CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13850
https://notcve.org/view.php?id=CVE-2017-13850
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Font Importer" component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive information from process memory via a crafted font. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.12.6 se han visto afectadas. • https://support.apple.com/HT207922 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13890
https://notcve.org/view.php?id=CVE-2017-13890
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. macOS before 10.13 is affected. The issue involves the "CoreTypes" component. It allows remote attackers to trigger disk-image mounting via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de macOS anteriores a la 10.13.4 y 10.13. • http://www.securityfocus.com/bid/103579 • CWE-20: Improper Input Validation •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2018-4154
https://notcve.org/view.php?id=CVE-2018-4154
03 Apr 2018 — An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11.3 y las versiones de macOS anteriores a la 10.13. • http://www.securityfocus.com/bid/103581 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2018-4156
https://notcve.org/view.php?id=CVE-2018-4156
03 Apr 2018 — An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11.3 y las versiones de macOS anteriores a la 10.13. • http://www.securityfocus.com/bid/103581 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4175
https://notcve.org/view.php?id=CVE-2018-4175
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4138
https://notcve.org/view.php?id=CVE-2018-4138
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7170
https://notcve.org/view.php?id=CVE-2017-7170
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Security" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.1 se han visto afectadas. • https://support.apple.com/HT208221 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4176
https://notcve.org/view.php?id=CVE-2018-4176
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Images" component. It allows attackers to trigger an app launch upon mounting a crafted disk image. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7070
https://notcve.org/view.php?id=CVE-2017-7070
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows physically proximate attackers to bypass the screen-locking protection mechanism that should have been in place upon closing the lid. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.12.4 se han visto afectadas. • https://support.apple.com/HT207615 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4108
https://notcve.org/view.php?id=CVE-2018-4108
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Management" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-20: Improper Input Validation •