Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Macos
Total 3179 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-3112 6 Adobe, Apple, Google and 3 more 10 Flash Player, Macos, Chrome Os and 7 more 2024-02-04 10.0 HIGH 9.8 CRITICAL
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
CVE-2017-5088 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2017-5081 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2024-02-04 2.1 LOW 3.3 LOW
Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.
CVE-2017-9977 2 Apple, Avg 2 Macos, Anti-virus 2024-02-04 5.0 MEDIUM 7.5 HIGH
AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files.
CVE-2017-5120 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring).
CVE-2017-5121 6 Apple, Debian, Google and 3 more 8 Macos, Debian Linux, Chrome and 5 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.
CVE-2017-5105 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
CVE-2017-5061 5 Apple, Google, Linux and 2 more 7 Macos, Chrome, Linux Kernel and 4 more 2024-02-04 2.6 LOW 5.3 MEDIUM
A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2017-5060 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
CVE-2017-5073 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2017-3099 6 Adobe, Apple, Google and 3 more 11 Flash Player, Mac Os X, Macos and 8 more 2024-02-04 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution.
CVE-2017-16541 5 Apple, Debian, Linux and 2 more 10 Macos, Debian Linux, Linux Kernel and 7 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
CVE-2017-11282 6 Adobe, Apple, Google and 3 more 10 Flash Player, Macos, Chrome Os and 7 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
CVE-2017-5113 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-5118 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2024-02-04 4.3 MEDIUM 4.3 MEDIUM
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2017-5114 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
CVE-2017-3100 6 Adobe, Apple, Google and 3 more 11 Flash Player, Mac Os X, Macos and 8 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure.
CVE-2017-5098 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2017-5066 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page.
CVE-2017-3085 6 Adobe, Apple, Google and 3 more 11 Flash Player, Mac Os X, Macos and 8 more 2024-02-04 4.3 MEDIUM 7.4 HIGH
Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.