CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4289 – Apple Security Advisory 2018-10-30-14
https://notcve.org/view.php?id=CVE-2018-4289
09 Jul 2018 — An information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6. Se abordaron múltiples problemas de corrupción de memoria con una gestión de memoria mejorada. Este problema afectaba a macOS High Sierra en versiones anteriores a la 10.13.6. macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan address buffer overflow, code execution, denial of service, information leakage, and null pointe... • https://support.apple.com/kb/HT208937 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4178 – Apple Security Advisory 2018-10-30-14
https://notcve.org/view.php?id=CVE-2018-4178
09 Jul 2018 — A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4. Existía un problema de permisos en el que se permitía la ejecución de permisos de manera incorrecta. Este problema se abordó con una validación de permisos mejorada. • https://support.apple.com/kb/HT208937 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 4%CPEs: 14EXPL: 1CVE-2018-12015 – perl: Directory traversal in Archive::Tar
https://notcve.org/view.php?id=CVE-2018-12015
07 Jun 2018 — In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. En Perl hasta la versión 5.26.2, el módulo Archive::Tar permite que atacantes remotos omitan un mecanismo de protección de salto de directorio y sobrescriban archivos arbitrarios mediante un archivo comprimido que contiene un symlink y un archivo normal con el mismo nombre. ... • http://seclists.org/fulldisclosure/2019/Mar/49 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 10%CPEs: 4EXPL: 2CVE-2018-4240 – Apple macOS 10.13.4 - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2018-4240
01 Jun 2018 — An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.4, las versiones de macOS anteriores a la 10.13.5, las versiones de tvOS anteriores a la 11.4 y las versiones de... • https://packetstorm.news/files/id/149330 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-4242 – Apple Security Advisory 2018-10-30-2
https://notcve.org/view.php?id=CVE-2018-4242
01 Jun 2018 — An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Hypervisor" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.5 se han visto afectadas. • https://github.com/yeonnic/Look-at-The-XNU-Through-A-Tube-CVE-2018-4242-Write-up-Translation- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-4221 – Apple Security Advisory 2018-06-01-1
https://notcve.org/view.php?id=CVE-2018-4221
01 Jun 2018 — An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11.4 y las versiones de macOS anteriores a la 10.13.5. • http://www.securityfocus.com/bid/104897 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4251 – Apple Security Advisory 2018-06-01-1
https://notcve.org/view.php?id=CVE-2018-4251
01 Jun 2018 — An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Firmware" component. It allows attackers to modify the EFI flash-memory region that a crafted app that has root access. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.5 se han visto afectadas. • http://seclists.org/fulldisclosure/2019/Mar/45 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 2CVE-2018-4237 – Apple macOS task_set_special_port Port Overwrite Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-4237
01 Jun 2018 — An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logic error. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.4, las versiones de macOS anteriores a la 10.13.5, las versiones de tvOS anteriores a la 11.4 y las versio... • https://packetstorm.news/files/id/150488 •
CVSS: 9.3EPSS: 6%CPEs: 4EXPL: 4CVE-2018-4243 – Apple macOS/iOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist
https://notcve.org/view.php?id=CVE-2018-4243
01 Jun 2018 — An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code in a privileged context via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.4, las versiones de macOS anteriores a la 10.13.5, las versiones de tvO... • https://packetstorm.news/files/id/148062 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-4225 – Apple Security Advisory 2018-06-01-1
https://notcve.org/view.php?id=CVE-2018-4225
01 Jun 2018 — An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on Keychain state modifications. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11.4, las versiones de macO... • http://www.securityfocus.com/bid/104889 • CWE-20: Improper Input Validation •