Apple Mac OS X 10.4.10

CPE Details

Apple Mac OS X 10.4.10
10.4.10
2007-08-23 19:16 +00:00
2008-04-15 20:37 +00:00

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*

Informations

Vendor

apple

Product

mac_os_x

Version

10.4.10

Related CVE

Open and find in CVE List

<
CVE ID Published Description Score Severity
CVE-2021-3187 2023-12-10 23:00 +00:00 An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)
8.8
HIGH
CVE-2023-28143 2023-04-18 15:54 +00:00 Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older) versions. Attackers may exploit incorrect file permissions to give them ROOT command execution privileges on the host. During the install of the PKG, a step in the process involves extracting the package and copying files to several directories. Attackers may gain writable access to files during the install of PKG when extraction of the package and copying files to several directories, enabling a local escalation of privilege.
7
HIGH
CVE-2022-32849 2022-09-22 22:00 +00:00 An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.
5.5
MEDIUM
CVE-2022-2294 2022-07-27 22:00 +00:00 Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
HIGH
CVE-2022-26766 2022-05-26 17:22 +00:00 A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation.
5.5
MEDIUM
CVE-2022-26763 2022-05-26 17:19 +00:00 An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2022-26761 2022-05-26 17:18 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2022-26757 2022-05-26 17:18 +00:00 A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2022-26756 2022-05-26 17:17 +00:00 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2022-26755 2022-05-26 17:16 +00:00 This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox.
6.3
MEDIUM
CVE-2022-26751 2022-05-26 17:12 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2022-26748 2022-05-26 17:10 +00:00 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2022-26746 2022-05-26 17:08 +00:00 This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.
5.5
MEDIUM
CVE-2022-26726 2022-05-26 16:56 +00:00 This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen.
6.5
MEDIUM
CVE-2022-26722 2022-05-26 16:53 +00:00 A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.
7.8
HIGH
CVE-2022-26721 2022-05-26 16:52 +00:00 A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.
7.8
HIGH
CVE-2022-26720 2022-05-26 16:51 +00:00 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2022-26715 2022-05-26 16:50 +00:00 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges.
7.8
HIGH
CVE-2022-26714 2022-05-26 16:49 +00:00 A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2022-22597 2022-03-18 16:59 +00:00 A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution.
7.8
HIGH
CVE-2022-22593 2022-03-18 16:59 +00:00 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2022-22579 2022-03-18 16:59 +00:00 An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution.
7.8
HIGH
CVE-2019-8702 2021-12-23 18:48 +00:00 This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.
5.5
MEDIUM
CVE-2019-8703 2021-12-23 18:48 +00:00 This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.
9.8
CRITICAL
CVE-2018-4302 2021-12-23 18:48 +00:00 A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.
7.8
HIGH
CVE-2019-8643 2021-12-23 18:48 +00:00 CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management..
9.8
CRITICAL
CVE-2017-13910 2021-12-23 18:48 +00:00 An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files.
5.5
MEDIUM
CVE-2018-4478 2021-12-23 18:48 +00:00 A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges.
6.8
MEDIUM
CVE-2017-13909 2021-12-23 18:48 +00:00 An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens.
5.5
MEDIUM
CVE-2017-13835 2021-12-23 18:48 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges.
7.8
HIGH
CVE-2021-30834 2021-10-28 16:17 +00:00 A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution.
7.8
HIGH
CVE-2021-30821 2021-10-28 16:17 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2021-30824 2021-10-28 16:17 +00:00 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2021-30935 2021-08-24 16:50 +00:00 A logic issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges.
8.8
HIGH
CVE-2021-30919 2021-08-24 16:50 +00:00 An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted PDF may lead to arbitrary code execution.
7.8
HIGH
CVE-2021-30917 2021-08-24 16:50 +00:00 A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2021-30916 2021-08-24 16:50 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2021-30915 2021-08-24 16:50 +00:00 A logic issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A person with physical access to an iOS device may be able to determine characteristics of a user's password in a secure text entry field.
2.4
LOW
CVE-2021-30912 2021-08-24 16:50 +00:00 The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may gain access to a user's Keychain items.
5.5
MEDIUM
CVE-2021-30911 2021-08-24 16:50 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, iOS 15.1 and iPadOS 15.1, macOS Big Sur 11.6.1. Processing a maliciously crafted USD file may disclose memory contents.
5.5
MEDIUM
CVE-2021-30910 2021-08-24 16:50 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted file may disclose user information.
5.5
MEDIUM
CVE-2021-30909 2021-08-24 16:50 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2021-30907 2021-08-24 16:50 +00:00 An integer overflow was addressed through improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to elevate privileges.
7.8
HIGH
CVE-2021-30901 2021-08-24 16:50 +00:00 Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2021-30899 2021-08-24 16:50 +00:00 A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.
7
HIGH
CVE-2021-30892 2021-08-24 16:49 +00:00 An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to modify protected parts of the file system.
5.5
MEDIUM
CVE-2021-30881 2021-08-24 16:49 +00:00 An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Unpacking a maliciously crafted archive may lead to arbitrary code execution.
7.8
HIGH
CVE-2021-30865 2021-08-24 16:49 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6, Security Update 2021-005 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2021-30859 2021-08-24 16:49 +00:00 A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2021-30857 2021-08-24 16:49 +00:00 A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges.
7
HIGH
CVE-2021-30855 2021-08-24 16:49 +00:00 A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. An application may be able to access restricted files.
5.5
MEDIUM
CVE-2021-1797 2021-04-02 16:04 +00:00 The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files.
5.5
MEDIUM
CVE-2020-27938 2021-04-02 15:36 +00:00 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges.
7.8
HIGH
CVE-2020-27937 2021-04-02 15:35 +00:00 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to access private information.
5.5
MEDIUM
CVE-2020-27936 2021-04-02 15:34 +00:00 An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A local user may be able to cause unexpected system termination or read kernel memory.
7.1
HIGH
CVE-2020-27923 2021-04-02 15:33 +00:00 An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-27931 2021-04-02 15:32 +00:00 A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-27922 2021-04-02 15:32 +00:00 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted font file may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-27924 2021-04-02 15:32 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-27935 2021-04-02 15:32 +00:00 Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions.
6.3
MEDIUM
CVE-2020-27921 2021-04-02 15:31 +00:00 A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.
7
HIGH
CVE-2020-27920 2021-04-02 15:31 +00:00 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing maliciously crafted web content may lead to code execution.
8.8
HIGH
CVE-2020-27908 2021-04-02 15:31 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted audio file may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-27914 2021-04-02 15:30 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2020-27915 2021-04-02 15:30 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2020-27919 2021-04-02 15:29 +00:00 An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-10001 2021-04-02 15:24 +00:00 An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory.
5.5
MEDIUM
CVE-2020-9926 2021-04-02 15:23 +00:00 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.
7.8
HIGH
CVE-2020-9930 2021-04-02 15:13 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A local user may be able to cause unexpected system termination or read kernel memory.
7.1
HIGH
CVE-2020-8286 2020-12-14 18:39 +00:00 curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
7.5
HIGH
CVE-2020-8285 2020-12-14 18:39 +00:00 curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
7.5
HIGH
CVE-2020-9991 2020-12-08 20:11 +00:00 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.
7.5
HIGH
CVE-2020-27930 2020-12-08 19:17 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-27932 2020-12-08 19:13 +00:00 A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-10017 2020-12-08 19:06 +00:00 An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-10007 2020-12-08 19:03 +00:00 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to determine kernel memory layout.
5.5
MEDIUM
CVE-2020-10011 2020-12-08 19:02 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
7.8
HIGH
CVE-2020-10003 2020-12-08 19:02 +00:00 An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.
7.8
HIGH
CVE-2020-10004 2020-12-08 19:02 +00:00 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
7.8
HIGH
CVE-2020-10010 2020-12-08 19:01 +00:00 A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.
7.8
HIGH
CVE-2020-10009 2020-12-08 19:00 +00:00 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions.
5.5
MEDIUM
CVE-2020-9996 2020-12-08 18:59 +00:00 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges.
7.8
HIGH
CVE-2020-10006 2020-12-08 18:59 +00:00 This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files.
5.5
MEDIUM
CVE-2020-9989 2020-12-08 18:58 +00:00 The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.
5.5
MEDIUM
CVE-2020-9974 2020-12-08 18:58 +00:00 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to determine kernel memory layout.
5.5
MEDIUM
CVE-2020-10002 2020-12-08 18:57 +00:00 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files.
5.5
MEDIUM
CVE-2020-9999 2020-12-08 18:32 +00:00 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9969 2020-12-08 18:30 +00:00 An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view senstive user information.
5.5
MEDIUM
CVE-2020-9988 2020-12-08 18:29 +00:00 The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.
5.5
MEDIUM
CVE-2020-9981 2020-12-08 18:28 +00:00 A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted file may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9977 2020-12-08 18:28 +00:00 A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to determine a user's open tabs in Safari.
5.5
MEDIUM
CVE-2020-9963 2020-12-08 18:23 +00:00 The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able to determine the existence of files on the computer.
5.5
MEDIUM
CVE-2020-9949 2020-12-08 18:23 +00:00 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, tvOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-9943 2020-12-08 18:22 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A malicious application may be able to read restricted memory.
5.5
MEDIUM
CVE-2020-9966 2020-12-08 18:21 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-9954 2020-12-08 18:20 +00:00 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 7.0, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Playing a malicious audio file may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9945 2020-12-08 18:19 +00:00 A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.
4.3
MEDIUM
CVE-2020-9944 2020-12-08 18:19 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to read restricted memory.
5.5
MEDIUM
CVE-2020-9922 2020-12-08 18:19 +00:00 A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files.
6.5
MEDIUM
CVE-2020-9942 2020-12-08 18:17 +00:00 An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing.
4.3
MEDIUM
CVE-2020-8037 2020-11-04 17:55 +00:00 The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
7.5
HIGH
CVE-2019-8796 2020-10-27 19:57 +00:00 A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode.
5.3
MEDIUM
CVE-2019-8531 2020-10-27 19:57 +00:00 A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be trusted.
9.8
CRITICAL
CVE-2020-9857 2020-10-27 19:51 +00:00 An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra. A malicious website may be able to exfiltrate autofilled data in Safari.
4.3
MEDIUM
CVE-2020-3880 2020-10-27 19:42 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9782 2020-10-27 19:42 +00:00 A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files.
7.5
HIGH
CVE-2020-3863 2020-10-27 19:42 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2020-9866 2020-10-27 19:42 +00:00 A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A buffer overflow may result in arbitrary code execution.
9.8
CRITICAL
CVE-2020-9786 2020-10-27 19:41 +00:00 This issue was addressed with improved checks This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. An application may be able to trigger a sysdiagnose.
3.3
LOW
CVE-2020-3855 2020-10-27 19:12 +00:00 An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. A malicious application may be able to overwrite arbitrary files.
7.1
HIGH
CVE-2020-9774 2020-10-27 19:12 +00:00 An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed.
7.5
HIGH
CVE-2019-8858 2020-10-27 19:11 +00:00 A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A user who shares their screen may not be able to end screen sharing.
5.3
MEDIUM
CVE-2019-8855 2020-10-27 19:09 +00:00 An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access restricted files.
