Total
29758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13910 | 1 Apple | 1 Mac Os X | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files. | |||||
| CVE-2017-13908 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue in handling file permissions was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A local attacker may be able to execute non-executable text files via an SMB share. | |||||
| CVE-2017-13907 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked. | |||||
| CVE-2017-13903 | 1 Apple | 2 Iphone Os, Tvos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door. | |||||
| CVE-2017-13892 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected data sharing. | |||||
| CVE-2017-13886 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In macOS High Sierra before 10.13.2, an access issue existed with privileged WiFi system configuration. This issue was addressed with additional restrictions. | |||||
| CVE-2017-13880 | 1 Apple | 2 Iphone Os, Watchos | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 11.2, watchOS 4.2. An application may be able to execute arbitrary code with kernel privilege. | |||||
| CVE-2017-13874 | 1 Apple | 1 Iphone Os | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection. | |||||
| CVE-2017-13871 | 1 Apple | 1 Mac Os X | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the recipient. | |||||
| CVE-2017-13860 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption. | |||||
| CVE-2017-13851 | 1 Apple | 1 Mac Os X | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files. | |||||
| CVE-2017-13846 | 1 Apple | 1 Mac Os X | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2017-13837 | 1 Apple | 1 Mac Os X | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Installer" component. It does not properly restrict an app's entitlements for accessing the FileVault unlock key. | |||||
| CVE-2017-13832 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "802.1X" component. It allows attackers to have an unspecified impact by leveraging TLS 1.0 support. | |||||
| CVE-2017-13828 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Fonts" component. It allows remote attackers to spoof the user interface via crafted text. | |||||
| CVE-2017-13827 | 1 Apple | 1 Mac Os X | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that performs kext loading. | |||||
| CVE-2017-13815 | 1 Apple | 1 Mac Os X | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "file" product. Versions before 5.31 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2017-13806 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Profiles" component. It does not enforce the configuration profile's settings for whether pairings are allowed. | |||||
| CVE-2017-13786 | 1 Apple | 1 Mac Os X | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryption buffers, which allows attackers to read cleartext APFS data via a crafted Thunderbolt adapter. | |||||
| CVE-2017-13775 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
| GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. | |||||