National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.1.4
There are 2,948 matching records.
Displaying matches 341 through 360.
Vuln ID Summary CVSS Severity
CVE-2018-4935

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Published: May 19, 2018; 01:29:01 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2018-4934

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Published: May 19, 2018; 01:29:01 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2018-4933

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Published: May 19, 2018; 01:29:01 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2018-4932

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Published: May 19, 2018; 01:29:01 PM -04:00
V3.0: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2018-4920

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Published: May 19, 2018; 01:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2018-4919

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Published: May 19, 2018; 01:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.

Published: May 08, 2018; 02:29:00 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2018-4173

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.

Published: April 13, 2018; 01:29:00 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-4176

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Images" component. It allows attackers to trigger an app launch upon mounting a crafted disk image.

Published: April 03, 2018; 02:29:08 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-4175

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app.

Published: April 03, 2018; 02:29:08 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-4174

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.

Published: April 03, 2018; 02:29:08 AM -04:00
V3.0: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-4170

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution.

Published: April 03, 2018; 02:29:07 AM -04:00
V3.0: 7.8 HIGH
    V2: 2.1 LOW
CVE-2018-4167

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

Published: April 03, 2018; 02:29:07 AM -04:00
V3.0: 7.0 HIGH
    V2: 7.6 HIGH
CVE-2018-4166

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

Published: April 03, 2018; 02:29:07 AM -04:00
V3.0: 7.0 HIGH
    V2: 7.6 HIGH
CVE-2018-4160

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.

Published: April 03, 2018; 02:29:07 AM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2018-4158

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

Published: April 03, 2018; 02:29:07 AM -04:00
V3.0: 7.0 HIGH
    V2: 7.6 HIGH
CVE-2018-4157

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

Published: April 03, 2018; 02:29:07 AM -04:00
V3.0: 7.0 HIGH
    V2: 7.6 HIGH
CVE-2018-4156

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

Published: April 03, 2018; 02:29:07 AM -04:00
V3.0: 7.0 HIGH
    V2: 7.6 HIGH
CVE-2018-4155

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

Published: April 03, 2018; 02:29:07 AM -04:00
V3.0: 7.0 HIGH
    V2: 7.6 HIGH
CVE-2018-4154

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

Published: April 03, 2018; 02:29:07 AM -04:00
V3.0: 7.0 HIGH
    V2: 7.6 HIGH