Apple

macOS X

3207 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2017-3167

  • EPSS 9.44%
  • Veröffentlicht 20.06.2017 01:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

7.5

CVE-2017-7668

  • EPSS 65.46%
  • Veröffentlicht 20.06.2017 01:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacke...

8.8

CVE-2016-9840

  • EPSS 13%
  • Veröffentlicht 23.05.2017 04:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

9.8

CVE-2016-9841

  • EPSS 20.28%
  • Veröffentlicht 23.05.2017 04:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

8.8

CVE-2016-9842

  • EPSS 10.91%
  • Veröffentlicht 23.05.2017 04:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

9.8

CVE-2016-9843

  • EPSS 9.18%
  • Veröffentlicht 23.05.2017 04:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

7.8

CVE-2017-6986

  • EPSS 0.24%
  • Veröffentlicht 22.05.2017 05:29:03
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.

5.5

CVE-2017-6987

  • EPSS 0.24%
  • Veröffentlicht 22.05.2017 05:29:03
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to by...

5.9

CVE-2017-6988

  • EPSS 0.16%
  • Veröffentlicht 22.05.2017 05:29:03
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requ...

5.5

CVE-2017-6990

  • EPSS 0.23%
  • Veröffentlicht 22.05.2017 05:29:03
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "HFS" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.