CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-4173
https://notcve.org/view.php?id=CVE-2018-4173
13 Apr 2018 — An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11,3 y las versiones de macOS anteriores a la 10.13. • https://support.apple.com/HT208692 • CWE-269: Improper Privilege Management •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4111
https://notcve.org/view.php?id=CVE-2018-4111
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4132
https://notcve.org/view.php?id=CVE-2018-4132
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4170
https://notcve.org/view.php?id=CVE-2018-4170
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4106
https://notcve.org/view.php?id=CVE-2018-4106
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the "Terminal" component. It allows user-assisted attackers to inject arbitrary commands within pasted content. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13850
https://notcve.org/view.php?id=CVE-2017-13850
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Font Importer" component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive information from process memory via a crafted font. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.12.6 se han visto afectadas. • https://support.apple.com/HT207922 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13890
https://notcve.org/view.php?id=CVE-2017-13890
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. macOS before 10.13 is affected. The issue involves the "CoreTypes" component. It allows remote attackers to trigger disk-image mounting via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de macOS anteriores a la 10.13.4 y 10.13. • http://www.securityfocus.com/bid/103579 • CWE-20: Improper Input Validation •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2018-4154
https://notcve.org/view.php?id=CVE-2018-4154
03 Apr 2018 — An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11.3 y las versiones de macOS anteriores a la 10.13. • http://www.securityfocus.com/bid/103581 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2018-4156
https://notcve.org/view.php?id=CVE-2018-4156
03 Apr 2018 — An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11.3 y las versiones de macOS anteriores a la 10.13. • http://www.securityfocus.com/bid/103581 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4175
https://notcve.org/view.php?id=CVE-2018-4175
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-20: Improper Input Validation •