CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4234
https://notcve.org/view.php?id=CVE-2018-4234
01 Jun 2018 — An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.5 se han visto afectadas. • http://www.securitytracker.com/id/1041027 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4236
https://notcve.org/view.php?id=CVE-2018-4236
01 Jun 2018 — An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.5 se han visto afectadas. • http://www.securitytracker.com/id/1041027 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 5CVE-2018-8897 – Microsoft Windows - 'POP/MOV SS' Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-8897
08 May 2018 — A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, ... • https://www.exploit-db.com/exploits/44697 • CWE-250: Execution with Unnecessary Privileges CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 10%CPEs: 4EXPL: 2CVE-2018-4206 – Apple macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules
https://notcve.org/view.php?id=CVE-2018-4206
26 Apr 2018 — An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a privileged port name. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.3.1, la... • https://www.exploit-db.com/exploits/44562 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-4187
https://notcve.org/view.php?id=CVE-2018-4187
26 Apr 2018 — An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.3.1, las versiones de macOS anteriores a la 10.13.4 Security Update 2018-001 se han visto afectadas. • http://www.securityfocus.com/bid/103957 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-4173
https://notcve.org/view.php?id=CVE-2018-4173
13 Apr 2018 — An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11,3 y las versiones de macOS anteriores a la 10.13. • https://support.apple.com/HT208692 • CWE-269: Improper Privilege Management •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4111
https://notcve.org/view.php?id=CVE-2018-4111
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4132
https://notcve.org/view.php?id=CVE-2018-4132
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4170
https://notcve.org/view.php?id=CVE-2018-4170
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4106
https://notcve.org/view.php?id=CVE-2018-4106
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the "Terminal" component. It allows user-assisted attackers to inject arbitrary commands within pasted content. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •