Apple macOS vulnerabilities

3,139 known vulnerabilities affecting apple/mac_os_x.

Total CVEs

3,139

CISA KEV

actively exploited

Public exploits

277

Exploited in wild

Severity breakdown

CRITICAL302HIGH1409MEDIUM1236LOW192

Vulnerabilities

Page 61 of 157

CVE-2017-13830HIGHCVSS 7.8≤ 10.13.02017-11-13

CVE-2017-13830 [HIGH] CWE-119 CVE-2017-13830: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2017-13813HIGHCVSS 7.8≤ 10.13.02017-11-13

CVE-2017-13813 [HIGH] CWE-119 CVE-2017-13813: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file.

nvd

CVE-2017-13842MEDIUMCVSS 5.5≤ 10.13.02017-11-13

CVE-2017-13842 [MEDIUM] CWE-200 CVE-2017-13842: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

nvd

CVE-2017-13828MEDIUMCVSS 5.5≤ 10.13.02017-11-13

CVE-2017-13828 [MEDIUM] CVE-2017-13828: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Fonts" component. It allows remote attackers to spoof the user interface via crafted text.

nvd

CVE-2017-13819MEDIUMCVSS 6.1≤ 10.13.02017-11-13

CVE-2017-13819 [MEDIUM] CWE-79 CVE-2017-13819: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HelpViewer" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML documents.

nvd

CVE-2017-13841MEDIUMCVSS 5.5≤ 10.13.02017-11-13

CVE-2017-13841 [MEDIUM] CWE-200 CVE-2017-13841: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

nvd

CVE-2017-13836MEDIUMCVSS 5.5≤ 10.13.02017-11-13

CVE-2017-13836 [MEDIUM] CWE-200 CVE-2017-13836: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

nvd

CVE-2017-13821MEDIUMCVSS 5.5≤ 10.13.02017-11-13

CVE-2017-13821 [MEDIUM] CWE-200 CVE-2017-13821: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFString" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

nvd

CVE-2017-13822MEDIUMCVSS 5.5≤ 10.13.02017-11-13

CVE-2017-13822 [MEDIUM] CWE-200 CVE-2017-13822: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

nvd

CVE-2017-13823MEDIUMCVSS 5.5≤ 10.13.02017-11-13

CVE-2017-13823 [MEDIUM] CWE-200 CVE-2017-13823: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "QuickTime" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

nvd

CVE-2017-13782MEDIUMCVSS 5.5≤ 10.13.02017-11-13

CVE-2017-13782 [MEDIUM] CWE-200 CVE-2017-13782: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a /dev/dtracehelper attack involving the dtrace_dif_variable and dtrace_getarg functions.

nvd

CVE-2017-13840MEDIUMCVSS 5.5≤ 10.13.02017-11-13

CVE-2017-13840 [MEDIUM] CWE-200 CVE-2017-13840: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

nvd

CVE-2017-13817MEDIUMCVSS 5.5≤ 10.13.02017-11-13

CVE-2017-13817 [MEDIUM] CWE-125 CVE-2017-13817: An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affect An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions.

nvd

CVE-2017-13804MEDIUMCVSS 5.5fixed in 10.13.12017-11-13

CVE-2017-13804 [MEDIUM] CWE-20 CVE-2017-13804: An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "StreamingZip" component. It allows remote attackers to write to unintended pathnames via a crafted ZIP archive.

nvd

CVE-2017-13786MEDIUMCVSS 4.6≤ 10.13.02017-11-13

CVE-2017-13786 [MEDIUM] CVE-2017-13786: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryption buffers, which allows attackers to read cleartext APFS data via a crafted Thunderbolt adapter.

nvd

CVE-2017-13818MEDIUMCVSS 5.5≤ 10.13.02017-11-13

CVE-2017-13818 [MEDIUM] CWE-200 CVE-2017-13818: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

nvd

CVE-2017-13810MEDIUMCVSS 5.5≤ 10.13.02017-11-13

CVE-2017-13810 [MEDIUM] CWE-200 CVE-2017-13810: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to obtain sensitive information by leveraging an error in packet counters.

nvd

CVE-2017-13801LOWCVSS 3.3≤ 10.13.02017-11-13

CVE-2017-13801 [LOW] CWE-200 CVE-2017-13801: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search.

nvd

CVE-2017-13852LOWCVSS 3.3fixed in 10.13.12017-11-13

CVE-2017-13852 [LOW] CWE-200 CVE-2017-13852: An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate.

nvd

CVE-2017-7128CRITICALCVSS 9.8≤ 10.12.62017-10-23

CVE-2017-7128 [CRITICAL] CWE-119 CVE-2017-7128: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other i

nvd

← Previous61 / 157Next →