CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8606 – Apple macOS kextutil Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-8606
14 May 2019 — A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.5. A local user may be able to load unsigned kernel extensions. Se presentó un problema de comprobación en el manejo de enlaces simbólicos. • https://support.apple.com/HT210119 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 8%CPEs: 4EXPL: 3CVE-2019-8591 – Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
https://notcve.org/view.php?id=CVE-2019-8591
14 May 2019 — A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to cause unexpected system termination or write kernel memory. Un problema de confusión de tipos fue abordado mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.3, macOS Mojave versión 10.14.5, tvOS versión 12.3, watchOS versión 5.2.1. • https://packetstorm.news/files/id/152994 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13911
https://notcve.org/view.php?id=CVE-2017-13911
03 Apr 2019 — A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS X El Capitan 10.11.6 Security Update 2018-002, macOS Sierra 10.12.6 Security Update 2018-002, macOS High Sierra 10.13.2. Un problema de configuración se abordó con restricciones adicionales. El problema afectaba a macOS X El Capitan, en versiones anteriores a 10.11.6 con la actualización de seguridad 2018-002; macOS Sierra, en versiones anteriores a la 10.12.6 con la actualización de seguridad 2018-... • https://support.apple.com/kb/HT208331 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4456 – Apple Security Advisory 2019-5-13-2
https://notcve.org/view.php?id=CVE-2018-4456
03 Apr 2019 — A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14. Un problema de corrupción de memoria se abordó con una validación de entradas mejorada. Este problema afectaba a macOS High Sierra en versiones anteriores a la 10.13.6 y macOS Mojave en versiones anteriores a la 10.14. macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra are now available and addresses bypass and c... • http://seclists.org/fulldisclosure/2019/May/20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4470
https://notcve.org/view.php?id=CVE-2018-4470
03 Apr 2019 — A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6. Un problema de privacidad en la gestión de los registros de Open Directory se abordó con una indexación mejorada. Este problema afectaba a macOS High Sierra en versiones anteriores a la 10.13.6. • https://support.apple.com/kb/HT208937 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4421
https://notcve.org/view.php?id=CVE-2018-4421
03 Apr 2019 — A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1. Un problema de inicialización de memoria se abordó con una gestión de memoria mejorada. Este problema afectaba a macOS Mojave en versiones anteriores a la 10.14.1. • https://support.apple.com/kb/HT209193 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2017-7151
https://notcve.org/view.php?id=CVE-2017-7151
03 Apr 2019 — A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4. Una condición de carrera se abordó con una validación adicional. El problema afectaba a iOS, en versiones anteriores a la 11.2; macOS High Sierra,en versiones anteriores a la 10.13.2; tvOS, en versiones anteriores a la 11.2; watchOS, en versiones anteriores a la 4.2; iTunes para Windows, en versione... • https://support.apple.com/kb/HT208325 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.6EPSS: 28%CPEs: 2EXPL: 2CVE-2019-8565 – Apple Mac OS X - Feedback Assistant Race Condition
https://notcve.org/view.php?id=CVE-2019-8565
26 Mar 2019 — A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to gain root privileges. Una condición de carrera se abordó con comprobación adicional. Este problema es corregido en iOS versión 12.2, macOS Mojave versión 10.14.4. • https://packetstorm.news/files/id/152996 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 1%CPEs: 4EXPL: 3CVE-2019-6207 – Apple Security Advisory 2019-3-25-2
https://notcve.org/view.php?id=CVE-2019-6207
26 Mar 2019 — An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout. Se presentó un problema de lectura fuera de límites que condujo a la divulgación de la memoria del kernel. • https://github.com/maldiohead/CVE-2019-6207 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-6237 – Apple Safari createRenderers Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6237
26 Mar 2019 — Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordaron múltiples problemas de corrupción de memoria mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.3, macOS Mojave versión 10.14.5, tvOS versión 12.3, Safari versión 12.1.1, iTune... • https://support.apple.com/HT210118 • CWE-787: Out-of-bounds Write •