| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3767 | Hig | 0.51 | 7.8 | 0.00 | Nov 13, 2017 | A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges. | ||
| CVE-2017-3166 | Hig | 0.51 | 7.8 | 0.00 | Nov 13, 2017 | In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared… | ||
| CVE-2017-10885 | Hig | 0.51 | 7.8 | 0.01 | Nov 13, 2017 | Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-10875 | Hig | 0.49 | 7.5 | 0.01 | Nov 13, 2017 | I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors. | ||
| CVE-2016-6803 | Hig | 0.51 | 7.8 | 0.02 | Nov 13, 2017 | An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer… | ||
| CVE-2017-14711 | Hig | 0.53 | 8.1 | 0.01 | Nov 13, 2017 | The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and password in cleartext from client to server during registration and authentication. | ||
| CVE-2017-11169 | Hig | 0.57 | 8.8 | 0.02 | Nov 13, 2017 | Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi. | ||
| CVE-2017-7132 | Hig | 0.51 | 7.8 | 0.02 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document. | ||
| CVE-2017-13843 | Hig | 0.51 | 7.8 | 0.01 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||
| CVE-2017-13838 | Hig | 0.51 | 7.8 | 0.01 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Sandbox" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||
| CVE-2017-13834 | Hig | 0.51 | 7.8 | 0.02 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted mach binary. | ||
| CVE-2017-13833 | Hig | 0.51 | 7.8 | 0.01 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFNetwork" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||
| CVE-2017-13831 | Hig | 0.46 | 7.1 | 0.01 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service via a crafted image. | ||
| CVE-2017-13830 | Hig | 0.51 | 7.8 | 0.01 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||
| CVE-2017-13829 | Hig | 0.51 | 7.8 | 0.01 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFNetwork" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||
| CVE-2017-13825 | Hig | 0.51 | 7.8 | 0.01 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted font file. | ||
| CVE-2017-13824 | Hig | 0.51 | 7.8 | 0.01 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Open Scripting Architecture" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted AppleScript… | ||
| CVE-2017-13820 | Hig | 0.46 | 7.1 | 0.01 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ATS" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted font. | ||
| CVE-2017-13816 | Hig | 0.51 | 7.8 | 0.02 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive… | ||
| CVE-2017-13814 | Hig | 0.51 | 7.8 | 0.01 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file. | ||
| CVE-2017-13813 | Hig | 0.51 | 7.8 | 0.02 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive… | ||
| CVE-2017-13812 | Hig | 0.51 | 7.8 | 0.02 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted archive… | ||
| CVE-2017-13811 | Hig | 0.51 | 7.8 | 0.01 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "fsck_msdos" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||
| CVE-2017-13809 | Hig | 0.51 | 7.8 | 0.01 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "AppleScript" component. It allows remote attackers to execute arbitrary code via a crafted AppleScript file that is mishandled by osadecompile. | ||
| CVE-2017-13808 | Hig | 0.51 | 7.8 | 0.01 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Remote Management" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||
| CVE-2017-13807 | Hig | 0.51 | 7.8 | 0.01 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted QuickTime file. | ||
| CVE-2017-13803 | Hig | 0.57 | 8.8 | 0.02 | Nov 13, 2017 | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It… | ||
| CVE-2017-13802 | Hig | 0.61 | 8.8 | 0.06 | Nov 13, 2017 | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It… | ||
| CVE-2017-13800 | Hig | 0.51 | 7.8 | 0.01 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||
| CVE-2017-13799 | Hig | 0.51 | 7.8 | 0.01 | Nov 13, 2017 | An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a… | ||
| CVE-2017-13798 | Hig | 0.61 | 8.8 | 0.06 | Nov 13, 2017 | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It… | ||
| CVE-2017-13797 | Hig | 0.61 | 8.8 | 0.05 | Nov 13, 2017 | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It… | ||
| CVE-2017-13796 | Hig | 0.61 | 8.8 | 0.06 | Nov 13, 2017 | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It… | ||
| CVE-2017-13795 | Hig | 0.61 | 8.8 | 0.06 | Nov 13, 2017 | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It… | ||
| CVE-2017-13794 | Hig | 0.61 | 8.8 | 0.07 | Nov 13, 2017 | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It… | ||
| CVE-2017-13793 | Hig | 0.57 | 8.8 | 0.02 | Nov 13, 2017 | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It… | ||
| CVE-2017-13792 | Hig | 0.61 | 8.8 | 0.06 | Nov 13, 2017 | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It… | ||
| CVE-2017-13791 | Hig | 0.61 | 8.8 | 0.06 | Nov 13, 2017 | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It… | ||
| CVE-2017-13788 | Hig | 0.57 | 8.8 | 0.02 | Nov 13, 2017 | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It… | ||
| CVE-2017-13785 | Hig | 0.61 | 8.8 | 0.06 | Nov 13, 2017 | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It… | ||
| CVE-2017-13784 | Hig | 0.61 | 8.8 | 0.06 | Nov 13, 2017 | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It… | ||
| CVE-2017-13783 | Hig | 0.61 | 8.8 | 0.06 | Nov 13, 2017 | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It… | ||
| CVE-2017-16797 | Hig | 0.51 | 7.8 | 0.01 | Nov 12, 2017 | In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly… | ||
| CVE-2017-16796 | Hig | 0.51 | 7.8 | 0.01 | Nov 12, 2017 | In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag… | ||
| CVE-2017-16793 | Hig | 0.51 | 7.8 | 0.01 | Nov 12, 2017 | The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file. | ||
| CVE-2017-16520 | Hig | 0.49 | 7.5 | 0.01 | Nov 11, 2017 | Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. | ||
| CVE-2017-16762 | Hig | 0.49 | 7.5 | 0.02 | Nov 10, 2017 | Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring. | ||
| CVE-2017-9758 | Hig | 0.48 | 7.4 | 0.01 | Nov 10, 2017 | Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion." | ||
| CVE-2017-16249 | Hig | 0.57 | 7.5 | 0.59 | Nov 10, 2017 | The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are… | ||
| CVE-2017-12969 | Hig | 0.61 | 8.8 | 0.10 | Nov 10, 2017 | Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. |
- risk 0.51cvss 7.8epss 0.00
A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges.
- risk 0.51cvss 7.8epss 0.00
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared…
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.49cvss 7.5epss 0.01
I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors.
- risk 0.51cvss 7.8epss 0.02
An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer…
- risk 0.53cvss 8.1epss 0.01
The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and password in cleartext from client to server during registration and authentication.
- risk 0.57cvss 8.8epss 0.02
Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi.
- risk 0.51cvss 7.8epss 0.02
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Sandbox" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- risk 0.51cvss 7.8epss 0.02
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted mach binary.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFNetwork" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- risk 0.46cvss 7.1epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service via a crafted image.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFNetwork" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted font file.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Open Scripting Architecture" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted AppleScript…
- risk 0.46cvss 7.1epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ATS" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted font.
- risk 0.51cvss 7.8epss 0.02
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive…
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file.
- risk 0.51cvss 7.8epss 0.02
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive…
- risk 0.51cvss 7.8epss 0.02
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted archive…
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "fsck_msdos" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "AppleScript" component. It allows remote attackers to execute arbitrary code via a crafted AppleScript file that is mishandled by osadecompile.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Remote Management" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted QuickTime file.
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It…
- risk 0.61cvss 8.8epss 0.06
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It…
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a…
- risk 0.61cvss 8.8epss 0.06
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It…
- risk 0.61cvss 8.8epss 0.05
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It…
- risk 0.61cvss 8.8epss 0.06
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It…
- risk 0.61cvss 8.8epss 0.06
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It…
- risk 0.61cvss 8.8epss 0.07
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It…
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It…
- risk 0.61cvss 8.8epss 0.06
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It…
- risk 0.61cvss 8.8epss 0.06
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It…
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It…
- risk 0.61cvss 8.8epss 0.06
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It…
- risk 0.61cvss 8.8epss 0.06
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It…
- risk 0.61cvss 8.8epss 0.06
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It…
- risk 0.51cvss 7.8epss 0.01
In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly…
- risk 0.51cvss 7.8epss 0.01
In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag…
- risk 0.51cvss 7.8epss 0.01
The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.
- risk 0.49cvss 7.5epss 0.01
Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.
- risk 0.49cvss 7.5epss 0.02
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.
- risk 0.48cvss 7.4epss 0.01
Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."
- risk 0.57cvss 7.5epss 0.59
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are…
- risk 0.61cvss 8.8epss 0.10
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.