CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4176
https://notcve.org/view.php?id=CVE-2018-4176
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Images" component. It allows attackers to trigger an app launch upon mounting a crafted disk image. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4106
https://notcve.org/view.php?id=CVE-2018-4106
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the "Terminal" component. It allows user-assisted attackers to inject arbitrary commands within pasted content. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2018-4139 – Apple macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules
https://notcve.org/view.php?id=CVE-2018-4139
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • https://packetstorm.news/files/id/147420 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4105
https://notcve.org/view.php?id=CVE-2018-4105
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "APFS" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4107
https://notcve.org/view.php?id=CVE-2018-4107
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "PDFKit" component. It allows remote attackers to bypass intended restrictions on visiting URLs within a PDF document. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7170
https://notcve.org/view.php?id=CVE-2017-7170
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Security" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.1 se han visto afectadas. • https://support.apple.com/HT208221 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4112
https://notcve.org/view.php?id=CVE-2018-4112
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "ATS" component. It allows attackers to obtain sensitive information by leveraging symlink mishandling. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4136
https://notcve.org/view.php?id=CVE-2018-4136
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4170
https://notcve.org/view.php?id=CVE-2018-4170
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4132
https://notcve.org/view.php?id=CVE-2018-4132
03 Apr 2018 — An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.4 se han visto afectadas. • http://www.securityfocus.com/bid/103582 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •