Vulnerabilities > Apple > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-20 CVE-2017-7012 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
An issue was discovered in certain Apple products.
network
low complexity
apple CWE-119
8.8
8.8
2017-07-20 CVE-2017-7010 Out-of-bounds Read vulnerability in Apple products
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-125
7.8
7.8
2017-07-20 CVE-2017-7009 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-119
7.8
7.8
2017-07-20 CVE-2017-7008 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-119
7.8
7.8
2017-07-20 CVE-2017-7007 Resource Exhaustion vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
network
low complexity
apple CWE-400
7.5
7.5
2017-07-13 CVE-2017-7529 Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
network
low complexity
f5 puppet apple
7.5
7.5
2017-07-13 CVE-2017-11103 Insufficient Verification of Data Authenticity vulnerability in multiple products
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification.
network
high complexity
heimdal-project freebsd samba apple debian CWE-345
8.1
8.1
2017-07-07 CVE-2017-2218 Untrusted Search Path vulnerability in Apple Quicktime
Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
apple CWE-426
7.8
7.8
2017-06-27 CVE-2017-2491 Use After Free vulnerability in Apple Iphone OS
Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file.
network
low complexity
apple CWE-416
8.8
8.8
2017-06-20 CVE-2017-7668 Out-of-bounds Read vulnerability in multiple products
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string.
network
low complexity
apache netapp redhat debian oracle apple CWE-125
7.5
7.5