CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13910
https://notcve.org/view.php?id=CVE-2017-13910
An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files. Se abordó un problema de acceso con restricciones adicionales de sandbox en las aplicaciones. Este problema es corregido en macOS High Sierra versión 10.13. • https://support.apple.com/en-us/HT208144 •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2018-4478
https://notcve.org/view.php?id=CVE-2018-4478
A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges. Se abordó un problema de comprobación con una lógica mejorada. Este problema es corregido en macOS High Sierra versión 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. • https://support.apple.com/en-us/HT208849 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13909
https://notcve.org/view.php?id=CVE-2017-13909
An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens. Se presentó un problema en el almacenamiento de tokens confidenciales. • https://support.apple.com/en-us/HT208144 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13835
https://notcve.org/view.php?id=CVE-2017-13835
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges. Se abordó un problema de corrupción de memoria con un manejo de la memoria mejorada. Este problema es corregido en macOS High Sierra versión 10.13. • https://support.apple.com/en-us/HT208144 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.2EPSS: 20%CPEs: 37EXPL: 0CVE-2021-44224 – Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier
https://notcve.org/view.php?id=CVE-2021-44224
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). Un URI diseñado que es enviado a httpd configurado como proxy directo (ProxyRequests on) puede causar un fallo (desreferencia de puntero NULL) o, en el caso de configuraciones que mezclan declaraciones de proxy directo e inverso, puede permitir que las peticiones se dirijan a un endpoint de socket de dominio Unix declarado (Server Side Request Forgery). Este problema afecta a Apache HTTP Server versiones 2.4.7 hasta 2.4.51 (incluyéndola) There's a null pointer dereference and server-side request forgery flaw in httpd's mod_proxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Domain Socket requests. • http://httpd.apache.org/security/vulnerabilities_24.html http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/38 http://www.openwall.com/lists/oss-security/2021/12/20/3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO https:// • CWE-476: NULL Pointer Dereference CWE-918: Server-Side Request Forgery (SSRF) •