Apple

macOS X

3207 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2017-3167

  • EPSS 9.44%
  • Published 20.06.2017 01:29:00
  • Last modified 20.04.2025 01:37:25

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

7.5

CVE-2017-7668

  • EPSS 65.46%
  • Published 20.06.2017 01:29:00
  • Last modified 20.04.2025 01:37:25

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacke...

8.8

CVE-2016-9840

  • EPSS 13%
  • Published 23.05.2017 04:29:01
  • Last modified 20.04.2025 01:37:25

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

9.8

CVE-2016-9841

  • EPSS 20.28%
  • Published 23.05.2017 04:29:01
  • Last modified 20.04.2025 01:37:25

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

8.8

CVE-2016-9842

  • EPSS 10.91%
  • Published 23.05.2017 04:29:01
  • Last modified 20.04.2025 01:37:25

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

9.8

CVE-2016-9843

  • EPSS 9.18%
  • Published 23.05.2017 04:29:01
  • Last modified 20.04.2025 01:37:25

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

7.8

CVE-2017-6986

  • EPSS 0.24%
  • Published 22.05.2017 05:29:03
  • Last modified 20.04.2025 01:37:25

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.

5.5

CVE-2017-6987

  • EPSS 0.24%
  • Published 22.05.2017 05:29:03
  • Last modified 20.04.2025 01:37:25

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to by...

5.9

CVE-2017-6988

  • EPSS 0.16%
  • Published 22.05.2017 05:29:03
  • Last modified 20.04.2025 01:37:25

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requ...

5.5

CVE-2017-6990

  • EPSS 0.23%
  • Published 22.05.2017 05:29:03
  • Last modified 20.04.2025 01:37:25

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "HFS" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.