CVE-2024-45596

Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId...

SUSE CVE-2018-4089

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial o...

CVE-2017-13889

CVE-2017-13889 affects macOS High Sierra prior to 10.13.3, with a logic error in credentials validation. Apple’s security content notes the issue as a memory/validation flaw in credential handling, addressed by improved credential validation in Security Update 2018-001 Sierra/El Capitan and the 1...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Safari

CVE-2018-4121 - Safari Wasm Sections POC RCE Exploit by MWR L...

CVE-2018-4091

An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. It allows bypass of a sandbox protection mechanism...

CVE-2018-4097

An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app...

CVE-2018-4083

An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Touch Bar Support" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...

Memory corruption

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is...

Memory corruption

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is...

CVE-2018-4090

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a...

CVE-2018-4083

An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Touch Bar Support" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...

Mac OS X APFS Encrypted Volume Password Disclosure

This module exploits a flaw in OSX 10.13 through 10.13.3 that discloses the passwords of encrypted APFS volumes. In OSX a normal user can use the 'log' command to view the system logs. In OSX 10.13 to 10.13.2 when a user creates an encrypted APFS volume the password is visible in plaintext within...

macOS 10.13.3 Supplemental Update

The remote host is running a version of macOS 10.13.3 that is missing the macOS 10.13.3 Supplemental Update. This update fixes an input- validation flaw, which allows an attacker to cause memory corruption leading to application crashes and potentially to arbitrary code execution. TRUSTED...

Apple Promises Fix for Latest ‘Text Bomb’ Bug As Abuse Spreads

UPDATE Apple said it is working on a fix for the latest text bomb bug that crashes a number of iOS and Mac apps that display specific Telugu language characters. On Monday, it made good on the promise and announced the availability of a patch CVE-2018-4124 for iOS 11.2.6, watchOS 4.2.3, tvOS...

Apple macOS High Sierra IOHIDFamily Memory Corruption Vulnerability

Apple macOS High Sierra is a proprietary operating system developed by Apple for Mac computers, of which the IOHIDFamily API is a component of the Kernel Extension Abstract Interface for Human Interface Devices API. A security vulnerability exists in the IOHIDFamily component in Apple macOS High...

CVE-2018-4096

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is...

Apple macOS High Sierra Wi-Fi Memory Read Vulnerability

Apple macOS High Sierra is a specialized operating system developed by Apple for Mac computers.Wi-Fi is one of the wireless Internet components. A security vulnerability exists in the Wi-Fi component of Apple macOS High Sierra versions prior to 10.13.3. An attacker could exploit the vulnerability...