1339 matches found
CVE-2018-4156
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app...
CVE-2018-4167
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a...
CVE-2018-4136
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service out-of-bounds read via a crafted app...
CVE-2018-4143
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause...
CVE-2018-4151
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app...
CVE-2018-4139
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...
CVE-2018-4132
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...
CVE-2018-4098
An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...
CVE-2017-13827
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that performs kext loading...
CVE-2018-9143
On Samsung mobile devices with M6.0 and N7.x software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991...
Microsoft Windows Palette Object Race Condition Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32k.sys...
Microsoft Windows Palette Object Race Condition Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32k.sys...
The vulnerability of the Remote Management component of the Mac OS X operating system allows a hacker to trigger a maintenance failure or execute arbitrary code in a privileged context.
The vulnerability of the Remote Management component of the Mac OS X operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in privileged context, or trigger a service failure...
Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-002)
According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the...
hw: cpu: speculative execution branch target injection
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...
CVE-2017-7155
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...
CVE-2017-7163
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...
PT-2017-13147
Name of the Vulnerable Software and Affected Versions iOS versions prior to 11.2 macOS versions prior to 10.13.2 Description The issue involves the IOKit component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted...
ThinPrint TPView JPEG2000 Parsing Out-Of-Bounds Write Privilege Escalation Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ThinPrint. An attacker must first obtain the ability to execute low-privileged code on the guest system in order to exploit this vulnerability. The specific flaw exists within JPEG2000 parsing. The...
Microsoft Windows EngLockSurface Time-Of-Check Time-Of-Use Race Condition Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...