Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.0.0
There are 3,015 matching records.
Displaying matches 401 through 420.
Vuln ID Summary CVSS Severity
CVE-2017-7836

The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. Note: This attack requires an attacker have local system access and only affects OS X and Linux. Windows systems are not affected. This vulnerability affects Firefox < 57.

Published: June 11, 2018; 5:29:11 PM -0400
V3.0: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2017-7825

Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Published: June 11, 2018; 5:29:11 PM -0400
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2018-4253

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "AMD" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read of kernel memory) via a crafted app.

Published: June 08, 2018; 2:29:02 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 7.1 HIGH
CVE-2018-4251

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Firmware" component. It allows attackers to modify the EFI flash-memory region that a crafted app that has root access.

Published: June 08, 2018; 2:29:02 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 7.1 HIGH
CVE-2018-4249

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglr_ipfilter_input in com.apple.packet-mangler in the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow and stack-based buffer overflow) via a crafted app.

Published: June 08, 2018; 2:29:02 PM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2018-4243

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code in a privileged context via a crafted app.

Published: June 08, 2018; 2:29:02 PM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2018-4242

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Hypervisor" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: June 08, 2018; 2:29:02 PM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2018-4241

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary code in a privileged context via a crafted app.

Published: June 08, 2018; 2:29:02 PM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2018-4240

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.

Published: June 08, 2018; 2:29:02 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-4237

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logic error.

Published: June 08, 2018; 2:29:02 PM -0400
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-4236

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: June 08, 2018; 2:29:02 PM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2018-4235

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows local users to perform impersonation attacks via an unspecified injection.

Published: June 08, 2018; 2:29:02 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2018-4234

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: June 08, 2018; 2:29:02 PM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2018-4230

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition.

Published: June 08, 2018; 2:29:01 PM -0400
V3.0: 7.0 HIGH
V2.0: 7.6 HIGH
CVE-2018-4229

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Grand Central Dispatch" component. It allows attackers to bypass a sandbox protection mechanism by leveraging the misparsing of entitlement plists.

Published: June 08, 2018; 2:29:01 PM -0400
V3.0: 10.0 CRITICAL
V2.0: 10.0 HIGH
CVE-2018-4228

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages a race condition.

Published: June 08, 2018; 2:29:01 PM -0400
V3.0: 7.0 HIGH
V2.0: 7.6 HIGH
CVE-2018-4227

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration.

Published: June 08, 2018; 2:29:01 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-4226

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of sensitive user information.

Published: June 08, 2018; 2:29:01 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2018-4225

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on Keychain state modifications.

Published: June 08, 2018; 2:29:01 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2018-4224

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent device identifier.

Published: June 08, 2018; 2:29:01 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW