abordó con una gestión de memoria mejorada. Este problema afectaba a macOS Mojave en versiones anteriores a la 10.14.1. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. • https://support.apple.com/kb/HT209193 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-4413 – Apple macOS sysctl_procargsx Uninitialized Buffer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-4413
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. Un problema de inicialización de memoria se abordó con una gestión de memoria mejorada. Este problema afectaba a iOS en versiones anteriores a la 12.1, macOS Mojave en versiones anteriores a la 10.14.1, tvOS en versiones anteriores a la 12.1, watchOS en versiones anteriores a la 5.1. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. • https://support.apple.com/kb/HT209192 https://support.apple.com/kb/HT209193 https://support.apple.com/kb/HT209194 https://support.apple.com/kb/HT209195 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4410 – Apple macOS AppleGraphicsDevicePolicy Out-Of-Bounds Access Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-4410
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.1. Un problema de corrupción de memoria se abordó con una validación de entradas mejorada. Este problema afectaba a macOS Mojave en versiones anteriores a la 10.14.1. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. • https://support.apple.com/kb/HT209193 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 52%CPEs: 14EXPL: 1CVE-2018-12015 – perl: Directory traversal in Archive::Tar
https://notcve.org/view.php?id=CVE-2018-12015
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. En Perl hasta la versión 5.26.2, el módulo Archive::Tar permite que atacantes remotos omitan un mecanismo de protección de salto de directorio y sobrescriban archivos arbitrarios mediante un archivo comprimido que contiene un symlink y un archivo normal con el mismo nombre. It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter. • http://seclists.org/fulldisclosure/2019/Mar/49 http://www.securityfocus.com/bid/104423 http://www.securitytracker.com/id/1041048 https://access.redhat.com/errata/RHSA-2019:2097 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834 https://seclists.org/bugtraq/2019/Mar/42 https://security.netapp.com/advisory/ntap-20180927-0001 https://support.apple.com/kb/HT209600 https://usn.ubuntu.com/3684-1 https://usn.ubuntu.com/3684-2 https://www.debian.org/security/2018& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •