Apple macOS vulnerabilities

CVE-2018-14462 [HIGH] CWE-125 CVE-2018-14462: The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().

CVE-2019-15165 [MEDIUM] CWE-770 CVE-2019-15165: sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocati sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

CVE-2019-9506 [HIGH] CWE-310 CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encrypti The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

CVE-2019-11041 [HIGH] CWE-125 CVE-2019-11041: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() functio When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

CVE-2019-11042 [HIGH] CWE-125 CVE-2019-11042: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() functio When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

CVE-2019-13565 [HIGH] CVE-2019-13565: An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session en An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is re

CVE-2019-13057 [MEDIUM] CVE-2019-13057: An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator deleg An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or

CVE-2019-13118 [MEDIUM] CWE-843 CVE-2019-13118: In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

CVE-2018-4288 [CRITICAL] CWE-119 CVE-2018-4288: Multiple memory corruption issues were addressed with improved memory handling. This issue affected Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

CVE-2018-4353 [CRITICAL] CWE-20 CVE-2018-4353: A configuration issue was addressed with additional restrictions. This issue affected versions prior A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4291 [CRITICAL] CWE-119 CVE-2018-4291: Multiple memory corruption issues were addressed with improved memory handling. This issue affected Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

CVE-2018-4332 [CRITICAL] CWE-119 CVE-2018-4332: A memory corruption issue was addressed with improved memory handling. This issue affected versions A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

CVE-2018-4310 [CRITICAL] CWE-269 CVE-2018-4310: An access issue was addressed with additional sandbox restrictions. This issue affected versions pri An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.

CVE-2018-4286 [CRITICAL] CWE-119 CVE-2018-4286: Multiple memory corruption issues were addressed with improved memory handling. This issue affected Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

CVE-2018-4259 [CRITICAL] CWE-119 CVE-2018-4259: Multiple memory corruption issues were addressed with improved memory handling. This issue affected Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

CVE-2018-4295 [CRITICAL] CWE-20 CVE-2018-4295: An input validation issue was addressed with improved input validation. This issue affected versions An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4287 [CRITICAL] CWE-119 CVE-2018-4287: Multiple memory corruption issues were addressed with improved memory handling. This issue affected Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

CVE-2018-4331 [CRITICAL] CWE-119 CVE-2018-4331: A memory corruption issue was addressed with improved memory handling. This issue affected versions A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

CVE-2018-4268 [CRITICAL] CWE-119 CVE-2018-4268: A memory corruption issue was addressed with improved memory handling. This issue affected versions A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

CVE-2018-4411 [HIGH] CWE-119 CVE-2018-4411: A memory corruption issue was addressed with improved input validation. This issue affected versions A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.