The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-2404 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Quick Look component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2403 | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the Printing component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2402 | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the MCX Client component when a profile has multiple payloads. It allows remote attackers to bypass intended access restrictions by leveraging Active Directory certificate trust that should not have remained. | HIGH | Apr 6, 2017 |
| CVE-2017-2401 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the Kernel component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Apr 5, 2017 |
| CVE-2017-2400 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the SafariViewController component. It allows attackers to obtain sensitive information by leveraging the SafariViewController's incorrect synchronization of Safari cache clearing. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2399 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Pasteboard component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode). | LOW | Apr 6, 2017 |
| CVE-2017-2398 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the Kernel component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Apr 7, 2017 |
| CVE-2017-2397 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Accounts component. It allows physically proximate attackers to discover an Apple ID by reading an iCloud authentication prompt on the lock screen. | LOW | Apr 7, 2017 |
| CVE-2017-2396 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2395 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 7, 2017 |
| CVE-2017-2394 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 7, 2017 |
| CVE-2017-2393 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Safari Reader component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2392 | An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the WebKit component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2391 | An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the Export component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4. | MEDIUM | Apr 7, 2017 |
| CVE-2017-2390 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the libarchive component. It allows local users to change arbitrary directory permissions via unspecified vectors. | LOW | Apr 5, 2017 |
| CVE-2017-2389 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the Safari component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2388 | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the IOFireWireFamily component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2387 | The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | LOW | Apr 10, 2017 |
| CVE-2017-2386 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | MEDIUM | Apr 7, 2017 |
| CVE-2017-2385 | An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the Safari Login AutoFill component. It allows local users to obtain access to locked keychain items via unspecified vectors. | LOW | Apr 6, 2017 |
| CVE-2017-2384 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the Safari component. It allows local users to identify the web-site visits that occurred in Private Browsing mode. | LOW | Apr 6, 2017 |
| CVE-2017-2383 | An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the APNs Server component. It allows man-in-the-middle attackers to track users via correlation with this certificate.<a href=http://cwe.mitre.org/data/definitions/835.html>CWE-319: Cleartext Transmission of Sensitive Information</a> | LOW | Apr 7, 2017 |
| CVE-2017-2382 | An issue was discovered in certain Apple products. macOS Server before 5.3 is affected. The issue involves the Wiki Server component. It allows remote attackers to enumerate user accounts via unspecified vectors. | MEDIUM | Apr 7, 2017 |
| CVE-2017-2381 | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the sudo component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2380 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the the Profiles component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2379 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the Carbon component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted .dfont file. | MEDIUM | Apr 5, 2017 |
| CVE-2017-2378 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the WebKit component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions. | MEDIUM | Apr 7, 2017 |
| CVE-2017-2377 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the WebKit Web Inspector component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action during a debugger-pause state. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2376 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the Safari component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2375 | An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history are sent to iCloud. | LOW | Dec 23, 2021 |
| CVE-2017-2374 | An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the Projects component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2373 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2372 | An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the Projects component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2371 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the WebKit component, which allows remote attackers to launch popups via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2370 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the Kernel component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app. | HIGH | Feb 22, 2017 |
| CVE-2017-2369 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2368 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the Contacts component. It allows remote attackers to cause a denial of service (application crash) via a crafted contact card. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2367 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2366 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2365 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2364 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2363 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2362 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2361 | An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the Help Viewer component, which allows XSS attacks via a crafted web site. | MEDIUM | Feb 24, 2017 |
| CVE-2017-2360 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the Kernel component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. | HIGH | Feb 22, 2017 |
| CVE-2017-2359 | An issue was discovered in certain Apple products. Safari before 10.0.3 is affected. The issue involves the Safari component, which allows remote attackers to spoof the address bar via a crafted web site. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2358 | An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the Graphics Drivers component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Feb 22, 2017 |
| CVE-2017-2357 | An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the IOAudioFamily component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | MEDIUM | Feb 22, 2017 |
| CVE-2017-2356 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Feb 21, 2017 |
| CVE-2017-2355 | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site. | MEDIUM | Feb 21, 2017 |
