Search
Total
5437 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13829 | 1 Apple | 1 Mac Os X | 2017-11-27 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFNetwork" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2017-13830 | 1 Apple | 1 Mac Os X | 2017-11-27 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2017-13831 | 1 Apple | 1 Mac Os X | 2017-11-27 | 5.8 MEDIUM | 7.1 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service via a crafted image. | |||||
| CVE-2017-13819 | 1 Apple | 1 Mac Os X | 2017-11-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HelpViewer" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML documents. | |||||
| CVE-2017-13818 | 1 Apple | 1 Mac Os X | 2017-11-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
| CVE-2017-13817 | 1 Apple | 1 Mac Os X | 2017-11-27 | 2.1 LOW | 5.5 MEDIUM |
| An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions. | |||||
| CVE-2017-13816 | 1 Apple | 1 Mac Os X | 2017-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file. | |||||
| CVE-2017-13815 | 1 Apple | 1 Mac Os X | 2017-11-27 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "file" product. Versions before 5.31 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2017-13814 | 1 Apple | 1 Mac Os X | 2017-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file. | |||||
| CVE-2017-13813 | 1 Apple | 1 Mac Os X | 2017-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file. | |||||
| CVE-2017-13812 | 1 Apple | 1 Mac Os X | 2017-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted archive file. | |||||
| CVE-2017-13811 | 1 Apple | 1 Mac Os X | 2017-11-27 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "fsck_msdos" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2017-13810 | 1 Apple | 1 Mac Os X | 2017-11-27 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to obtain sensitive information by leveraging an error in packet counters. | |||||
| CVE-2017-13809 | 1 Apple | 1 Mac Os X | 2017-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "AppleScript" component. It allows remote attackers to execute arbitrary code via a crafted AppleScript file that is mishandled by osadecompile. | |||||
| CVE-2017-13808 | 1 Apple | 1 Mac Os X | 2017-11-27 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Remote Management" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2017-13807 | 1 Apple | 1 Mac Os X | 2017-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted QuickTime file. | |||||
| CVE-2017-13800 | 1 Apple | 1 Mac Os X | 2017-11-27 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2017-13801 | 1 Apple | 1 Mac Os X | 2017-11-27 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search. | |||||
| CVE-2017-13782 | 1 Apple | 1 Mac Os X | 2017-11-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a /dev/dtracehelper attack involving the dtrace_dif_variable and dtrace_getarg functions. | |||||
| CVE-2016-4736 | 1 Apple | 1 Mac Os X | 2017-11-14 | 9.3 HIGH | 8.8 HIGH |
| libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2015-3113 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2017-11-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015. | |||||
| CVE-2014-8517 | 2 Apple, Netbsd | 2 Mac Os X, Netbsd | 2017-11-06 | 7.5 HIGH | N/A |
| The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. | |||||
| CVE-2015-8472 | 2 Apple, Libpng | 2 Mac Os X, Libpng | 2017-11-04 | 7.5 HIGH | 7.3 HIGH |
| Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. | |||||
| CVE-2017-7138 | 1 Apple | 1 Mac Os X | 2017-10-26 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner. | |||||
| CVE-2017-7141 | 1 Apple | 1 Mac Os X | 2017-10-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via an HTML email message. | |||||
| CVE-2017-7082 | 1 Apple | 1 Mac Os X | 2017-10-26 | 2.1 LOW | 2.4 LOW |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Screen Lock" component. It allows physically proximate attackers to read Application Firewall prompts. | |||||
| CVE-2017-7077 | 1 Apple | 1 Mac Os X | 2017-10-26 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2017-7076 | 1 Apple | 1 Mac Os X | 2017-10-26 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file. | |||||
| CVE-2017-7074 | 1 Apple | 1 Mac Os X | 2017-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "AppSandbox" component. It allows attackers to cause a denial of service via a crafted app. | |||||
| CVE-2017-7121 | 1 Apple | 1 Mac Os X | 2017-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2017-7119 | 1 Apple | 1 Mac Os X | 2017-10-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
| CVE-2017-7125 | 1 Apple | 1 Mac Os X | 2017-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2017-7126 | 1 Apple | 1 Mac Os X | 2017-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2017-7124 | 1 Apple | 1 Mac Os X | 2017-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2017-7122 | 1 Apple | 1 Mac Os X | 2017-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2017-7123 | 1 Apple | 1 Mac Os X | 2017-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2017-2533 | 1 Apple | 1 Mac Os X | 2017-10-25 | 7.6 HIGH | 7.0 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2007-0345 | 1 Apple | 1 Mac Os X | 2017-10-19 | 6.8 MEDIUM | N/A |
| The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil. | |||||
| CVE-2007-0355 | 1 Apple | 2 Mac Os X, Minimal Slp Service Agent | 2017-10-19 | 7.2 HIGH | N/A |
| Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field. | |||||
| CVE-2004-0539 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-10-12 | 10.0 HIGH | N/A |
| The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code. | |||||
| CVE-2004-0538 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-10-12 | 7.5 HIGH | N/A |
| LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user. | |||||
| CVE-2007-2736 | 9 Achievo, Apple, Hp and 6 more | 18 Achievo, A Ux, Mac Os X and 15 more | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. | |||||
| CVE-2007-0464 | 2 Apple, Cfnetwork | 2 Mac Os X, Cfnetwork | 2017-10-11 | 5.0 MEDIUM | N/A |
| The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference. | |||||
| CVE-2007-0236 | 1 Apple | 1 Mac Os X | 2017-10-11 | 10.0 HIGH | N/A |
| Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow. | |||||
| CVE-2004-0923 | 2 Apple, Easy Software Products | 3 Mac Os X, Mac Os X Server, Cups | 2017-10-11 | 2.1 LOW | N/A |
| CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords. | |||||
| CVE-2004-0823 | 2 Apple, Openldap | 3 Mac Os X, Mac Os X Server, Openldap | 2017-10-11 | 7.5 HIGH | N/A |
| OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them. | |||||
| CVE-2004-0803 | 9 Apple, Kde, Libtiff and 6 more | 13 Mac Os X, Mac Os X Server, Kde and 10 more | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. | |||||
| CVE-2004-0886 | 9 Apple, Kde, Libtiff and 6 more | 13 Mac Os X, Mac Os X Server, Kde and 10 more | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. | |||||
| CVE-2002-1268 | 1 Apple | 1 Mac Os X | 2017-10-10 | 4.6 MEDIUM | N/A |
| Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD." | |||||
| CVE-2002-1267 | 1 Apple | 1 Mac Os X | 2017-10-10 | 5.0 MEDIUM | N/A |
| Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible." | |||||