Search Results (Refine Search)
- CPE Product Version: cpe:/o:apple:mac_os_x:10.12.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-13820 |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ATS" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted font. Published: November 12, 2017; 10:29:01 PM -0500 |
V4.0:(not available) V3.0: 7.1 HIGH V2.0: 5.8 MEDIUM |
CVE-2017-13819 |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HelpViewer" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML documents. Published: November 12, 2017; 10:29:01 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-13818 |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Published: November 12, 2017; 10:29:01 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-13817 |
An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions. Published: November 12, 2017; 10:29:01 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-13816 |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file. Published: November 12, 2017; 10:29:01 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-13815 |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "file" product. Versions before 5.31 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Published: November 12, 2017; 10:29:01 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2017-13814 |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file. Published: November 12, 2017; 10:29:01 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-13813 |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file. Published: November 12, 2017; 10:29:01 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-13812 |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted archive file. Published: November 12, 2017; 10:29:01 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-13811 |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "fsck_msdos" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Published: November 12, 2017; 10:29:01 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2017-13810 |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to obtain sensitive information by leveraging an error in packet counters. Published: November 12, 2017; 10:29:01 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-13809 |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "AppleScript" component. It allows remote attackers to execute arbitrary code via a crafted AppleScript file that is mishandled by osadecompile. Published: November 12, 2017; 10:29:01 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-13808 |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Remote Management" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Published: November 12, 2017; 10:29:01 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2017-13807 |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted QuickTime file. Published: November 12, 2017; 10:29:01 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-13804 |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "StreamingZip" component. It allows remote attackers to write to unintended pathnames via a crafted ZIP archive. Published: November 12, 2017; 10:29:01 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-13801 |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search. Published: November 12, 2017; 10:29:00 PM -0500 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2017-13800 |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Published: November 12, 2017; 10:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2017-13799 |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Published: November 12, 2017; 10:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2017-13786 |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryption buffers, which allows attackers to read cleartext APFS data via a crafted Thunderbolt adapter. Published: November 12, 2017; 10:29:00 PM -0500 |
V4.0:(not available) V3.0: 4.6 MEDIUM V2.0: 2.1 LOW |
CVE-2017-13782 |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a /dev/dtracehelper attack involving the dtrace_dif_variable and dtrace_getarg functions. Published: November 12, 2017; 10:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |