National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.5.2
There are 1,441 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2018-5383

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

Published: August 07, 2018; 05:29:00 PM -04:00
V3: 6.8 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-4253

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "AMD" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read of kernel memory) via a crafted app.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 5.5 MEDIUM
V2: 7.1 HIGH
CVE-2018-4251

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Firmware" component. It allows attackers to modify the EFI flash-memory region that a crafted app that has root access.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 5.5 MEDIUM
V2: 7.1 HIGH
CVE-2018-4249

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglr_ipfilter_input in com.apple.packet-mangler in the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow and stack-based buffer overflow) via a crafted app.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-4243

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code in a privileged context via a crafted app.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-4242

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Hypervisor" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-4241

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary code in a privileged context via a crafted app.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-4240

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-4237

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logic error.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-4236

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-4235

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows local users to perform impersonation attacks via an unspecified injection.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-4234

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: June 08, 2018; 02:29:02 PM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-4230

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition.

Published: June 08, 2018; 02:29:01 PM -04:00
V3: 7.0 HIGH
V2: 7.6 HIGH
CVE-2018-4229

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Grand Central Dispatch" component. It allows attackers to bypass a sandbox protection mechanism by leveraging the misparsing of entitlement plists.

Published: June 08, 2018; 02:29:01 PM -04:00
V3: 10.0 CRITICAL
V2: 10.0 HIGH
CVE-2018-4228

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages a race condition.

Published: June 08, 2018; 02:29:01 PM -04:00
V3: 7.0 HIGH
V2: 7.6 HIGH
CVE-2018-4227

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration.

Published: June 08, 2018; 02:29:01 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-4226

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of sensitive user information.

Published: June 08, 2018; 02:29:01 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-4225

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on Keychain state modifications.

Published: June 08, 2018; 02:29:01 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-4224

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent device identifier.

Published: June 08, 2018; 02:29:01 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-4223

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent account identifier.

Published: June 08, 2018; 02:29:01 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW