| # | Code | Description |
|---|---|---|
| CVE-2018-4310 | code | MediaRemote: An access issue was addressed with additional sandbox restrictions |
| CVE-2018-4991 | code | Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability. Successful exploitation could lead to a security bypass |
| CVE-2018-8412 | code | An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability." This affects Microsoft Office |
| CVE-2019-8513 | code | TimeMachine: A local user may be able to execute arbitrary shell commands |
| CVE-2019-8530 | code | XPC: A malicious application may be able to overwrite arbitrary files |
| CVE-2019-8521 | code | Feedback Assistant: A malicious application may be able to overwrite arbitrary files |
| CVE-2019-8565 | code | Feedback Assistant: A malicious application may be able to gain root privileges |
| [N/A] | code | Patched before report, No CVE assigned. Full Safari logic sandbox escape up to macOS 10.13.6 |
| [N/A] | code ModJack HITB 2019 talk | Root to kernel privilege escalation on macOS 10.13.x. No CVE assigned. |
| CVE-2020-9979 | code | Assets: An attacker may be able to misuse a trust relationship to download malicious content |