| Max CVSS | 9.3 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-9842 | 6.8 |
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
|
28-08-2024 - 16:07 | 23-05-2017 - 04:29 | |
| CVE-2016-9840 | 6.8 |
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
|
16-08-2022 - 13:16 | 23-05-2017 - 04:29 | |
| CVE-2016-9841 | 7.5 |
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
|
16-08-2022 - 13:02 | 23-05-2017 - 04:29 | |
| CVE-2016-9843 | 7.5 |
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
|
16-08-2022 - 13:02 | 23-05-2017 - 04:29 | |
| CVE-2017-9233 | 5.0 |
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
|
28-07-2022 - 11:30 | 25-07-2017 - 20:29 | |
| CVE-2017-6458 | 6.5 |
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
|
12-07-2021 - 17:15 | 27-03-2017 - 17:59 | |
| CVE-2017-11103 | 6.8 |
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name
|
18-08-2020 - 15:05 | 13-07-2017 - 13:29 | |
| CVE-2017-7084 | 4.3 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Application Firewall" component. It allows remote attackers to bypass intended settings in opportunistic circumstances by leveraging incorrect
|
03-10-2019 - 00:03 | 23-10-2017 - 01:29 | |
| CVE-2017-7086 | 7.8 |
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "libc" component. It allows remote attackers to cause a den
|
03-10-2019 - 00:03 | 23-10-2017 - 01:29 | |
| CVE-2017-7078 | 5.0 |
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component. It allows remote attackers to obtain sensitive information by reading unintended cleartext t
|
03-10-2019 - 00:03 | 23-10-2017 - 01:29 | |
| CVE-2017-7143 | 2.1 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Captive Network Assistant" component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the
|
03-10-2019 - 00:03 | 23-10-2017 - 01:29 | |
| CVE-2017-13827 | 9.3 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that performs kext loading.
|
03-10-2019 - 00:03 | 03-04-2018 - 06:29 | |
| CVE-2017-13851 | 2.1 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files.
|
03-10-2019 - 00:03 | 03-04-2018 - 06:29 | |
| CVE-2017-13837 | 5.0 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Installer" component. It does not properly restrict an app's entitlements for accessing the FileVault unlock key.
|
03-10-2019 - 00:03 | 03-04-2018 - 06:29 | |
| CVE-2017-10989 | 7.5 |
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
|
03-10-2019 - 00:03 | 07-07-2017 - 12:29 | |
| CVE-2017-0381 | 9.3 |
An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access
|
03-10-2019 - 00:03 | 12-01-2017 - 20:59 | |
| CVE-2017-7127 | 9.3 |
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. iCloud before 7.0 on Windows is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "SQLite" componen
|
08-03-2019 - 16:06 | 23-10-2017 - 01:29 | |
| CVE-2017-7080 | 5.0 |
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass
|
08-03-2019 - 16:06 | 23-10-2017 - 01:29 | |
| CVE-2017-7114 | 9.3 |
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrar
|
08-03-2019 - 16:06 | 23-10-2017 - 01:29 | |
| CVE-2017-7083 | 4.0 |
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "CFNetwork Proxies" component. It allows remote attackers t
|
08-03-2019 - 16:06 | 23-10-2017 - 01:29 | |
| CVE-2017-7130 | 7.5 |
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow
|
08-03-2019 - 16:06 | 23-10-2017 - 01:29 | |
| CVE-2017-7128 | 7.5 |
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow
|
08-03-2019 - 16:06 | 23-10-2017 - 01:29 | |
| CVE-2017-7129 | 7.5 |
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow
|
08-03-2019 - 16:06 | 23-10-2017 - 01:29 | |
| CVE-2017-13873 | 4.3 |
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive
|
08-03-2019 - 16:06 | 03-04-2018 - 06:29 | |
| CVE-2017-13854 | 9.3 |
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrar
|
08-03-2019 - 16:06 | 03-04-2018 - 06:29 | |
| CVE-2017-6462 | 4.6 |
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.
|
24-01-2019 - 11:29 | 27-03-2017 - 17:59 | |
| CVE-2017-6463 | 4.0 |
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.
|
24-01-2019 - 11:29 | 27-03-2017 - 17:59 | |
| CVE-2017-13890 | 4.3 |
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. macOS before 10.13 is affected. The issue involves the "CoreTypes" component. It allows remote attackers to trigger disk-image mounting via a crafted web site.
|
04-05-2018 - 18:27 | 03-04-2018 - 06:29 | |
| CVE-2017-13839 | 2.1 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Spotlight" component. It allows local users to see results for other users' files.
|
04-05-2018 - 15:19 | 03-04-2018 - 06:29 | |
| CVE-2017-6464 | 4.0 |
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.
|
12-04-2018 - 01:29 | 27-03-2017 - 17:59 | |
| CVE-2017-7138 | 2.1 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner.
|
26-10-2017 - 18:20 | 23-10-2017 - 01:29 | |
| CVE-2017-7141 | 5.0 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently
|
26-10-2017 - 18:19 | 23-10-2017 - 01:29 | |
| CVE-2017-7082 | 2.1 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Screen Lock" component. It allows physically proximate attackers to read Application Firewall prompts.
|
26-10-2017 - 12:54 | 23-10-2017 - 01:29 | |
| CVE-2017-7077 | 9.3 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corrupt
|
26-10-2017 - 12:50 | 23-10-2017 - 01:29 | |
| CVE-2017-7074 | 4.3 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "AppSandbox" component. It allows attackers to cause a denial of service via a crafted app.
|
26-10-2017 - 12:32 | 23-10-2017 - 01:29 | |
| CVE-2017-7121 | 7.5 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspec
|
25-10-2017 - 20:12 | 23-10-2017 - 01:29 | |
| CVE-2017-7119 | 4.3 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
|
25-10-2017 - 20:05 | 23-10-2017 - 01:29 | |
| CVE-2017-7125 | 7.5 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspec
|
25-10-2017 - 19:39 | 23-10-2017 - 01:29 | |
| CVE-2017-7126 | 7.5 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspec
|
25-10-2017 - 19:39 | 23-10-2017 - 01:29 | |
| CVE-2017-7124 | 7.5 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspec
|
25-10-2017 - 19:39 | 23-10-2017 - 01:29 | |
| CVE-2017-7123 | 7.5 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspec
|
25-10-2017 - 19:38 | 23-10-2017 - 01:29 | |
| CVE-2017-7122 | 7.5 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspec
|
25-10-2017 - 19:38 | 23-10-2017 - 01:29 | |
| CVE-2017-6451 | 4.6 |
The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, whic
|
24-10-2017 - 01:29 | 27-03-2017 - 17:59 | |
| CVE-2017-6455 | 4.4 |
NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.
|
24-10-2017 - 01:29 | 27-03-2017 - 17:59 | |
| CVE-2017-6452 | 4.6 |
Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.
|
24-10-2017 - 01:29 | 27-03-2017 - 17:59 | |
| CVE-2017-6460 | 6.5 |
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.
|
24-10-2017 - 01:29 | 27-03-2017 - 17:59 | |
| CVE-2017-6459 | 2.1 |
The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.
|
24-10-2017 - 01:29 | 27-03-2017 - 17:59 | |
| CVE-2017-1000373 | 6.4 |
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack
|
24-10-2017 - 01:29 | 19-06-2017 - 16:29 |