National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.2.7
There are 1,470 matching records.
Displaying matches 281 through 300.
Vuln ID Summary CVSS Severity
CVE-2017-13817

An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions.

Published: November 12, 2017; 10:29:01 PM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2017-13816

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file.

Published: November 12, 2017; 10:29:01 PM -05:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2017-13815

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "file" product. Versions before 5.31 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Published: November 12, 2017; 10:29:01 PM -05:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2017-13814

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file.

Published: November 12, 2017; 10:29:01 PM -05:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2017-13813

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file.

Published: November 12, 2017; 10:29:01 PM -05:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2017-13812

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted archive file.

Published: November 12, 2017; 10:29:01 PM -05:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2017-13811

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "fsck_msdos" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: November 12, 2017; 10:29:01 PM -05:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2017-13810

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to obtain sensitive information by leveraging an error in packet counters.

Published: November 12, 2017; 10:29:01 PM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2017-13809

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "AppleScript" component. It allows remote attackers to execute arbitrary code via a crafted AppleScript file that is mishandled by osadecompile.

Published: November 12, 2017; 10:29:01 PM -05:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2017-13808

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Remote Management" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: November 12, 2017; 10:29:01 PM -05:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2017-13807

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted QuickTime file.

Published: November 12, 2017; 10:29:01 PM -05:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2017-13804

An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "StreamingZip" component. It allows remote attackers to write to unintended pathnames via a crafted ZIP archive.

Published: November 12, 2017; 10:29:01 PM -05:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-13801

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search.

Published: November 12, 2017; 10:29:00 PM -05:00
V3: 3.3 LOW
V2: 2.1 LOW
CVE-2017-13800

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: November 12, 2017; 10:29:00 PM -05:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2017-13799

An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: November 12, 2017; 10:29:00 PM -05:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2017-13786

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryption buffers, which allows attackers to read cleartext APFS data via a crafted Thunderbolt adapter.

Published: November 12, 2017; 10:29:00 PM -05:00
V3: 4.6 MEDIUM
V2: 2.1 LOW
CVE-2017-13782

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a /dev/dtracehelper attack involving the dtrace_dif_variable and dtrace_getarg functions.

Published: November 12, 2017; 10:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-7150

An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click.

Published: October 22, 2017; 09:29:14 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2017-7149

An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "StorageKit" component. It allows attackers to discover passwords for APFS encrypted volumes by reading Disk Utility hints, because the stored hint value was accidentally set to the password itself, not the entered hint value.

Published: October 22, 2017; 09:29:14 PM -04:00
V3: 7.8 HIGH
V2: 2.1 LOW
CVE-2017-7143

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Captive Network Assistant" component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the network during use of the captive portal browser, which has a UI error that can lead to cleartext transmission without the user's awareness.

Published: October 22, 2017; 09:29:13 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW