CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-4336 – Apple Security Advisory 2018-10-30-11
https://notcve.org/view.php?id=CVE-2018-4336
25 Sep 2018 — A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. Un problema de corrupción de memoria se abordó con una gestión de memoria mejorada. Este problema afectaba a iOS en versiones anteriores a la 12, macOS Mojave en versiones anteriores a la 10.14, tvOS en versiones anteriores a la 12, watchOS en versiones anteriores a la 5. APPLE-SA-2018-9-24-4 provides additional information for APPLE-SA-2018-9-17-1. iOS... • https://support.apple.com/kb/HT209106 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4353 – Apple Security Advisory 2018-10-30-9
https://notcve.org/view.php?id=CVE-2018-4353
25 Sep 2018 — A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14. Se abordó un problema de configuración con restricciones adicionales. Este problema afectaba a macOS Mojave en versiones anteriores a la 10.14. macOS Mojave 10.14 addresses buffer overflow, code execution, denial of service, and information leakage vulnerabilities. • https://support.apple.com/kb/HT209139 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4338 – Apple macOS AirPort BrcmNIC Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-4338
17 Sep 2018 — A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. Un problema de validación se abordó con un saneamiento de entradas mejorado. Este problema afectaba a macOS Mojave en versiones anteriores a la 10.14. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. • https://support.apple.com/kb/HT209139 • CWE-20: Improper Input Validation •
CVSS: 8.0EPSS: 0%CPEs: 9EXPL: 0CVE-2018-5383 – Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
https://notcve.org/view.php?id=CVE-2018-5383
23 Jul 2018 — Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. El firmware bluetooth o los controladores de software del sistema operativo en versiones de macOS anteriores a la 10.13, versio... • http://www.cs.technion.ac.il/~biham/BT • CWE-325: Missing Cryptographic Step CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-4180 – cups: Local privilege escalation to root due to insecure environment variable handling
https://notcve.org/view.php?id=CVE-2018-4180
11 Jul 2018 — In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. En macOS High Sierra en versiones anteriores a la 10.13.5, existía un problema en CUPS. Este problema se abordó mediante la mejora de las restricciones de acceso. It was discovered that CUPS allows non-root users to pass environment variables to CUPS backends. • https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html • CWE-642: External Control of Critical State Data •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4183 – Gentoo Linux Security Advisory 201908-08
https://notcve.org/view.php?id=CVE-2018-4183
11 Jul 2018 — In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions. En macOS High Sierra en versiones anteriores a la 10.13.5, se abordó un problema de acceso con restricciones adicionales del sandbox. Multiple vulnerabilities have been found in CUPS, the worst of which could result in the arbitrary execution of code. Versions less than 2.2.8 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=1607284 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-4181 – cups: Manipulation of cupsd.conf by a local attacker resulting in limited reads of arbitrary files as root
https://notcve.org/view.php?id=CVE-2018-4181
11 Jul 2018 — In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. En macOS High Sierra en versiones anteriores a la 10.13.5, existía un problema en CUPS. Este problema se abordó mediante la mejora de las restricciones de acceso. It was discovered that CUPS incorrectly handled certain print jobs with invalid usernames. • https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4182 – Gentoo Linux Security Advisory 201908-08
https://notcve.org/view.php?id=CVE-2018-4182
11 Jul 2018 — In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. En macOS High Sierra en versiones anteriores a la 10.13.5, se abordó un problema de acceso con restricciones adicionales del sandbox en CUPS. Multiple vulnerabilities have been found in CUPS, the worst of which could result in the arbitrary execution of code. Versions less than 2.2.8 are affected. • https://access.redhat.com/security/cve/cve-2018-4182 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4178 – Apple Security Advisory 2018-10-30-14
https://notcve.org/view.php?id=CVE-2018-4178
09 Jul 2018 — A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4. Existía un problema de permisos en el que se permitía la ejecución de permisos de manera incorrecta. Este problema se abordó con una validación de permisos mejorada. • https://support.apple.com/kb/HT208937 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4285 – Apple Security Advisory 2018-10-30-14
https://notcve.org/view.php?id=CVE-2018-4285
09 Jul 2018 — A type confusion issue was addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6. Un problema de confusión de tipo se abordó con una gestión de memoria mejorada. Este problema afectaba a macOS High Sierra en versiones anteriores a la 10.13.6. macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan address buffer overflow, code execution, denial of service, information leakage, and null pointer vulnerabilities. • https://support.apple.com/kb/HT208937 • CWE-704: Incorrect Type Conversion or Cast •