6.3
MEDIUM
CVE-2019-8854 2020-10-27 19:09 +00:00 A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address.
7.5
HIGH
CVE-2019-8853 2020-10-27 19:08 +00:00 A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to read restricted memory.
5.5
MEDIUM
CVE-2019-8850 2020-10-27 19:07 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may disclose restricted memory.
5.5
MEDIUM
CVE-2019-8856 2020-10-27 19:07 +00:00 An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans.
3.3
LOW
CVE-2019-8848 2020-10-27 19:05 +00:00 This issue was addressed with improved checks. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An application may be able to gain elevated privileges.
7.8
HIGH
CVE-2019-8852 2020-10-27 19:05 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-8847 2020-10-27 19:04 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-8838 2020-10-27 18:55 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-8842 2020-10-27 18:55 +00:00 A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.
3.3
LOW
CVE-2019-8839 2020-10-27 18:55 +00:00 A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An attacker in a privileged position may be able to perform a denial of service attack.
5.5
MEDIUM
CVE-2019-8833 2020-10-27 18:54 +00:00 A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-8832 2020-10-27 18:54 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8837 2020-10-27 18:54 +00:00 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A malicious application may be able to access restricted files.
7.8
HIGH
CVE-2019-8830 2020-10-27 18:54 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8834 2020-10-27 18:53 +00:00 A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list.
4.3
MEDIUM
CVE-2019-8828 2020-10-27 18:53 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-8831 2020-10-27 18:53 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8829 2020-10-27 18:53 +00:00 A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6.1, tvOS 13.2, iOS 13.2 and iPadOS 13.2. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-8826 2020-10-27 18:53 +00:00 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8824 2020-10-27 18:52 +00:00 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-8825 2020-10-27 18:51 +00:00 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 10.7, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8809 2020-10-27 18:51 +00:00 A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier.
3.3
LOW
CVE-2019-8777 2020-10-27 18:50 +00:00 A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local attacker may be able to view contacts from the lock screen.
2.4
LOW
CVE-2019-8799 2020-10-27 18:50 +00:00 This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications.
2.4
LOW
CVE-2019-8767 2020-10-27 18:50 +00:00 A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Processing a maliciously crafted string may lead to heap corruption.
9.8
CRITICAL
CVE-2019-8774 2020-10-27 18:50 +00:00 A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service.
5.5
MEDIUM
CVE-2019-8761 2020-10-27 18:49 +00:00 This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information.
5.5
MEDIUM
CVE-2019-8756 2020-10-27 18:48 +00:00 Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.
9.8
CRITICAL
CVE-2019-8776 2020-10-27 18:48 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8754 2020-10-27 18:47 +00:00 A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user information.
6.5
MEDIUM
CVE-2019-8759 2020-10-27 18:46 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. A local user may be able to cause unexpected system termination or read kernel memory.
7.1
HIGH
CVE-2019-8744 2020-10-27 18:46 +00:00 A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout.
5.5
MEDIUM
CVE-2019-8736 2020-10-27 18:45 +00:00 An input validation issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged network position may be able to leak sensitive user information.
6.5
MEDIUM
CVE-2019-8753 2020-10-27 18:45 +00:00 This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack.
6.1
MEDIUM
CVE-2019-8746 2020-10-27 18:44 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
9.8
CRITICAL
CVE-2019-8737 2020-10-27 18:43 +00:00 A denial of service issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged position may be able to perform a denial of service attack.
6.5
MEDIUM
CVE-2019-8706 2020-10-27 18:43 +00:00 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may lead to arbitrary code execution.
7.8
HIGH
CVE-2019-8715 2020-10-27 18:42 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8716 2020-10-27 18:42 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges.
9.8
CRITICAL
CVE-2019-8709 2020-10-27 18:42 +00:00 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-8645 2020-10-27 18:41 +00:00 An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail.
6.5
MEDIUM
CVE-2019-8708 2020-10-27 18:39 +00:00 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. A local user may be able to check for the existence of arbitrary files.
5.5
MEDIUM
CVE-2019-8696 2020-10-27 18:39 +00:00 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.
8.8
HIGH
CVE-2019-8675 2020-10-27 18:39 +00:00 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.
8.8
HIGH
CVE-2019-8642 2020-10-27 18:38 +00:00 An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing.
3.3
LOW
CVE-2019-8656 2020-10-27 18:38 +00:00 This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper.
5.5
MEDIUM
CVE-2019-8640 2020-10-27 18:38 +00:00 A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra. A sandboxed process may be able to circumvent sandbox restrictions.
7.5
HIGH
CVE-2019-8631 2020-10-27 18:37 +00:00 A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state.
7.5
HIGH
CVE-2019-8618 2020-10-27 18:34 +00:00 A logic issue was addressed with improved restrictions. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A sandboxed process may be able to circumvent sandbox restrictions.
7.5
HIGH
CVE-2019-8582 2020-10-27 18:27 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iCloud for Windows 7.12, tvOS 12.3, iTunes 12.9.5 for Windows, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. Processing a maliciously crafted font may result in the disclosure of process memory.
5.5
MEDIUM
CVE-2019-8579 2020-10-27 18:26 +00:00 An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to gain elevated privileges.
7.8
HIGH
CVE-2019-8573 2020-10-27 18:25 +00:00 An input validation issue was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause a system denial of service.
7.5
HIGH
CVE-2019-8569 2020-10-27 18:25 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to execute arbitrary code with system privileges.
6.7
MEDIUM
CVE-2019-8564 2020-10-27 18:24 +00:00 A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state.
7.5
HIGH
CVE-2019-7288 2020-10-27 18:23 +00:00 The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos .
9.8
CRITICAL
CVE-2019-6238 2020-10-27 18:22 +00:00 A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted package may lead to arbitrary code execution.
7.8
HIGH
CVE-2018-4451 2020-10-27 18:20 +00:00 This issue is fixed in macOS Mojave 10.14. A memory corruption issue was addressed with improved input validation.
7.8
HIGH
CVE-2018-4433 2020-10-27 18:19 +00:00 A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the file system.
5.5
MEDIUM
CVE-2020-9994 2020-10-22 16:07 +00:00 A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.
7.1
HIGH
CVE-2020-9997 2020-10-22 16:07 +00:00 An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory.
5.5
MEDIUM
CVE-2020-9985 2020-10-22 16:07 +00:00 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
7.8
HIGH
CVE-2020-9984 2020-10-22 16:06 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9990 2020-10-22 16:06 +00:00 A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-9986 2020-10-22 16:06 +00:00 A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be able to read sensitive location information.
3.3
LOW
CVE-2020-9937 2020-10-22 16:06 +00:00 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9940 2020-10-22 16:06 +00:00 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
7.8
HIGH
CVE-2020-9927 2020-10-22 16:06 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-9980 2020-10-22 16:06 +00:00 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted font file may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9939 2020-10-22 16:06 +00:00 This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to load unsigned kernel extensions.
6.4
MEDIUM
CVE-2020-9938 2020-10-22 16:05 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9935 2020-10-22 16:05 +00:00 A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A user may be unexpectedly logged in to another user’s account.
4.3
MEDIUM
CVE-2020-9924 2020-10-22 16:05 +00:00 A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may be able to cause a denial of service.
7.5
HIGH
CVE-2020-9929 2020-10-22 16:05 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory.
7.1
HIGH
CVE-2020-9928 2020-10-22 16:05 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-9919 2020-10-22 16:05 +00:00 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9920 2020-10-22 16:04 +00:00 A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files.
9.1
CRITICAL
CVE-2020-9921 2020-10-22 16:04 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with system privileges.
7
HIGH
CVE-2020-9902 2020-10-22 16:04 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout.
5.5
MEDIUM
CVE-2020-9904 2020-10-22 16:04 +00:00 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-9908 2020-10-22 16:04 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory.
7.1
HIGH
CVE-2020-9905 2020-10-22 16:04 +00:00 A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service.
7.5
HIGH
CVE-2020-9901 2020-10-22 16:03 +00:00 An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges.
7.8
HIGH
CVE-2020-9900 2020-10-22 16:00 +00:00 An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges.
7.8
HIGH
CVE-2020-9879 2020-10-22 16:00 +00:00 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9873 2020-10-22 15:59 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9877 2020-10-22 15:58 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9872 2020-10-22 15:58 +00:00 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9875 2020-10-22 15:58 +00:00 An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9874 2020-10-22 15:58 +00:00 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9871 2020-10-22 15:54 +00:00 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9868 2020-10-22 15:54 +00:00 A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate.
9.1
CRITICAL
CVE-2020-9863 2020-10-22 15:54 +00:00 A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-9869 2020-10-22 15:54 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may cause an unexpected application termination.
7.5
HIGH
CVE-2020-9854 2020-10-22 15:54 +00:00 A logic issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. An application may be able to gain elevated privileges.
7.8
HIGH
CVE-2020-9828 2020-10-22 15:53 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to leak sensitive user information.
7.5
HIGH
CVE-2020-9853 2020-10-22 15:53 +00:00 A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to determine kernel memory layout.
7.8
HIGH
CVE-2020-9772 2020-10-22 15:53 +00:00 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A sandboxed process may be able to circumvent sandbox restrictions.
5.5
MEDIUM
CVE-2020-9796 2020-10-22 15:52 +00:00 A race condition was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.
7
HIGH
CVE-2020-9771 2020-10-22 15:52 +00:00 This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A user may gain access to protected parts of the file system.
7.1
HIGH
CVE-2020-3918 2020-10-22 15:49 +00:00 An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information.
5.5
MEDIUM
CVE-2020-3898 2020-10-22 15:48 +00:00 A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges.
7.8
HIGH
CVE-2020-3915 2020-10-22 15:47 +00:00 A path handling issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to overwrite arbitrary files.
7.8
HIGH
CVE-2020-9934 2020-10-16 14:51 +00:00 An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.
5.5
MEDIUM
CVE-2020-9918 2020-10-16 14:48 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
9.8
CRITICAL
CVE-2020-9913 2020-10-16 14:45 +00:00 This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information.
5.5
MEDIUM
CVE-2020-9891 2020-10-16 14:39 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9890 2020-10-16 14:39 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9888 2020-10-16 14:37 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9885 2020-10-16 14:36 +00:00 An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group.
5.5
MEDIUM
CVE-2020-9884 2020-10-16 14:34 +00:00 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9878 2020-10-16 14:33 +00:00 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
7.8
HIGH
CVE-2020-9870 2020-10-16 14:33 +00:00 A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code.
8.8
HIGH
CVE-2020-9865 2020-10-16 14:33 +00:00 A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox.
8.6
HIGH
CVE-2020-9864 2020-10-16 14:33 +00:00 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.
9.8
CRITICAL
CVE-2020-9799 2020-10-16 14:13 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-9852 2020-06-09 14:18 +00:00 An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-9855 2020-06-09 14:17 +00:00 A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.5. A local attacker may be able to elevate their privileges.
7.8
HIGH
CVE-2020-9851 2020-06-09 14:17 +00:00 An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to modify protected parts of the file system.
5.5
MEDIUM
CVE-2020-9847 2020-06-09 14:17 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox.
8.6
HIGH
CVE-2020-9841 2020-06-09 14:16 +00:00 An integer overflow was addressed through improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-9842 2020-06-09 14:16 +00:00 An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions.
7.1
HIGH
CVE-2020-9837 2020-06-09 14:16 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory.
7.5
HIGH
CVE-2020-9839 2020-06-09 14:16 +00:00 A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.
7
HIGH
CVE-2020-9833 2020-06-09 14:15 +00:00 A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory.
5.5
MEDIUM
CVE-2020-9834 2020-06-09 14:15 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-9831 2020-06-09 14:15 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout.
5.5
MEDIUM
CVE-2020-9832 2020-06-09 14:14 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout.
5.5
MEDIUM
CVE-2020-9826 2020-06-09 14:14 +00:00 A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service.
7.5
HIGH
CVE-2020-9824 2020-06-09 14:14 +00:00 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings.
7.5
HIGH
CVE-2020-9827 2020-06-09 14:14 +00:00 A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.
7.5
HIGH
CVE-2020-9822 2020-06-09 14:13 +00:00 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-9825 2020-06-09 14:13 +00:00 An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A malicious application may be able to bypass Privacy preferences.
7.8
HIGH
CVE-2020-9821 2020-06-09 14:13 +00:00 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-9789 2020-06-09 14:12 +00:00 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.
8.8
HIGH
CVE-2020-9816 2020-06-09 14:11 +00:00 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.
7.8
HIGH
CVE-2020-9815 2020-06-09 14:11 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9790 2020-06-09 14:10 +00:00 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.
8.8
HIGH
CVE-2020-9813 2020-06-09 14:10 +00:00 A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-9814 2020-06-09 14:10 +00:00 A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-9808 2020-06-09 14:10 +00:00 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to cause unexpected system termination or write kernel memory.
7.1
HIGH
CVE-2020-9788 2020-06-09 14:09 +00:00 A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript.
7.8
HIGH
CVE-2020-9812 2020-06-09 14:09 +00:00 An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.
5.5
MEDIUM
CVE-2020-9811 2020-06-09 14:08 +00:00 An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.
5.5
MEDIUM
CVE-2020-9809 2020-06-09 14:08 +00:00 An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine kernel memory layout.
5.5
MEDIUM
CVE-2020-9800 2020-06-09 14:06 +00:00 A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2020-9804 2020-06-09 14:05 +00:00 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. Inserting a USB device that sends invalid messages may cause a kernel panic.
4.6
MEDIUM
CVE-2020-9794 2020-06-09 14:04 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.
8.1
HIGH
CVE-2020-9793 2020-06-09 14:03 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution.
7.8
HIGH
CVE-2020-9795 2020-06-09 14:03 +00:00 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-9791 2020-06-09 14:02 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-9797 2020-06-09 14:02 +00:00 An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine another application's memory layout.
5.5
MEDIUM
CVE-2020-9792 2020-06-09 13:59 +00:00 A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A USB device may be able to cause a denial of service.
4.6
MEDIUM
CVE-2020-3882 2020-06-09 13:59 +00:00 This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Importing a maliciously crafted calendar invitation may exfiltrate user information.
6.5
MEDIUM
CVE-2020-9859 2020-06-05 12:40 +00:00 A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-6203 2020-04-17 15:47 +00:00 A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic.
9.8
CRITICAL
CVE-2020-11758 2020-04-14 20:43 +00:00 An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.
5.5
MEDIUM
CVE-2020-11760 2020-04-14 20:42 +00:00 An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
5.5
MEDIUM
CVE-2020-11761 2020-04-14 20:42 +00:00 An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
5.5
MEDIUM
CVE-2020-11762 2020-04-14 20:42 +00:00 An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
5.5
MEDIUM
CVE-2019-14868 2020-04-02 14:48 +00:00 In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
7.8
HIGH
CVE-2020-3847 2020-04-01 16:09 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory.
9.8
CRITICAL
CVE-2020-3849 2020-04-01 16:09 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
9.8
CRITICAL
CVE-2020-3848 2020-04-01 16:09 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
9.8
CRITICAL
CVE-2020-3850 2020-04-01 16:08 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
9.8
CRITICAL
CVE-2020-9785 2020-04-01 15:57 +00:00 Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-9776 2020-04-01 15:55 +00:00 This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to access a user's call history.
3.3
LOW
CVE-2020-9769 2020-04-01 15:54 +00:00 Multiple issues were addressed by updating to version 8.1.1850. This issue is fixed in macOS Catalina 10.15.4. Multiple issues in Vim.
9.8
CRITICAL
CVE-2020-3919 2020-04-01 15:54 +00:00 A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-3910 2020-04-01 15:54 +00:00 A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
9.8
CRITICAL
CVE-2020-3914 2020-04-01 15:54 +00:00 A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory.
5.5
MEDIUM
CVE-2020-3911 2020-04-01 15:53 +00:00 A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
9.8
CRITICAL
CVE-2020-3913 2020-04-01 15:53 +00:00 A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. A malicious application may be able to elevate privileges.
7.8
HIGH
CVE-2020-3912 2020-04-01 15:53 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.
7.1
HIGH
CVE-2020-3909 2020-04-01 15:53 +00:00 A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
9.8
CRITICAL
CVE-2020-3908 2020-04-01 15:52 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.
7.1
HIGH
CVE-2020-3905 2020-04-01 15:52 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-3907 2020-04-01 15:51 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.
7.1
HIGH
CVE-2020-3904 2020-04-01 15:51 +00:00 Multiple memory corruption issues were addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-3906 2020-04-01 15:50 +00:00 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.4. A maliciously crafted application may be able to bypass code signing enforcement.
7.8
HIGH
CVE-2020-3903 2020-04-01 15:50 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.4. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2020-3892 2020-04-01 15:49 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-3893 2020-04-01 15:49 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-3889 2020-04-01 15:39 +00:00 A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to read arbitrary files.
5.5
MEDIUM
CVE-2020-3884 2020-04-01 15:23 +00:00 An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution.
6.1
MEDIUM
CVE-2020-3881 2020-04-01 15:21 +00:00 A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to view sensitive user information.
5.5
MEDIUM
CVE-2019-8741 2020-02-28 12:01 +00:00 A denial of service issue was addressed with improved input validation.
7.5
HIGH
CVE-2020-3846 2020-02-27 19:45 +00:00 A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.
8.8
HIGH
CVE-2020-3853 2020-02-27 19:45 +00:00 A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2020-3854 2020-02-27 19:45 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2020-3856 2020-02-27 19:45 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted string may lead to heap corruption.
7.8
HIGH
CVE-2020-3857 2020-02-27 19:45 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2020-3866 2020-02-27 19:45 +00:00 This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Catalina 10.15.3. Searching for and opening a file from an attacker controlled NFS mount may bypass Gatekeeper.
5.5
MEDIUM
CVE-2020-3870 2020-02-27 19:45 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-3871 2020-02-27 19:45 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-3872 2020-02-27 19:45 +00:00 A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory.
5.5
MEDIUM
CVE-2020-3875 2020-02-27 19:45 +00:00 A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory.
5.5
MEDIUM
CVE-2020-3877 2020-02-27 19:45 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
7.5
HIGH
CVE-2020-3826 2020-02-27 19:45 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-3827 2020-02-27 19:45 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. Viewing a maliciously crafted JPEG file may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-3829 2020-02-27 19:45 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to gain elevated privileges.
7.8
HIGH
CVE-2020-3830 2020-02-27 19:45 +00:00 A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to overwrite arbitrary files.
3.3
LOW
CVE-2020-3835 2020-02-27 19:45 +00:00 A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to access restricted files.
4.4
MEDIUM
CVE-2020-3836 2020-02-27 19:45 +00:00 An access issue was addressed with improved memory management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to determine kernel memory layout.
5.5
MEDIUM
CVE-2020-3837 2020-02-27 19:45 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-3838 2020-02-27 19:45 +00:00 The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2020-3839 2020-02-27 19:45 +00:00 A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.3. An application may be able to read restricted memory.
5.5
MEDIUM
CVE-2020-3840 2020-02-27 19:45 +00:00 An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1. Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution.
7.8
HIGH
CVE-2020-3842 2020-02-27 19:45 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2020-3845 2020-02-27 19:45 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-20044 2020-02-24 12:09 +00:00 In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
7.8
HIGH
CVE-2016-4606 2020-02-21 00:15 +00:00 Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
9.8
CRITICAL
CVE-2012-5366 2020-02-20 13:14 +00:00 The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
7.5
HIGH
CVE-2014-8128 2020-02-12 01:15 +00:00 LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
6.5
MEDIUM
CVE-2019-15126 2020-02-05 15:17 +00:00 An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
3.1
LOW
CVE-2013-1867 2020-01-30 12:11 +00:00 Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability
6.1
MEDIUM
CVE-2019-19906 2019-12-19 16:39 +00:00 cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
7.5
HIGH
CVE-2019-8785 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8787 2019-12-18 16:33 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A remote attacker may be able to leak memory.
7.5
HIGH
CVE-2019-8794 2019-12-18 16:33 +00:00 A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to read restricted memory.
5.5
MEDIUM
CVE-2019-8797 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8798 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with system privileges.
5.5
MEDIUM
CVE-2019-8803 2019-12-18 16:33 +00:00 An authentication issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A local attacker may be able to login to the account of a previously logged in user without valid credentials..
8.4
HIGH
CVE-2019-8817 2019-12-18 16:33 +00:00 A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.1. An application may be able to read restricted memory.
5.5
MEDIUM
CVE-2019-8745 2019-12-18 16:33 +00:00 A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15, tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing a maliciously crafted text file may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8755 2019-12-18 16:33 +00:00 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to determine kernel memory layout.
7.8
HIGH
CVE-2019-8784 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8786 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-8788 2019-12-18 16:33 +00:00 An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Improper URL processing may lead to data exfiltration.
7.5
HIGH
CVE-2019-8789 2019-12-18 16:33 +00:00 A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.
5.5
MEDIUM
CVE-2019-8801 2019-12-18 16:33 +00:00 A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.
7.8
HIGH
CVE-2019-8802 2019-12-18 16:33 +00:00 A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15.1. A malicious application may be able to gain root privileges.
7.8
HIGH
CVE-2019-8805 2019-12-18 16:33 +00:00 A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Catalina 10.15.1. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8807 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8697 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8701 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8705 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15, tvOS 13. Processing a maliciously crafted movie may result in the disclosure of process memory.
5.5
MEDIUM
CVE-2019-8748 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-8757 2019-12-18 16:33 +00:00 A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics.
2.5
LOW
CVE-2019-8758 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8768 2019-12-18 16:33 +00:00 "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items.
5.3
MEDIUM
CVE-2019-8769 2019-12-18 16:33 +00:00 An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history.
4.3
MEDIUM
CVE-2019-8770 2019-12-18 16:33 +00:00 The issue was addressed with improved permissions logic. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access recent documents.
5.5
MEDIUM
CVE-2019-8772 2019-12-18 16:33 +00:00 An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF.
7.5
HIGH
CVE-2019-8781 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-8676 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8677 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8678 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8679 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8680 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8681 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8683 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8684 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8685 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8686 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8687 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8688 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8689 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8690 2019-12-18 16:33 +00:00 A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.
6.1
MEDIUM
CVE-2019-8691 2019-12-18 16:33 +00:00 A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.
5.5
MEDIUM
CVE-2019-8692 2019-12-18 16:33 +00:00 A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.
5.5
MEDIUM
CVE-2019-8693 2019-12-18 16:33 +00:00 A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.
5.5
MEDIUM
CVE-2019-8694 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-8695 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8717 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, tvOS 13. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-8730 2019-12-18 16:33 +00:00 The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes.
3.3
LOW
CVE-2019-8629 2019-12-18 16:33 +00:00 A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8634 2019-12-18 16:33 +00:00 An authentication issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5. A user may be unexpectedly logged in to another user’s account.
8.8
HIGH
CVE-2019-8635 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8641 2019-12-18 16:33 +00:00 An out-of-bounds read was addressed with improved input validation.
9.8
CRITICAL
CVE-2019-8646 2019-12-18 16:33 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to leak memory.
7.5
HIGH
CVE-2019-8648 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.
9.8
CRITICAL
CVE-2019-8649 2019-12-18 16:33 +00:00 A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.
6.1
MEDIUM
CVE-2019-8657 2019-12-18 16:33 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution.
8.8
HIGH
CVE-2019-8658 2019-12-18 16:33 +00:00 A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.
6.1
MEDIUM
CVE-2019-8660 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
9.8
CRITICAL
CVE-2019-8661 2019-12-18 16:33 +00:00 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.6. A remote attacker may be able to cause arbitrary code execution.
9.8
CRITICAL
CVE-2019-8662 2019-12-18 16:33 +00:00 This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.
9.8
CRITICAL
CVE-2019-8663 2019-12-18 16:33 +00:00 This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6. A remote attacker may be able to leak memory.
5.3
MEDIUM
CVE-2019-8666 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8667 2019-12-18 16:33 +00:00 An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6. The encryption status of a Time Machine backup may be incorrect.
5.3
MEDIUM
CVE-2019-8669 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8670 2019-12-18 16:33 +00:00 An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing.
4.3
MEDIUM
CVE-2019-8671 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8672 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8673 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8568 2019-12-18 16:33 +00:00 A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of the file system.
5.5
MEDIUM
CVE-2019-8571 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8574 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8576 2019-12-18 16:33 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to cause unexpected system termination or read kernel memory.
7.1
HIGH
CVE-2019-8577 2019-12-18 16:33 +00:00 An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges.
7.8
HIGH
CVE-2019-8583 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8584 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8585 2019-12-18 16:33 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. Processing a maliciously crafted movie file may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8586 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8587 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8594 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8611 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8615 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
6.5
MEDIUM
CVE-2019-8616 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8619 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8622 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8623 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8628 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8644 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8560 2019-12-18 16:33 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to read restricted memory.
5.5
MEDIUM
CVE-2019-8561 2019-12-18 16:33 +00:00 A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to elevate privileges.
7.8
HIGH
CVE-2019-8565 2019-12-18 16:33 +00:00 A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to gain root privileges.
7
HIGH
CVE-2019-8589 2019-12-18 16:33 +00:00 This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.5. A malicious application may bypass Gatekeeper checks.
5.5
MEDIUM
CVE-2019-8591 2019-12-18 16:33 +00:00 A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to cause unexpected system termination or write kernel memory.
7.1
HIGH
CVE-2019-8595 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8596 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8597 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
6.5
MEDIUM
CVE-2019-8598 2019-12-18 16:33 +00:00 An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to read restricted memory.
5.5
MEDIUM
CVE-2019-8600 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution.
9.8
CRITICAL
CVE-2019-8601 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8602 2019-12-18 16:33 +00:00 A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to elevate privileges.
7.8
HIGH
CVE-2019-8603 2019-12-18 16:33 +00:00 A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5. An application may be able to read restricted memory.
8.8
HIGH
CVE-2019-8604 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.
8.8
HIGH
CVE-2019-8605 2019-12-18 16:33 +00:00 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8606 2019-12-18 16:33 +00:00 A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.5. A local user may be able to load unsigned kernel extensions.
7
HIGH
CVE-2019-8607 2019-12-18 16:33 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory.
6.5
MEDIUM
CVE-2019-8608 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
6.3
MEDIUM
CVE-2019-8609 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8610 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-8527 2019-12-18 16:33 +00:00 A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
9.1
CRITICAL
CVE-2019-8529 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-8530 2019-12-18 16:33 +00:00 This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. A malicious application may be able to overwrite arbitrary files.
5.5
MEDIUM
CVE-2019-8533 2019-12-18 16:33 +00:00 A lock handling issue was addressed with improved lock handling. This issue is fixed in macOS Mojave 10.14.4. A Mac may not lock when disconnecting from an external monitor.
7.8
HIGH
CVE-2019-8537 2019-12-18 16:33 +00:00 An access issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to view a user’s locked notes.
5.5
MEDIUM
CVE-2019-8540 2019-12-18 16:33 +00:00 A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.
5.5
MEDIUM
CVE-2019-8542 2019-12-18 16:33 +00:00 A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious application may be able to elevate privileges.
7.8
HIGH
CVE-2019-8545 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to cause unexpected system termination or read kernel memory.
7.1
HIGH
CVE-2019-8546 2019-12-18 16:33 +00:00 An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user may be able to view sensitive user information.
5.5
MEDIUM
CVE-2019-8549 2019-12-18 16:33 +00:00 Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to execute arbitrary code with system privileges.
7.8
HIGH
CVE-2019-8550 2019-12-18 16:33 +00:00 An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.
4.3
MEDIUM
CVE-2019-8552 2019-12-18 16:33 +00:00 A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to elevate privileges.
7.8
HIGH
CVE-2019-8590 2019-12-18 16:33 +00:00 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-7286 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.
7.8
HIGH
CVE-2019-7293 2019-12-18 16:33 +00:00 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to read kernel memory.
5.5
MEDIUM
CVE-2019-8502 2019-12-18 16:33 +00:00 An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization.
3.3
LOW
CVE-2019-8504 2019-12-18 16:33 +00:00 A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A local user may be able to read kernel memory.
5.5
MEDIUM
CVE-2019-8507 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.4. Processing malicious data may lead to unexpected application termination.
5.5
MEDIUM
CVE-2019-8508 2019-12-18 16:33 +00:00 A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.
7.8
HIGH
CVE-2019-8510 2019-12-18 16:33 +00:00 An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.
5.5
MEDIUM
CVE-2019-8511 2019-12-18 16:33 +00:00 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A malicious application may be able to elevate privileges.
7.8
HIGH
CVE-2019-8513 2019-12-18 16:33 +00:00 This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands.
7.8
HIGH
CVE-2019-8514 2019-12-18 16:33 +00:00 A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. An application may be able to gain elevated privileges.
7.8
HIGH
CVE-2019-8516 2019-12-18 16:33 +00:00 A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service.
7.5
HIGH
CVE-2019-8517 2019-12-18 16:33 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted font may result in the disclosure of process memory.
6.5
MEDIUM
CVE-2019-8519 2019-12-18 16:33 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. An application may be able to read restricted memory.
5.5
MEDIUM
CVE-2019-8520 2019-12-18 16:33 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to read restricted memory.
5.5
MEDIUM
CVE-2019-8521 2019-12-18 16:33 +00:00 This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to overwrite arbitrary files.
5.5
MEDIUM
CVE-2019-8522 2019-12-18 16:33 +00:00 A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.
5.5
MEDIUM
CVE-2019-8526 2019-12-18 16:33 +00:00 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.
7.8
HIGH
CVE-2019-6207 2019-12-18 16:33 +00:00 An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.
5.5
MEDIUM
CVE-2019-6237 2019-12-18 16:33 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-6239 2019-12-18 16:33 +00:00 This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks.
7.8
HIGH
CVE-2019-14899 2019-12-11 13:45 +00:00 A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.
7.4
HIGH
CVE-2019-15166 2019-10-03 14:01 +00:00 lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
7.5
HIGH
CVE-2018-16451 2019-10-03 13:57 +00:00 The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.
7.5
HIGH
CVE-2018-16230 2019-10-03 13:49 +00:00 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).
7.5
HIGH
CVE-2018-16229 2019-10-03 13:48 +00:00 The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
7.5
HIGH
CVE-2018-16228 2019-10-03 13:46 +00:00 The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
7.5
HIGH
CVE-2018-16227 2019-10-03 13:44 +00:00 The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.
7.5
HIGH
CVE-2018-14882 2019-10-03 13:41 +00:00 The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.
7.5
HIGH
CVE-2018-14881 2019-10-03 13:36 +00:00 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).
7.5
HIGH
CVE-2018-14880 2019-10-03 13:35 +00:00 The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
7.5
HIGH
CVE-2018-14879 2019-10-03 13:33 +00:00 The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().
7
HIGH
CVE-2018-14470 2019-10-03 13:31 +00:00 The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().
7.5
HIGH
CVE-2018-14469 2019-10-03 13:29 +00:00 The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
7.5
HIGH
CVE-2018-14468 2019-10-03 13:27 +00:00 The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
7.5
HIGH
CVE-2018-14467 2019-10-03 13:24 +00:00 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).
7.5
HIGH
CVE-2018-14466 2019-10-03 13:22 +00:00 The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().
7.5
HIGH
CVE-2018-14465 2019-10-03 13:15 +00:00 The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
7.5
HIGH
CVE-2018-14464 2019-10-03 13:13 +00:00 The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().
7.5
HIGH
CVE-2018-14463 2019-10-03 13:12 +00:00 The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.
7.5
HIGH
CVE-2018-14462 2019-10-03 13:11 +00:00 The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
7.5
HIGH
CVE-2018-14461 2019-10-03 13:09 +00:00 The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().
7.5
HIGH
CVE-2019-11042 2019-08-09 19:26 +00:00 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
7.1
HIGH
CVE-2019-11041 2019-08-09 19:26 +00:00 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
7.1
HIGH
CVE-2018-20505 2019-04-03 15:51 +00:00 SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
7.5
HIGH
CVE-2018-20506 2019-04-03 15:50 +00:00 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
8.1
HIGH
CVE-2017-13911 2019-04-03 15:43 +00:00 A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS X El Capitan 10.11.6 Security Update 2018-002, macOS Sierra 10.12.6 Security Update 2018-002, macOS High Sierra 10.13.2.
7.8
HIGH
CVE-2018-4427 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to: iOS 12.1, watchOS 5.1.2, tvOS 12.1.1, macOS High Sierra 10.13.6 Security Update 2018-003 High Sierra, macOS Sierra 10.12.6 Security Update 2018-006.
7.8
HIGH
CVE-2018-4447 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
7.8
HIGH
CVE-2018-4449 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.
7.8
HIGH
CVE-2018-4450 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.
7.8
HIGH
CVE-2018-4456 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14.
7.8
HIGH
CVE-2018-4460 2019-04-03 15:43 +00:00 A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
6.5
MEDIUM
CVE-2018-4461 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
7.8
HIGH
CVE-2018-4462 2019-04-03 15:43 +00:00 A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2.
5.5
MEDIUM
CVE-2018-4463 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.
7.8
HIGH
CVE-2018-4465 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
7.8
HIGH
CVE-2018-4470 2019-04-03 15:43 +00:00 A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6.
3.3
LOW
CVE-2018-4410 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.1.
7.8
HIGH
CVE-2018-4411 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.
7.8
HIGH
CVE-2018-4412 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
7.8
HIGH
CVE-2018-4413 2019-04-03 15:43 +00:00 A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
5.5
MEDIUM
CVE-2018-4414 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
7.8
HIGH
CVE-2018-4415 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.
7.8
HIGH
CVE-2018-4417 2019-04-03 15:43 +00:00 A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
5.5
MEDIUM
CVE-2018-4418 2019-04-03 15:43 +00:00 A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
5.5
MEDIUM
CVE-2018-4419 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
7.8
HIGH
CVE-2018-4420 2019-04-03 15:43 +00:00 A memory corruption issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
7.8
HIGH
CVE-2018-4421 2019-04-03 15:43 +00:00 A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.
7.8
HIGH
CVE-2018-4422 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.
8.8
HIGH
CVE-2018-4423 2019-04-03 15:43 +00:00 A logic issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.1.
7.8
HIGH
CVE-2018-4424 2019-04-03 15:43 +00:00 A buffer overflow was addressed with improved size validation. This issue affected versions prior to macOS Mojave 10.14.1.
7.8
HIGH
CVE-2018-4425 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
7.8
HIGH
CVE-2018-4426 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
7.8
HIGH
CVE-2018-4431 2019-04-03 15:43 +00:00 A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
5.5
MEDIUM
CVE-2018-4434 2019-04-03 15:43 +00:00 An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2.
7.1
HIGH
CVE-2018-4435 2019-04-03 15:43 +00:00 A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
7.8
HIGH
CVE-2018-4383 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
7.8
HIGH
CVE-2018-4389 2019-04-03 15:43 +00:00 An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1.
6.5
MEDIUM
CVE-2018-4393 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.
7.8
HIGH
CVE-2018-4394 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1.
7.8
HIGH
CVE-2018-4395 2019-04-03 15:43 +00:00 This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
5.5
MEDIUM
CVE-2018-4396 2019-04-03 15:43 +00:00 A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
5.5
MEDIUM
CVE-2018-4398 2019-04-03 15:43 +00:00 An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8.
7.5
HIGH
CVE-2018-4399 2019-04-03 15:43 +00:00 An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
5.5
MEDIUM
CVE-2018-4400 2019-04-03 15:43 +00:00 A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1.
5.5
MEDIUM
CVE-2018-4401 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
7.8
HIGH
CVE-2018-4402 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.
7.8
HIGH
CVE-2018-4403 2019-04-03 15:43 +00:00 This issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1.
5.5
MEDIUM
CVE-2018-4406 2019-04-03 15:43 +00:00 A denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.
6.5
MEDIUM
CVE-2018-4408 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved input validation This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
7.8
HIGH
CVE-2018-4351 2019-04-03 15:43 +00:00 A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.
5.5
MEDIUM
CVE-2018-4353 2019-04-03 15:43 +00:00 A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.
9.8
CRITICAL
CVE-2018-4354 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
8.6
HIGH
CVE-2018-4355 2019-04-03 15:43 +00:00 A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
5.5
MEDIUM
CVE-2018-4368 2019-04-03 15:43 +00:00 A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
6.5
MEDIUM
CVE-2018-4369 2019-04-03 15:43 +00:00 A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
7.5
HIGH
CVE-2018-4371 2019-04-03 15:43 +00:00 An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
7.8
HIGH
CVE-2018-4324 2019-04-03 15:43 +00:00 A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. This issue affected versions prior to macOS Mojave 10.14.
5.5
MEDIUM
CVE-2018-4326 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
7.8
HIGH
CVE-2018-4331 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
9.8
CRITICAL
CVE-2018-4332 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
9.8
CRITICAL
CVE-2018-4333 2019-04-03 15:43 +00:00 A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
5.5
MEDIUM
CVE-2018-4334 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.
7.8
HIGH
CVE-2018-4336 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
7.8
HIGH
CVE-2018-4337 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
7.8
HIGH
CVE-2018-4338 2019-04-03 15:43 +00:00 A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
5.5
MEDIUM
CVE-2018-4340 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
7.8
HIGH
CVE-2018-4341 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
8.6
HIGH
CVE-2018-4342 2019-04-03 15:43 +00:00 A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1.
5.5
MEDIUM
CVE-2018-4343 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
7.8
HIGH
CVE-2018-4344 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
7.8
HIGH
CVE-2018-4346 2019-04-03 15:43 +00:00 A validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14.
5.5
MEDIUM
CVE-2018-4347 2019-04-03 15:43 +00:00 A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
7.8
HIGH
CVE-2018-4348 2019-04-03 15:43 +00:00 A validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14.
5.5
MEDIUM
CVE-2018-4350 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.
7.8
HIGH
CVE-2018-4289 2019-04-03 15:43 +00:00 An information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6.
5.5
MEDIUM
CVE-2018-4293 2019-04-03 15:43 +00:00 A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
5.3
MEDIUM
CVE-2018-4295 2019-04-03 15:43 +00:00 An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.
9.8
CRITICAL
CVE-2018-4303 2019-04-03 15:43 +00:00 An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14, iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
7.8
HIGH
CVE-2018-4304 2019-04-03 15:43 +00:00 A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
5
MEDIUM
CVE-2018-4308 2019-04-03 15:43 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to macOS Mojave 10.14.
5.5
MEDIUM
CVE-2018-4310 2019-04-03 15:43 +00:00 An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
10
CRITICAL
CVE-2018-4321 2019-04-03 15:43 +00:00 A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12.
5.3
MEDIUM
CVE-2018-4268 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
9.8
CRITICAL
CVE-2018-4276 2019-04-03 15:43 +00:00 A null pointer dereference was addressed with improved validation. This issue affected versions prior to macOS High Sierra 10.13.6.
7.5
HIGH
CVE-2018-4280 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
7.8
HIGH
CVE-2018-4283 2019-04-03 15:43 +00:00 An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6.
5.5
MEDIUM
CVE-2018-4285 2019-04-03 15:43 +00:00 A type confusion issue was addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
7.8
HIGH
CVE-2017-7151 2019-04-03 15:43 +00:00 A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4.
7
HIGH
CVE-2018-4126 2019-04-03 15:43 +00:00 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
7.8
HIGH
CVE-2018-4153 2019-04-03 15:43 +00:00 An injection issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.
5.9
MEDIUM
CVE-2018-4178 2019-04-03 15:43 +00:00 A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4.
5.5
MEDIUM
CVE-2018-4203 2019-04-03 15:43 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
7.5
HIGH
CVE-2018-4248 2019-04-03 15:43 +00:00 An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
7.5
HIGH
CVE-2018-4259 2019-04-02 22:00 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
9.8
CRITICAL
CVE-2018-4286 2019-04-02 22:00 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
9.8
CRITICAL
CVE-2018-4287 2019-04-02 22:00 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
9.8
CRITICAL
CVE-2018-4288 2019-04-02 22:00 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
9.8
CRITICAL
CVE-2018-4291 2019-04-02 22:00 +00:00 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
9.8
CRITICAL
CVE-2018-4407 2019-04-02 22:00 +00:00 A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
8.8
HIGH
CVE-2019-6200 2019-03-05 15:00 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. An attacker in a privileged network position may be able to execute arbitrary code.
8.8
HIGH
CVE-2019-6202 2019-03-05 15:00 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges.
7.8
HIGH
CVE-2019-6205 2019-03-05 15:00 +00:00 A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.
7.8
HIGH
CVE-2019-6208 2019-03-05 15:00 +00:00 A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.
5.5
MEDIUM
CVE-2019-6209 2019-03-05 15:00 +00:00 An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout.
5.5
MEDIUM
CVE-2019-6210 2019-03-05 15:00 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-6211 2019-03-05 15:00 +00:00 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8
HIGH
CVE-2019-6213 2019-03-05 15:00 +00:00 A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-6214 2019-03-05 15:00 +00:00 A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to break out of its sandbox.
8.6
HIGH
CVE-2019-6218 2019-03-05 15:00 +00:00 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8
HIGH
CVE-2019-6219 2019-03-05 15:00 +00:00 A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service.
7.5
HIGH
CVE-2019-6220 2019-03-05 15:00 +00:00 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.3. An application may be able to read restricted memory.
5.5
MEDIUM
CVE-2019-6221 2019-03-05 15:00 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, iTunes 12.9.3 for Windows. A malicious application may be able to elevate privileges.
7.8
HIGH
CVE-2019-6223 2019-03-05 15:00 +00:00 A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.
7.5
HIGH
CVE-2019-6224 2019-03-05 15:00 +00:00 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution.
8.8
HIGH
CVE-2019-6225 2019-03-05 15:00 +00:00 A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.
7.8
HIGH
CVE-2019-6230 2019-03-05 15:00 +00:00 A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3,macOS Mojave 10.14.3,tvOS 12.1.2,watchOS 5.1.3. A malicious application may be able to break out of its sandbox.
8.6
HIGH
CVE-2019-6231 2019-03-05 15:00 +00:00 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to read restricted memory.
5.5
MEDIUM
CVE-2019-6235 2019-03-04 19:00 +00:00 A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3, iTunes 12.9.3 for Windows. A sandboxed process may be able to circumvent sandbox restrictions.
10
CRITICAL
CVE-2019-8906 2019-02-18 16:00 +00:00 do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
4.4
MEDIUM
CVE-2017-13886 2019-01-11 17:00 +00:00 In macOS High Sierra before 10.13.2, an access issue existed with privileged WiFi system configuration. This issue was addressed with additional restrictions.
6.5
MEDIUM
CVE-2017-13887 2019-01-11 17:00 +00:00 In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management.
7.5
HIGH
CVE-2018-4180 2019-01-11 17:00 +00:00 In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.
7.8
HIGH
CVE-2018-4181 2019-01-11 17:00 +00:00 In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.
5.5
MEDIUM
CVE-2018-4182 2019-01-11 17:00 +00:00 In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS.
8.2
HIGH
CVE-2018-4183 2019-01-11 17:00 +00:00 In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions.
8.2
HIGH
CVE-2018-4185 2019-01-11 17:00 +00:00 In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.
7.5
HIGH
CVE-2018-4217 2019-01-11 17:00 +00:00 In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing.
7.5
HIGH
CVE-2018-4254 2019-01-11 17:00 +00:00 In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation.
9.8
CRITICAL
CVE-2018-4255 2019-01-11 17:00 +00:00 In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.
5.5
MEDIUM
CVE-2018-4256 2019-01-11 17:00 +00:00 In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.
5.5
MEDIUM
CVE-2018-4257 2019-01-11 17:00 +00:00 In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation.
9.8
CRITICAL
CVE-2018-4258 2019-01-11 17:00 +00:00 In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking.
9.8
CRITICAL
CVE-2018-4277 2019-01-11 17:00 +00:00 In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
7.5
HIGH
CVE-2018-18311 2018-12-07 20:00 +00:00 Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
9.8
CRITICAL
CVE-2018-18313 2018-12-07 20:00 +00:00 Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
9.1
CRITICAL
CVE-2018-5383 2018-08-07 21:00 +00:00 Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
8
HIGH
CVE-2018-4990 2018-07-09 17:00 +00:00 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
8.8
HIGH
CVE-2017-7825 2018-06-11 19:00 +00:00 Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
5.3
MEDIUM
CVE-2017-7836 2018-06-11 19:00 +00:00 The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. Note: This attack requires an attacker have local system access and only affects OS X and Linux. Windows systems are not affected. This vulnerability affects Firefox < 57.
7.8
HIGH
CVE-2018-5110 2018-06-11 19:00 +00:00 If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 58.
5.3
MEDIUM
CVE-2018-5121 2018-06-11 19:00 +00:00 Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 58.
5.3
MEDIUM
CVE-2018-4141 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2018-4159 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2018-4171 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app that leverages device properties.
5.5
MEDIUM
CVE-2018-4184 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Speech" component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access.
7.5
HIGH
CVE-2018-4187 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message.
6.5
MEDIUM
CVE-2018-4193 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Windows Server" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2018-4196 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or obtain sensitive information via a crafted app.
7.8
HIGH
CVE-2018-4198 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "UIKit" component. It allows remote attackers to cause a denial of service via a crafted text file.
5.5
MEDIUM
CVE-2018-4202 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to spoof a password prompt.
5.9
MEDIUM
CVE-2018-4206 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a privileged port name.
7.8
HIGH
CVE-2018-4211 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.
7.8
HIGH
CVE-2018-4219 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "ATS" component. It allows attackers to gain privileges via a crafted app that leverages type confusion.
7.8
HIGH
CVE-2018-4221 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates.
7.5
HIGH
CVE-2018-4223 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent account identifier.
5.5
MEDIUM
CVE-2018-4224 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent device identifier.
5.5
MEDIUM
CVE-2018-4225 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on Keychain state modifications.
5.5
MEDIUM
CVE-2018-4226 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of sensitive user information.
5.5
MEDIUM
CVE-2018-4227 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration.
7.5
HIGH
CVE-2018-4228 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages a race condition.
7
HIGH
CVE-2018-4229 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Grand Central Dispatch" component. It allows attackers to bypass a sandbox protection mechanism by leveraging the misparsing of entitlement plists.
10
CRITICAL
CVE-2018-4230 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition.
7
HIGH
CVE-2018-4234 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2018-4235 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows local users to perform impersonation attacks via an unspecified injection.
5.5
MEDIUM
CVE-2018-4236 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2018-4237 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logic error.
7.8
HIGH
CVE-2018-4240 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.
6.5
MEDIUM
CVE-2018-4241 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary code in a privileged context via a crafted app.
7.8
HIGH
CVE-2018-4242 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Hypervisor" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2018-4243 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code in a privileged context via a crafted app.
7.8
HIGH
CVE-2018-4251 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Firmware" component. It allows attackers to modify the EFI flash-memory region that a crafted app that has root access.
5.5
MEDIUM
CVE-2018-4253 2018-06-08 16:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "AMD" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read of kernel memory) via a crafted app.
5.5
MEDIUM
CVE-2018-4249 2018-06-07 22:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglr_ipfilter_input in com.apple.packet-mangler in the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow and stack-based buffer overflow) via a crafted app.
7.8
HIGH
CVE-2018-12015 2018-06-07 11:00 +00:00 In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
7.5
HIGH
CVE-2018-8897 2018-05-08 16:00 +00:00 A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
7.8
HIGH
CVE-2018-4173 2018-04-13 15:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.
5.5
MEDIUM
CVE-2017-13850 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Font Importer" component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive information from process memory via a crafted font.
7.1
HIGH
CVE-2017-13853 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "AppleGraphicsControl" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-13854 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-13873 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app.
4.3
MEDIUM
CVE-2017-13890 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. macOS before 10.13 is affected. The issue involves the "CoreTypes" component. It allows remote attackers to trigger disk-image mounting via a crafted web site.
7.4
HIGH
CVE-2017-7000 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
8.8
HIGH
CVE-2017-7001 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
8.8
HIGH
CVE-2017-7002 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
8.8
HIGH
CVE-2017-7003 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted file.
5.5
MEDIUM
CVE-2017-7004 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app.
7
HIGH
CVE-2017-7065 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11.
8.8
HIGH
CVE-2017-7070 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows physically proximate attackers to bypass the screen-locking protection mechanism that should have been in place upon closing the lid.
6.8
MEDIUM
CVE-2017-7170 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Security" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
7.8
HIGH
CVE-2017-7171 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "CoreAnimation" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7172 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "CFNetwork Session" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7173 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2018-4082 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2018-4083 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Touch Bar Support" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2018-4084 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Wi-Fi" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2018-4085 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "QuartzCore" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
8.8
HIGH
CVE-2018-4086 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Security" component. It allows remote attackers to spoof certificate validation via crafted name constraints.
5.9
MEDIUM
CVE-2018-4088 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
8.8
HIGH
CVE-2018-4089 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
8.8
HIGH
CVE-2018-4090 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2018-4091 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. It allows bypass of a sandbox protection mechanism.
10
CRITICAL
CVE-2018-4092 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to bypass intended memory-read restrictions via a crafted app.
4.7
MEDIUM
CVE-2018-4093 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2018-4094 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.
7.8
HIGH
CVE-2018-4096 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
8.8
HIGH
CVE-2018-4097 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
7.8
HIGH
CVE-2018-4098 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2018-4100 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. watchOS before 4.2.2 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message.
7.5
HIGH
CVE-2018-4104 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2018-4105 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "APFS" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection.
9.8
CRITICAL
CVE-2018-4106 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the "Terminal" component. It allows user-assisted attackers to inject arbitrary commands within pasted content.
8.8
HIGH
CVE-2018-4107 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "PDFKit" component. It allows remote attackers to bypass intended restrictions on visiting URLs within a PDF document.
6.5
MEDIUM
CVE-2018-4108 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Management" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection.
9.8
CRITICAL
CVE-2018-4111 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature.
5.9
MEDIUM
CVE-2018-4112 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "ATS" component. It allows attackers to obtain sensitive information by leveraging symlink mishandling.
5.5
MEDIUM
CVE-2018-4115 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profile persistence.
9.8
CRITICAL
CVE-2018-4124 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2.6 is affected. macOS before 10.13.3 Supplemental Update is affected. tvOS before 11.2.6 is affected. watchOS before 4.2.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a crafted string containing a certain Telugu character.
9.8
CRITICAL
CVE-2018-4131 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass the Secure Input Mode protection mechanism, and log keystrokes of arbitrary apps, via a crafted app that scans key states.
7.8
HIGH
CVE-2018-4132 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2018-4135 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2018-4136 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.
7.8
HIGH
CVE-2018-4138 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2018-4139 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2018-4142 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted string.
7.5
HIGH
CVE-2018-4143 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2018-4144 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Security" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
7.8
HIGH
CVE-2018-4150 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2018-4151 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7
HIGH
CVE-2018-4152 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Notes" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7
HIGH
CVE-2018-4154 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7
HIGH
CVE-2018-4155 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7
HIGH
CVE-2018-4156 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7
HIGH
CVE-2018-4157 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7
HIGH
CVE-2018-4158 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7
HIGH
CVE-2018-4160 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.
7.8
HIGH
CVE-2018-4166 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7
HIGH
CVE-2018-4167 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7
HIGH
CVE-2018-4170 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution.
7.8
HIGH
CVE-2018-4174 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.
5.9
MEDIUM
CVE-2018-4175 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app.
7.8
HIGH
CVE-2018-4176 2018-04-03 04:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Images" component. It allows attackers to trigger an app launch upon mounting a crafted disk image.
5.5
MEDIUM
CVE-2017-13904 2018-04-02 22:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-13847 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-13848 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
7.8
HIGH
CVE-2017-13855 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app that triggers type confusion.
5.5
MEDIUM
CVE-2017-13858 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
7.8
HIGH
CVE-2017-13860 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption.
5.9
MEDIUM
CVE-2017-13862 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-13865 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-13867 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-13868 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-13869 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-13871 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the recipient.
7.5
HIGH
CVE-2017-13875 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.
7.8
HIGH
CVE-2017-13876 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-13878 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash).
7.1
HIGH
CVE-2017-13883 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7154 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash).
6.6
MEDIUM
CVE-2017-7155 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7158 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Screen Sharing Server" component. It allows attackers to obtain root privileges for reading files by leveraging screen-sharing access.
6.5
MEDIUM
CVE-2017-7159 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7162 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7163 2017-12-25 20:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-13786 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryption buffers, which allows attackers to read cleartext APFS data via a crafted Thunderbolt adapter.
4.6
MEDIUM
CVE-2017-13799 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-13800 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-13801 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search.
3.3
LOW
CVE-2017-13804 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "StreamingZip" component. It allows remote attackers to write to unintended pathnames via a crafted ZIP archive.
5.5
MEDIUM
CVE-2017-13807 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted QuickTime file.
7.8
HIGH
CVE-2017-13808 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Remote Management" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-13809 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "AppleScript" component. It allows remote attackers to execute arbitrary code via a crafted AppleScript file that is mishandled by osadecompile.
7.8
HIGH
CVE-2017-13810 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to obtain sensitive information by leveraging an error in packet counters.
5.5
MEDIUM
CVE-2017-13811 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "fsck_msdos" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-13812 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted archive file.
7.8
HIGH
CVE-2017-13813 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file.
7.8
HIGH
CVE-2017-13814 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file.
7.8
HIGH
CVE-2017-13815 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "file" product. Versions before 5.31 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
9.8
CRITICAL
CVE-2017-13816 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file.
7.8
HIGH
CVE-2017-13817 2017-11-13 02:00 +00:00 An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions.
5.5
MEDIUM
CVE-2017-13818 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-13819 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HelpViewer" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML documents.
6.1
MEDIUM
CVE-2017-13820 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ATS" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted font.
7.1
HIGH
CVE-2017-13821 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFString" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-13822 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-13823 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "QuickTime" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-13824 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Open Scripting Architecture" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted AppleScript file that is mishandled by osadecompile.
7.8
HIGH
CVE-2017-13825 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted font file.
7.8
HIGH
CVE-2017-13828 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Fonts" component. It allows remote attackers to spoof the user interface via crafted text.
5.5
MEDIUM
CVE-2017-13829 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFNetwork" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-13830 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-13831 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service via a crafted image.
7.1
HIGH
CVE-2017-13832 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "802.1X" component. It allows attackers to have an unspecified impact by leveraging TLS 1.0 support.
9.8
CRITICAL
CVE-2017-13833 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFNetwork" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-13834 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted mach binary.
7.8
HIGH
CVE-2017-13836 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-13838 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Sandbox" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-13840 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-13841 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-13842 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-13843 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-13846 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
9.8
CRITICAL
CVE-2017-13852 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate.
3.3
LOW
CVE-2017-7132 2017-11-13 02:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document.
7.8
HIGH
CVE-2017-13782 2017-11-12 23:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a /dev/dtracehelper attack involving the dtrace_dif_variable and dtrace_getarg functions.
5.5
MEDIUM
CVE-2017-7074 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "AppSandbox" component. It allows attackers to cause a denial of service via a crafted app.
5.5
MEDIUM
CVE-2017-7076 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file.
7.8
HIGH
CVE-2017-7077 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7078 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component. It allows remote attackers to obtain sensitive information by reading unintended cleartext transmissions.
5.3
MEDIUM
CVE-2017-7080 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended certificate-trust restrictions via a revoked X.509 certificate.
7.5
HIGH
CVE-2017-7082 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Screen Lock" component. It allows physically proximate attackers to read Application Firewall prompts.
2.4
LOW
CVE-2017-7083 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "CFNetwork Proxies" component. It allows remote attackers to cause a denial of service.
4.9
MEDIUM
CVE-2017-7084 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Application Firewall" component. It allows remote attackers to bypass intended settings in opportunistic circumstances by leveraging incorrect handling of a denied setting after an upgrade.
3.7
LOW
CVE-2017-7086 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "libc" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted string that is mishandled by the glob function.
7.5
HIGH
CVE-2017-7114 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7119 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-7121 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
9.8
CRITICAL
CVE-2017-7122 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
9.8
CRITICAL
CVE-2017-7123 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
9.8
CRITICAL
CVE-2017-7124 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
9.8
CRITICAL
CVE-2017-7125 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
9.8
CRITICAL
CVE-2017-7126 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
9.8
CRITICAL
CVE-2017-7127 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. iCloud before 7.0 on Windows is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "SQLite" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7128 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
9.8
CRITICAL
CVE-2017-7129 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
9.8
CRITICAL
CVE-2017-7130 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
9.8
CRITICAL
CVE-2017-7138 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner.
3.3
LOW
CVE-2017-7141 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via an HTML email message.
5.3
MEDIUM
CVE-2017-7143 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Captive Network Assistant" component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the network during use of the captive portal browser, which has a UI error that can lead to cleartext transmission without the user's awareness.
5.5
MEDIUM
CVE-2017-7149 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "StorageKit" component. It allows attackers to discover passwords for APFS encrypted volumes by reading Disk Utility hints, because the stored hint value was accidentally set to the password itself, not the entered hint value.
7.8
HIGH
CVE-2017-7150 2017-10-22 23:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click.
5.5
MEDIUM
CVE-2017-11209 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability that occurs when reading a JPEG file embedded within XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11210 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing, where the font is embedded in the XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11211 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the JPEG parser. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11212 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text output. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11214 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11216 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to bitmap transformations. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11217 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11218 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event management. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11219 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering engine. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11220 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in an internal data structure. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11221 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the annotation functionality. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11222 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) engine. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11223 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11224 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11226 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image processing engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11227 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11228 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11229 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Format (FDF).
8.8
HIGH
CVE-2017-11230 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 engine. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11231 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in Acrobat/Reader rendering engine. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11232 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (EMF) data related to brush manipulation. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11233 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to block transfer of pixels. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11234 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11235 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11236 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal handling of UTF-16 literal strings. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11237 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing module. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11238 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11239 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text strings. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11241 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11243 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11244 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transformation of blocks of pixels. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11245 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11246 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing JPEG data. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11248 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to pixel block transfer. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11249 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing an invalid Enhanced Metafile Format (EMF) record. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11251 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 parsing module. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11252 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager (AGM) module. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11254 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11255 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF color map data. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11256 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11257 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11258 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11259 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11260 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11261 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11262 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11263 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal data structure manipulation related to document encoding. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11265 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager module. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-11267 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11268 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11269 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11270 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-11271 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transfer of pixel blocks. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-3016 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-3113 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in JavaScript engine when creating large strings. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-3115 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability when handling links in a PDF document.
6.5
MEDIUM
CVE-2017-3116 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-3117 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the plugin that handles links within the PDF. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-3118 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments.
6.5
MEDIUM
CVE-2017-3119 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in Acrobat/Reader 11.0.19 engine. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-3120 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA parsing engine when handling certain types of internal instructions. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-3121 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Enhanced Metafile Format (EMF) parser. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-3122 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-3123 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data drawing position definition. Successful exploitation could lead to arbitrary code execution.
8.8
HIGH
CVE-2017-3124 2017-08-11 19:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to arbitrary code execution.
9.8
CRITICAL
CVE-2017-11242 2017-08-11 17:00 +00:00 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to line segments. Successful exploitation could lead to arbitrary code execution.
6.5
MEDIUM
CVE-2017-7008 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "CoreAudio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
7.8
HIGH
CVE-2017-7009 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "IOUSBFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7010 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "libxml2" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file.
7.8
HIGH
CVE-2017-7013 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxml2" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file.
7.8
HIGH
CVE-2017-7014 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7015 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Audio" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted audio file.
7.8
HIGH
CVE-2017-7016 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "afclip" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.
7.8
HIGH
CVE-2017-7017 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7021 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7026 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7027 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7028 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-7029 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-7031 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.
7.8
HIGH
CVE-2017-7032 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7033 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "afclip" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.
7.8
HIGH
CVE-2017-7035 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7036 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-7044 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-7045 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-7047 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
8.8
HIGH
CVE-2017-7050 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
8
HIGH
CVE-2017-7051 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
8
HIGH
CVE-2017-7054 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
8
HIGH
CVE-2017-7062 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Contacts" component. A buffer overflow allows remote attackers to execute arbitrary code or cause a denial of service (application crash).
9.8
CRITICAL
CVE-2017-7067 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-7068 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file.
8.8
HIGH
CVE-2017-7069 2017-07-20 14:00 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-9788 2017-07-13 16:00 +00:00 In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
9.1
CRITICAL
CVE-2017-11103 2017-07-13 11:00 +00:00 Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.
8.1
HIGH
CVE-2017-3167 2017-06-19 23:00 +00:00 In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
9.8
CRITICAL
CVE-2017-7668 2017-06-19 23:00 +00:00 The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
7.5
HIGH
CVE-2016-9840 2017-05-23 01:56 +00:00 inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
8.8
HIGH
CVE-2016-9841 2017-05-23 01:56 +00:00 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
9.8
CRITICAL
CVE-2016-9842 2017-05-23 01:56 +00:00 The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
8.8
HIGH
CVE-2016-9843 2017-05-23 01:56 +00:00 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
9.8
CRITICAL
CVE-2017-2494 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2497 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book.
6.1
MEDIUM
CVE-2017-2501 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7
HIGH
CVE-2017-2502 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreAudio" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-2503 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2507 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-2509 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-2512 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Sandbox" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2513 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement.
9.8
CRITICAL
CVE-2017-2516 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5
MEDIUM
CVE-2017-2518 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.
9.8
CRITICAL
CVE-2017-2519 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement.
9.8
CRITICAL
CVE-2017-2520 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.
9.8
CRITICAL
CVE-2017-2521 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
8.8
HIGH
CVE-2017-2522 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.
9.8
CRITICAL
CVE-2017-2523 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.
9.8
CRITICAL
CVE-2017-2524 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "TextInput" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.
9.8
CRITICAL
CVE-2017-2527 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "CoreAnimation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via crafted data.
9.8
CRITICAL
CVE-2017-2533 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7
HIGH
CVE-2017-2534 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks via a crafted app.
8.6
HIGH
CVE-2017-2535 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Security" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (resource consumption) via a crafted app.
7.8
HIGH
CVE-2017-2537 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2540 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-2541 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2542 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2543 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2545 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2546 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2548 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-6977 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.
8.6
HIGH
CVE-2017-6978 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-6979 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7
HIGH
CVE-2017-6981 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that uses symlinks.
7.8
HIGH
CVE-2017-6983 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
8.8
HIGH
CVE-2017-6985 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-6986 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-6987 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-6988 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes.
5.9
MEDIUM
CVE-2017-6990 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "HFS" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5
MEDIUM
CVE-2017-6991 2017-05-22 02:54 +00:00 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
8.8
HIGH
CVE-2016-4650 2017-04-20 15:00 +00:00 Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-3011 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the CCITT fax PDF filter. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3012 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in the OCR plugin.
7.8
HIGH
CVE-2017-3013 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in a DLL related to remote logging.
7.8
HIGH
CVE-2017-3014 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in XML Forms Architecture (XFA) related to reset form functionality. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3015 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 parsing functionality. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3017 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when handling a malformed PDF file. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3018 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the renderer functionality. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3019 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) format parser. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3020 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the weblink module.
3.3
LOW
CVE-2017-3021 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser engine.
3.3
LOW
CVE-2017-3022 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when parsing the header of a JPEG 2000 file.
3.3
LOW
CVE-2017-3023 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 code-stream tile functionality. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3024 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when manipulating PDF annotations. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3025 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability related to internal object representation manipulation. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3026 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability when manipulating an internal data structure. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3027 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XFA module, related to the choiceList element. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3028 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion module, related to processing of TIFF files. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3029 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling a JPEG 2000 code-stream.
3.3
LOW
CVE-2017-3030 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the AES module. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3031 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the XSLT engine.
3.3
LOW
CVE-2017-3032 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser.
3.3
LOW
CVE-2017-3033 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling JPEG 2000 code-stream tile data.
3.3
LOW
CVE-2017-3034 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3035 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture (XFA) engine. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3036 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in image conversion related to processing of the PCX (picture exchange) file format. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3037 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.
9.8
CRITICAL
CVE-2017-3038 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing TTF (TrueType font format) stream data. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3039 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the PPKLite security handler. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3040 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 image compression module. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3041 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing font data in the MakeAccessible plugin. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3042 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in image conversion, related to parsing offsets in TIFF files. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3043 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality.
5.5
MEDIUM
CVE-2017-3044 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 engine, related to image scaling. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3045 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to the palette box.
5.5
MEDIUM
CVE-2017-3046 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to contiguous code-stream parsing.
5.5
MEDIUM
CVE-2017-3047 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript engine's annotation-related API. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3048 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal scan line representation in TIFF files. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3049 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal tile manipulation in TIFF files. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3050 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of GIF files. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3051 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of JPEG files. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3052 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of EMF - enhanced meta file format.
5.5
MEDIUM
CVE-2017-3053 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of the APP13 segment in JPEG files.
5.5
MEDIUM
CVE-2017-3054 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to manipulation of EMF files. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3055 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in JPEG 2000 parsing of the fragment list tag. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3056 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine, related to string manipulation. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3057 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript API related to the collaboration functionality. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-3065 2017-04-12 12:00 +00:00 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the font manipulation functionality. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2016-7585 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the "EFI" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter.
6.8
MEDIUM
CVE-2017-2379 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Carbon" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted .dfont file.
7.8
HIGH
CVE-2017-2381 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "sudo" component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server.
8.8
HIGH
CVE-2017-2388 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
5.5
MEDIUM
CVE-2017-2390 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change arbitrary directory permissions via unspecified vectors.
5.5
MEDIUM
CVE-2017-2398 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2401 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2402 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multiple payloads. It allows remote attackers to bypass intended access restrictions by leveraging Active Directory certificate trust that should not have remained.
9.8
CRITICAL
CVE-2017-2403 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL.
8.8
HIGH
CVE-2017-2406 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.
7.8
HIGH
CVE-2017-2407 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.
7.8
HIGH
CVE-2017-2408 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOATAFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2409 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Menus" component. It allows attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted app.
7.1
HIGH
CVE-2017-2410 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
7.8
HIGH
CVE-2017-2413 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "QuickTime" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted media file.
7.8
HIGH
CVE-2017-2415 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code by leveraging an unspecified "type confusion."
8.8
HIGH
CVE-2017-2416 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file.
7.8
HIGH
CVE-2017-2417 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to cause a denial of service (infinite recursion) via a crafted image.
5.5
MEDIUM
CVE-2017-2418 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Hypervisor" component. It allows guest OS users to obtain sensitive information from the CR8 control register via unspecified vectors.
6.5
MEDIUM
CVE-2017-2420 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2421 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "AppleGraphicsPowerManagement" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7.8
HIGH
CVE-2017-2422 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2423 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature.
9.8
CRITICAL
CVE-2017-2425 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "SecurityFoundation" component. A double free vulnerability allows remote attackers to execute arbitrary code via a crafted certificate.
7.8
HIGH
CVE-2017-2426 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "iBooks" component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file.
3.3
LOW
CVE-2017-2427 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2428 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an unspecified impact via unknown vectors.
9.8
CRITICAL
CVE-2017-2429 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "FinderKit" component. It allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging unexpected permission changes during an iCloud Sharing Send Link action.
7.5
HIGH
CVE-2017-2430 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.
7.8
HIGH
CVE-2017-2431 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "CoreMedia" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .mov file.
7.8
HIGH
CVE-2017-2432 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.
7.8
HIGH
CVE-2017-2435 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.
7.8
HIGH
CVE-2017-2436 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2437 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireAVC" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
7.8
HIGH
CVE-2017-2438 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "AppleRAID" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
7.8
HIGH
CVE-2017-2439 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.
7.1
HIGH
CVE-2017-2440 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow) via a crafted app.
7.8
HIGH
CVE-2017-2441 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "libc++abi" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted C++ app that is mishandled during demangling.
7.8
HIGH
CVE-2017-2443 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2448 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets.
5.9
MEDIUM
CVE-2017-2449 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
7.8
HIGH
CVE-2017-2450 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.
7.1
HIGH
CVE-2017-2451 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app.
7.8
HIGH
CVE-2017-2456 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7
HIGH
CVE-2017-2458 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Keyboards" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
7.8
HIGH
CVE-2017-2461 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message.
7.5
HIGH
CVE-2017-2462 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.
7.8
HIGH
CVE-2017-2467 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.
7.8
HIGH
CVE-2017-2472 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
7.8
HIGH
CVE-2017-2473 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2474 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. An off-by-one error allows attackers to execute arbitrary code in a privileged context via a crafted app.
7.8
HIGH
CVE-2017-2477 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "libxslt" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
9.8
CRITICAL
CVE-2017-2478 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7
HIGH
CVE-2017-2482 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
7.8
HIGH
CVE-2017-2483 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
7.8
HIGH
CVE-2017-2485 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted X.509 certificate file.
8.8
HIGH
CVE-2017-2487 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.
7.8
HIGH
CVE-2017-2489 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
5.5
MEDIUM
CVE-2017-2490 2017-04-01 23:36 +00:00 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2016-4617 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component.
8.8
HIGH
CVE-2016-4660 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font.
7.1
HIGH
CVE-2016-4661 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ntfs" component, which misparses disk images and allows attackers to cause a denial of service via a crafted app.
5.5
MEDIUM
CVE-2016-4662 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "AppleGraphicsControl" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2016-4663 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to cause a denial of service (memory corruption) via a crafted app.
5.5
MEDIUM
CVE-2016-4667 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
8.8
HIGH
CVE-2016-4669 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.
7.8
HIGH
CVE-2016-4670 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log.
3.3
LOW
CVE-2016-4671 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) via a crafted PDF file.
7.8
HIGH
CVE-2016-4673 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.
7.8
HIGH
CVE-2016-4674 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.
7.8
HIGH
CVE-2016-4675 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
7.8
HIGH
CVE-2016-4678 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "AppleSMC" component. It allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
7.8
HIGH
CVE-2016-4679 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink.
5.5
MEDIUM
CVE-2016-4681 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Core Image" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.
7.8
HIGH
CVE-2016-4682 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file.
7.1
HIGH
CVE-2016-4683 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted SGI file.
7.8
HIGH
CVE-2016-4688 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted font.
8.8
HIGH
CVE-2016-4691 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
8.8
HIGH
CVE-2016-4693 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher.
7.5
HIGH
CVE-2016-4721 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle attackers to spoof calls via a "switch caller" notification.
5.9
MEDIUM
CVE-2016-4780 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Thunderbolt" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
7.8
HIGH
CVE-2016-7577 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended.
3.7
LOW
CVE-2016-7579 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information.
5.9
MEDIUM
CVE-2016-7580 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL.
6.5
MEDIUM
CVE-2016-7582 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
8.8
HIGH
CVE-2016-7584 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "AppleMobileFileIntegrity" component, which allows remote attackers to spoof signed code by using a matching team ID.
7.8
HIGH
CVE-2016-7588 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreMedia Playback" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted MP4 file.
8.8
HIGH
CVE-2016-7591 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
6.5
MEDIUM
CVE-2016-7594 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ICU" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
8.8
HIGH
CVE-2016-7595 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
8.8
HIGH
CVE-2016-7596 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
8.8
HIGH
CVE-2016-7600 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app.
6.2
MEDIUM
CVE-2016-7602 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2016-7603 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreStorage" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
5.5
MEDIUM
CVE-2016-7604 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreCapture" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
5.5
MEDIUM
CVE-2016-7605 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
5.5
MEDIUM
CVE-2016-7606 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2016-7607 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows attackers to obtain sensitive information from kernel memory via a crafted app.
5.5
MEDIUM
CVE-2016-7608 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOFireWireFamily" component, which allows local users to obtain sensitive information from kernel memory via unspecified vectors.
5.5
MEDIUM
CVE-2016-7609 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
6.2
MEDIUM
CVE-2016-7612 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2016-7613 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages object-lifetime mishandling during process spawning.
7.8
HIGH
CVE-2016-7615 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows local users to cause a denial of service via unspecified vectors.
5.5
MEDIUM
CVE-2016-7616 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Disk Images" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2016-7617 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app.
7.8
HIGH
CVE-2016-7618 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .gcx file.
7.8
HIGH
CVE-2016-7619 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "libarchive" component, which allows local users to write to arbitrary files via vectors related to symlinks.
5.5
MEDIUM
CVE-2016-7620 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOSurface" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
3.3
LOW
CVE-2016-7621 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via unspecified vectors.
7.8
HIGH
CVE-2016-7622 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Grapher" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .gcx file.
7.8
HIGH
CVE-2016-7624 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
3.3
LOW
CVE-2016-7625 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
3.3
LOW
CVE-2016-7627 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreGraphics" component. It allows attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted font.
6.5
MEDIUM
CVE-2016-7628 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Assets" component, which allows local users to bypass intended permission restrictions and change a downloaded mobile asset via unspecified vectors.
5.5
MEDIUM
CVE-2016-7629 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2016-7633 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial of service (use-after-free) via unspecified vectors.
7.8
HIGH
CVE-2016-7636 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows man-in-the-middle attackers to cause a denial of service (application crash) via vectors related to OCSP responder URLs.
5.9
MEDIUM
CVE-2016-7637 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
7.8
HIGH
CVE-2016-7643 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted web site.
8.1
HIGH
CVE-2016-7644 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
7.8
HIGH
CVE-2016-7655 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreMedia External Displays" component. It allows local users to gain privileges or cause a denial of service (type confusion) via unspecified vectors.
7.8
HIGH
CVE-2016-7657 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
3.3
LOW
CVE-2016-7658 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.
8.8
HIGH
CVE-2016-7659 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.
8.8
HIGH
CVE-2016-7660 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.
7.8
HIGH
CVE-2016-7661 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.
7.8
HIGH
CVE-2016-7662 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors.
7.5
HIGH
CVE-2016-7663 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.
9.8
CRITICAL
CVE-2016-7667 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service via a crafted string.
7.5
HIGH
CVE-2016-7714 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
3.3
LOW
CVE-2016-7742 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "xar" component, which allows remote attackers to execute arbitrary code via a crafted archive that triggers use of uninitialized memory locations.
7.8
HIGH
CVE-2016-7761 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "WiFi" component, which allows local users to obtain sensitive network-configuration information by leveraging global storage.
5.5
MEDIUM
CVE-2017-2353 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
7.8
HIGH
CVE-2017-2357 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
3.3
LOW
CVE-2017-2358 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7.8
HIGH
CVE-2017-2360 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
7.8
HIGH
CVE-2017-2361 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.
6.1
MEDIUM
CVE-2017-2370 2017-02-20 07:35 +00:00 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app.
7.8
HIGH
CVE-2017-2970 2017-01-24 06:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine related to template manipulation. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2971 2017-01-24 06:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the JPEG decoder routine. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2972 2017-01-24 06:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module related to JPEG parsing. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2939 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing a malformed cross-reference table. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2940 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing JPEG 2000 files. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2941 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing Compact Font Format data. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2942 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when processing TIFF image data. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2943 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing tags in TIFF images. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2944 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when parsing crafted TIFF image files. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2945 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing TIFF image files. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2946 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing the segment for storing non-graphic information. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2947 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability when manipulating Form Data Format (FDF).
5.5
MEDIUM
CVE-2017-2948 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the XFA engine. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2949 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2950 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2951 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to sub-form functionality. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2952 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the image conversion module related to parsing tags in TIFF files. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2953 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when processing a TIFF image. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2954 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when handling malformed TIFF images. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2955 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2956 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to manipulation of the navigation pane. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2957 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to collaboration functionality. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2958 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2959 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to parsing of color profile metadata. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2960 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of EXIF metadata. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2961 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to validation functionality. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2962 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable type confusion vulnerability in the XSLT engine related to localization functionality. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2963 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to handling of the color profile in a TIFF file. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2964 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to the parsing of JPEG EXIF metadata. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2965 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to TIFF file parsing. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2966 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine related to parsing malformed TIFF segments. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2017-2967 2017-01-11 03:40 +00:00 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the XFA engine related to a form's structure and organization. Successful exploitation could lead to arbitrary code execution.
7.8
HIGH
CVE-2016-5328 2016-12-29 08:02 +00:00 VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.
5.5
MEDIUM
CVE-2016-5329 2016-12-29 08:02 +00:00 VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.
5.5
MEDIUM
CVE-2016-7079 2016-12-29 08:02 +00:00 The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080.
7.8
HIGH
CVE-2016-7080 2016-12-29 08:02 +00:00 The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079.
7.8
HIGH
CVE-2016-4095 2016-11-10 15:00 +00:00 Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
9.8
CRITICAL
CVE-2016-7852 2016-10-21 15:00 +00:00 Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7853, and CVE-2016-7854.
9.8
CRITICAL
CVE-2016-7853 2016-10-21 15:00 +00:00 Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7852, and CVE-2016-7854.
9.8
CRITICAL
CVE-2016-7854 2016-10-21 15:00 +00:00 Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7852, and CVE-2016-7853.
9.8
CRITICAL
CVE-2016-1089 2016-10-13 17:00 +00:00 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.
9.8
CRITICAL
CVE-2016-1091 2016-10-13 17:00 +00:00 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.
9.8
CRITICAL
CVE-2016-4286 2016-10-13 17:00 +00:00