Total
5524 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-2534 | 1 Apple | 1 Mac Os X | 2019-10-02 | 6.8 MEDIUM | 8.6 HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks via a crafted app. | |||||
CVE-2017-2535 | 1 Apple | 1 Mac Os X | 2019-10-02 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Security" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (resource consumption) via a crafted app. | |||||
CVE-2018-5383 | 2 Apple, Google | 3 Iphone Os, Mac Os X, Android | 2019-10-02 | 4.3 MEDIUM | 6.8 MEDIUM |
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. | |||||
CVE-2018-4227 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration. | |||||
CVE-2017-2509 | 1 Apple | 1 Mac Os X | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
CVE-2017-2516 | 1 Apple | 1 Mac Os X | 2019-10-02 | 4.3 MEDIUM | 5.0 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
CVE-2017-2502 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreAudio" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
CVE-2017-2518 | 2 Apple, Debian | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. | |||||
CVE-2017-2519 | 2 Apple, Debian | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement. | |||||
CVE-2017-13851 | 1 Apple | 1 Mac Os X | 2019-10-02 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files. | |||||
CVE-2017-2520 | 2 Apple, Debian | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. | |||||
CVE-2018-4202 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to spoof a password prompt. | |||||
CVE-2017-2474 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. An off-by-one error allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2017-7150 | 1 Apple | 1 Mac Os X | 2019-10-02 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click. | |||||
CVE-2018-4180 | 3 Apple, Canonical, Debian | 3 Mac Os X, Ubuntu Linux, Debian Linux | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. | |||||
CVE-2018-4182 | 1 Apple | 1 Mac Os X | 2019-10-02 | 7.2 HIGH | 8.2 HIGH |
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. | |||||
CVE-2018-4173 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app. | |||||
CVE-2018-4181 | 3 Apple, Canonical, Debian | 3 Mac Os X, Ubuntu Linux, Debian Linux | 2019-10-02 | 4.9 MEDIUM | 5.5 MEDIUM |
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. | |||||
CVE-2018-4174 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface. | |||||
CVE-2018-4183 | 1 Apple | 1 Mac Os X | 2019-10-02 | 7.2 HIGH | 8.2 HIGH |
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions. |