Filtered by vendor Apple
Subscribe
Total
13013 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12754 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-12015 | 6 Apple, Archive\, Canonical and 3 more | 9 Mac Os X, \, Ubuntu Linux and 6 more | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. | |||||
| CVE-2018-10470 | 2 Apple, Objective Development | 2 Macos, Little Snitch | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid. | |||||
| CVE-2018-0701 | 3 Apple, Bluestacks, Microsoft | 3 Macos, Bluestacks, Windows | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later) allows an attacker on the same network segment to bypass access restriction to gain unauthorized access. | |||||
| CVE-2018-0691 | 6 Apple, Google, Kddi and 3 more | 6 Iphone Os, Android, \+ Message and 3 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2018-0397 | 2 Apple, Cisco | 2 Mac Os X, Advanced Malware Protection For Endpoints | 2024-11-21 | 7.1 HIGH | 5.9 MEDIUM |
| A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. The vulnerability exists if the affected software is running in Block network conviction mode. Exploitation could occur if the system that is running the affected software starts a server process and an address in the IP blacklist cache of the affected software attempts to connect to the affected system. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition. Cisco Bug IDs: CSCvk08192. | |||||
| CVE-2018-0387 | 3 Apple, Cisco, Microsoft | 3 Macos, Webex Teams, Windows | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability by sending a user a malicious link and persuading the user to follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. Cisco Bug IDs: CSCvh66250. | |||||
| CVE-2017-7836 | 3 Apple, Linux, Mozilla | 3 Mac Os X, Linux Kernel, Firefox | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. Note: This attack requires an attacker have local system access and only affects OS X and Linux. Windows systems are not affected. This vulnerability affects Firefox < 57. | |||||
| CVE-2017-7173 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
| CVE-2017-7172 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "CFNetwork Session" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2017-7171 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "CoreAnimation" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2017-7170 | 1 Apple | 1 Mac Os X | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Security" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2017-7167 | 1 Apple | 1 Xcode | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. Xcode before 9.2 is affected. The issue involves the "ld64" component. A buffer overflow allows remote attackers to execute arbitrary code via crafted source code. | |||||
| CVE-2017-7165 | 3 Apple, Canonical, Microsoft | 8 Icloud, Iphone Os, Itunes and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2017-7164 | 1 Apple | 2 Iphone Os, Tvos | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the "App Store" component. It allows man-in-the-middle attackers to spoof password prompts. | |||||
| CVE-2017-7161 | 2 Apple, Canonical | 2 Safari, Ubuntu Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection. | |||||
| CVE-2017-7153 | 3 Apple, Canonical, Microsoft | 8 Icloud, Iphone Os, Itunes and 5 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect. | |||||
| CVE-2017-7151 | 2 Apple, Microsoft | 6 Iphone Os, Itunes, Mac Os X and 3 more | 2024-11-21 | 5.1 MEDIUM | 7.0 HIGH |
| A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4. | |||||
| CVE-2017-7075 | 1 Apple | 1 Iphone Os | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Notes" component. It allows local users to obtain sensitive information by reading search results that contain locked-note content. | |||||
| CVE-2017-7071 | 1 Apple | 1 Safari | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||