Filtered by vendor Apple
Subscribe
Total
12299 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2493 | 2 Apple, Microsoft | 5 Icloud, Iphone Os, Safari and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted elements on a web site. | |||||
| CVE-2017-2492 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling. | |||||
| CVE-2017-2488 | 1 Apple | 1 Remote Desktop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Secure Remote Password authentication protocol. This issue is fixed in Apple Remote Desktop 3.9. An attacker may be able to capture cleartext passwords. | |||||
| CVE-2017-2411 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates. | |||||
| CVE-2017-2375 | 1 Apple | 1 Iphone Os | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history are sent to iCloud. | |||||
| CVE-2017-18248 | 1 Apple | 1 Cups | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. | |||||
| CVE-2017-18190 | 3 Apple, Canonical, Debian | 3 Cups, Ubuntu Linux, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). | |||||
| CVE-2017-17689 | 16 9folders, Apple, Bloop and 13 more | 17 Nine, Mail, Airmail and 14 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | |||||
| CVE-2017-17688 | 11 Apple, Bloop, Emclient and 8 more | 11 Mail, Airmail, Emclient and 8 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification | |||||
| CVE-2017-16945 | 2 Apple, Haystacksoftware | 2 Macos, Arq | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path. | |||||
| CVE-2017-16928 | 2 Apple, Haystacksoftware | 2 Macos, Arq | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip. | |||||
| CVE-2017-13911 | 1 Apple | 1 Mac Os X | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS X El Capitan 10.11.6 Security Update 2018-002, macOS Sierra 10.12.6 Security Update 2018-002, macOS High Sierra 10.13.2. | |||||
| CVE-2017-13910 | 1 Apple | 1 Mac Os X | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files. | |||||
| CVE-2017-13909 | 1 Apple | 1 Mac Os X | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens. | |||||
| CVE-2017-13908 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue in handling file permissions was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A local attacker may be able to execute non-executable text files via an SMB share. | |||||
| CVE-2017-13907 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked. | |||||
| CVE-2017-13906 | 1 Apple | 1 Mac Os X | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A malicious application may be able to elevate privileges. | |||||
| CVE-2017-13905 | 1 Apple | 5 Iphone Os, Mac Os X, Macos and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges. | |||||
| CVE-2017-13904 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2017-13892 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected data sharing. | |||||