Product:

Mac_os_x

(Apple)
Date Id Summary Products Score Patch Annotated
2019-04-03 CVE-2018-4470 A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6. Mac_os_x 3.3
2018-06-08 CVE-2018-4229 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Grand Central Dispatch" component. It allows attackers to bypass a sandbox protection mechanism by leveraging the misparsing of entitlement plists. Mac_os_x 10.0
2019-01-11 CVE-2018-4217 In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing. Mac_os_x 7.5
2018-06-08 CVE-2018-4184 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Speech" component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access. Mac_os_x 7.5
2019-04-03 CVE-2018-4178 A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4. Mac_os_x 5.5
2018-04-03 CVE-2018-4111 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature. Mac_os_x 5.9
2018-04-03 CVE-2018-4106 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the "Terminal" component. It allows user-assisted attackers to inject arbitrary commands within pasted content. Mac_os_x 8.8
2018-06-07 CVE-2018-12015 In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. Mac_os_x, Archive\:\:tar, Ubuntu_linux, Debian_linux, Data_ontap_edge, Oncommand_workflow_automation, Snap_creator_framework, Snapdrive, Perl 7.5
2017-04-02 CVE-2017-2429 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "FinderKit" component. It allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging unexpected permission changes during an iCloud Sharing Send Link action. Mac_os_x 7.5
2017-07-13 CVE-2017-11103 Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE... Iphone_os, Mac_os_x, Debian_linux, Freebsd, Heimdal, Samba N/A