Total
5568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4259 | 1 Apple | 1 Mac Os X | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
|
|||||
| CVE-2018-4258 | 1 Apple | 1 Mac Os X | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking.
|
|||||
| CVE-2018-4257 | 1 Apple | 1 Mac Os X | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation.
|
|||||
| CVE-2018-4256 | 1 Apple | 1 Mac Os X | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.
|
|||||
| CVE-2018-4255 | 1 Apple | 1 Mac Os X | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.
|
|||||
| CVE-2018-4254 | 1 Apple | 1 Mac Os X | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation.
|
|||||
| CVE-2018-4253 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "AMD" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read of kernel memory) via a crafted app.
|
|||||
| CVE-2018-4251 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Firmware" component. It allows attackers to modify the EFI flash-memory region that a crafted app that has root access.
|
|||||
| CVE-2018-4249 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglr_ipfilter_input in com.apple.packet-mangler in the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow and stack-based buffer overflow) via a crafted app.
|
|||||
| CVE-2018-4248 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
|
|||||
| CVE-2018-4243 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code in a privileged context via a crafted app.
|
|||||
| CVE-2018-4242 | 1 Apple | 1 Mac Os X | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Hypervisor" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
|||||
| CVE-2018-4241 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary code in a privileged context via a crafted app.
|
|||||
| CVE-2018-4240 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.
|
|||||
| CVE-2018-4237 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logic error.
|
|||||
| CVE-2018-4236 | 1 Apple | 1 Mac Os X | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
|||||
| CVE-2018-4235 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows local users to perform impersonation attacks via an unspecified injection.
|
|||||
| CVE-2018-4234 | 1 Apple | 1 Mac Os X | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
|||||
| CVE-2018-4230 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.6 HIGH | 7.0 HIGH |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition.
|
|||||
| CVE-2018-4229 | 1 Apple | 1 Mac Os X | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Grand Central Dispatch" component. It allows attackers to bypass a sandbox protection mechanism by leveraging the misparsing of entitlement plists.
|
|||||
| CVE-2018-4228 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.6 HIGH | 7.0 HIGH |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages a race condition.
|
|||||
| CVE-2018-4227 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration.
|
|||||
| CVE-2018-4226 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of sensitive user information.
|
|||||
| CVE-2018-4225 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on Keychain state modifications.
|
|||||
| CVE-2018-4224 | 2 Apple, Microsoft | 7 Apple Tv, Icloud, Iphone Os and 4 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent device identifier.
|
|||||
| CVE-2018-4223 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent account identifier.
|
|||||
| CVE-2018-4221 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates.
|
|||||
| CVE-2018-4219 | 1 Apple | 1 Mac Os X | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "ATS" component. It allows attackers to gain privileges via a crafted app that leverages type confusion.
|
|||||
| CVE-2018-4217 | 1 Apple | 1 Mac Os X | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing.
|
|||||
| CVE-2018-4211 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.
|
|||||
| CVE-2018-4206 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a privileged port name.
|
|||||
| CVE-2018-4203 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
|
|||||
| CVE-2018-4202 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to spoof a password prompt.
|
|||||
| CVE-2018-4198 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "UIKit" component. It allows remote attackers to cause a denial of service via a crafted text file.
|
|||||
| CVE-2018-4196 | 1 Apple | 1 Mac Os X | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or obtain sensitive information via a crafted app.
|
|||||
| CVE-2018-4194 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.
|
|||||
| CVE-2018-4193 | 1 Apple | 1 Mac Os X | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Windows Server" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
|||||
| CVE-2018-4189 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling.
|
|||||
| CVE-2018-4187 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message.
|
|||||
| CVE-2018-4185 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.
|
|||||