Total
5524 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-4227 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration. | |||||
CVE-2017-2534 | 1 Apple | 1 Mac Os X | 2019-10-02 | 6.8 MEDIUM | 8.6 HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks via a crafted app. | |||||
CVE-2018-4251 | 1 Apple | 1 Mac Os X | 2019-10-02 | 7.1 HIGH | 5.5 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Firmware" component. It allows attackers to modify the EFI flash-memory region that a crafted app that has root access. | |||||
CVE-2018-4202 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to spoof a password prompt. | |||||
CVE-2017-7150 | 1 Apple | 1 Mac Os X | 2019-10-02 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click. | |||||
CVE-2017-6981 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that uses symlinks. | |||||
CVE-2018-4180 | 3 Apple, Canonical, Debian | 3 Mac Os X, Ubuntu Linux, Debian Linux | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. | |||||
CVE-2018-4181 | 3 Apple, Canonical, Debian | 3 Mac Os X, Ubuntu Linux, Debian Linux | 2019-10-02 | 4.9 MEDIUM | 5.5 MEDIUM |
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. | |||||
CVE-2018-4182 | 1 Apple | 1 Mac Os X | 2019-10-02 | 7.2 HIGH | 8.2 HIGH |
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. | |||||
CVE-2018-4183 | 1 Apple | 1 Mac Os X | 2019-10-02 | 7.2 HIGH | 8.2 HIGH |
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions. | |||||
CVE-2017-2519 | 2 Apple, Debian | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement. | |||||
CVE-2017-6990 | 1 Apple | 1 Mac Os X | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "HFS" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
CVE-2017-2518 | 2 Apple, Debian | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. | |||||
CVE-2018-5383 | 2 Apple, Google | 3 Iphone Os, Mac Os X, Android | 2019-10-02 | 4.3 MEDIUM | 6.8 MEDIUM |
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. | |||||
CVE-2017-2474 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. An off-by-one error allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2017-2509 | 1 Apple | 1 Mac Os X | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
CVE-2017-13860 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption. | |||||
CVE-2017-13851 | 1 Apple | 1 Mac Os X | 2019-10-02 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files. | |||||
CVE-2017-2461 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message. | |||||
CVE-2017-6979 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-10-02 | 7.6 HIGH | 7.0 HIGH |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |