The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-2417 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the CoreGraphics component. It allows remote attackers to cause a denial of service (infinite recursion) via a crafted image. | MEDIUM | Apr 5, 2017 |
| CVE-2017-2419 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the WebKit component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2424 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the WebKit component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2425 | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the SecurityFoundation component. A double free vulnerability allows remote attackers to execute arbitrary code via a crafted certificate. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2426 | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the iBooks component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2429 | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the FinderKit component. It allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging unexpected permission changes during an iCloud Sharing Send Link action. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2430 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the Audio component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file. | MEDIUM | Apr 5, 2017 |
| CVE-2017-2431 | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the CoreMedia component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .mov file. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2432 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ImageIO component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file. | MEDIUM | Apr 5, 2017 |
| CVE-2017-2433 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2435 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the CoreText component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file. | MEDIUM | Apr 5, 2017 |
| CVE-2017-2439 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the FontParser component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file. | MEDIUM | Apr 5, 2017 |
| CVE-2017-2442 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the WebKit JavaScript Bindings component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | MEDIUM | Apr 7, 2017 |
| CVE-2017-2444 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the CoreGraphics component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 7, 2017 |
| CVE-2017-2445 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2446 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2447 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2448 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the Keychain component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2450 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the CoreText component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file. | MEDIUM | Apr 5, 2017 |
| CVE-2017-2453 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the Safari component. It allows remote attackers to spoof FaceTime prompts in the user interface via a crafted web site. | MEDIUM | Apr 7, 2017 |
| CVE-2017-2454 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2455 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2457 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2459 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2460 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2461 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the CoreText component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message. | MEDIUM | Apr 5, 2017 |
| CVE-2017-2462 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the Audio component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file. | MEDIUM | Apr 5, 2017 |
| CVE-2017-2463 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 7, 2017 |
| CVE-2017-2464 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2465 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2466 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2467 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ImageIO component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file. | MEDIUM | Apr 5, 2017 |
| CVE-2017-2468 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2469 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2470 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2471 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the WebKit component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site. | MEDIUM | Apr 7, 2017 |
| CVE-2017-2475 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2476 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2479 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | MEDIUM | Apr 7, 2017 |
| CVE-2017-2480 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2481 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2484 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Phone component. It allows attackers to trigger telephone calls to arbitrary numbers via a third-party app. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2486 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the WebKit component. It allows remote attackers to spoof the address bar via a crafted web site. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2487 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the FontParser component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file. | MEDIUM | Apr 5, 2017 |
| CVE-2017-2489 | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the Intel Graphics Driver component. It allows attackers to obtain sensitive information from kernel memory via a crafted app. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2671 | The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2675 | Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file at.obdev.littlesnitchd.plist which gets installed to /Library/LaunchDaemons. | MEDIUM | Apr 6, 2017 |
| CVE-2017-2686 | Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information. | MEDIUM | Mar 30, 2017 |
| CVE-2017-2687 | Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link. | MEDIUM | Mar 30, 2017 |
| CVE-2017-2688 | The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF. | MEDIUM | Mar 30, 2017 |
