Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-3220

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-14 Oct, 2011 | 10:00
Updated At-06 Aug, 2024 | 23:29
Rejected At-
Credits

QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:14 Oct, 2011 | 10:00
Updated At:06 Aug, 2024 | 23:29
Rejected At:
â–¼CVE Numbering Authority (CNA)

QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://osvdb.org/76377
vdb-entry
x_refsource_OSVDB
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
vendor-advisory
x_refsource_APPLE
http://www.securityfocus.com/bid/50130
vdb-entry
x_refsource_BID
http://support.apple.com/kb/HT5016
x_refsource_CONFIRM
http://support.apple.com/kb/HT5002
x_refsource_CONFIRM
http://www.securityfocus.com/bid/50085
vdb-entry
x_refsource_BID
Hyperlink: http://osvdb.org/76377
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.securityfocus.com/bid/50130
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://support.apple.com/kb/HT5016
Resource:
x_refsource_CONFIRM
Hyperlink: http://support.apple.com/kb/HT5002
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/50085
Resource:
vdb-entry
x_refsource_BID
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://osvdb.org/76377
vdb-entry
x_refsource_OSVDB
x_transferred
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.securityfocus.com/bid/50130
vdb-entry
x_refsource_BID
x_transferred
http://support.apple.com/kb/HT5016
x_refsource_CONFIRM
x_transferred
http://support.apple.com/kb/HT5002
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/50085
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://osvdb.org/76377
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/50130
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://support.apple.com/kb/HT5016
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://support.apple.com/kb/HT5002
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/50085
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:14 Oct, 2011 | 10:55
Updated At:29 Apr, 2026 | 01:13

QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches

Apple Inc.
apple
>>mac_os_x>>Versions up to 10.7.1(inclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.0
cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.0.0
cpe:2.3:o:apple:mac_os_x:10.0.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.0.1
cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.0.2
cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.0.3
cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.0.4
cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.1
cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.1.0
cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.1.1
cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.1.2
cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.1.3
cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.1.4
cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.1.5
cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.2
cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.2.0
cpe:2.3:o:apple:mac_os_x:10.2.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.2.1
cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.2.2
cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.2.3
cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.2.4
cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.2.5
cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.2.6
cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.2.7
cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.2.8
cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3
cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.0
cpe:2.3:o:apple:mac_os_x:10.3.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.1
cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.2
cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.3
cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.4
cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.5
cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.6
cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.7
cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.8
cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.9
cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4
cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.0
cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.1
cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.2
cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.3
cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.4
cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.5
cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.6
cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.7
cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.8
cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.9
cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.10
cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.11
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5
cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.0
cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlproduct-security@apple.com
Vendor Advisory
http://osvdb.org/76377product-security@apple.com
N/A
http://support.apple.com/kb/HT5002product-security@apple.com
Vendor Advisory
http://support.apple.com/kb/HT5016product-security@apple.com
N/A
http://www.securityfocus.com/bid/50085product-security@apple.com
N/A
http://www.securityfocus.com/bid/50130product-security@apple.com
N/A
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://osvdb.org/76377af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT5002af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://support.apple.com/kb/HT5016af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/50085af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/50130af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://osvdb.org/76377
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT5002
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT5016
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/50085
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/50130
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://osvdb.org/76377
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT5002
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT5016
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/50085
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/50130
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2378Records found

CVE-2017-6987
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.01% / 58.83%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 04:54
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-3115
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-5.81% / 92.23%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability when handling links in a PDF document.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatmac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-3043
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-4.11% / 89.53%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatmac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAdobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2365
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-7.04% / 93.41%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Action-Not Available
Vendor-webkitgtkn/aApple Inc.
Product-webkitgtk\+tvosiphone_ossafarin/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2424
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.68% / 74.15%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ossafarin/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2350
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.80% / 75.83%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Action-Not Available
Vendor-webkitgtkn/aApple Inc.
Product-webkitgtk\+tvosiphone_ossafarin/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2357
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.87% / 54.46%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2507
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.93% / 56.28%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 04:54
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2480
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-4.31% / 89.97%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunesiphone_ossafariicloudn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2448
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.63% / 73.32%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2426
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-1.23% / 65.18%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "iBooks" component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2489
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-2.31% / 81.27%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-16541
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.66% / 88.28%
||
7 Day CHG~0.00%
Published-04 Nov, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.

Action-Not Available
Vendor-torprojectn/aApple Inc.Linux Kernel Organization, IncRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopmacostorenterprise_linux_eusenterprise_linux_server_auslinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-3676
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.33% / 67.62%
||
7 Day CHG~0.00%
Published-03 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13818
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.87% / 54.41%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13822
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.87% / 54.41%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13869
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-4.74% / 90.76%
||
7 Day CHG~0.00%
Published-25 Dec, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13868
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-4.71% / 90.72%
||
7 Day CHG~0.00%
Published-25 Dec, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13865
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-4.25% / 89.84%
||
7 Day CHG~0.00%
Published-25 Dec, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13840
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.87% / 54.41%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13823
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.87% / 54.41%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "QuickTime" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13873
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.92% / 55.92%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13864
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.68% / 48.02%
||
7 Day CHG~0.00%
Published-25 Dec, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswindowsicloudn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13782
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.11% / 62.03%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 00:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a /dev/dtracehelper attack involving the dtrace_dif_variable and dtrace_getarg functions.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13841
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.87% / 54.41%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13821
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.87% / 54.41%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFString" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13836
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.87% / 54.41%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13842
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.87% / 54.41%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13877
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.61% / 44.99%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to determine whether arbitrary files exist via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13852
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.83% / 53.20%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-11232
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-7.61% / 93.81%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (EMF) data related to brush manipulation. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-416
Use After Free
CVE-2017-10888
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-5.5||MEDIUM
EPSS-0.94% / 56.48%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors.

Action-Not Available
Vendor-bookwalkerBOOK WALKER Co.,Ltd.Microsoft CorporationApple Inc.
Product-windowsmacosbook_walkerBOOK WALKER for MacBOOK WALKER for Windows
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7598
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.70% / 74.47%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunesiphone_ossafariicloudn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7607
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.03% / 59.52%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows attackers to obtain sensitive information from kernel memory via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xwatchosn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7579
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.84% / 76.37%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7577
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-3.7||LOW
EPSS-1.12% / 62.23%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7623
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.04% / 78.77%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a blob URL on a web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ossafarin/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7666
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.77% / 51.01%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. Transporter before 1.9.2 is affected. The issue involves the "iTMSTransporter" component, which allows attackers to obtain sensitive information via a crafted EPUB.

Action-Not Available
Vendor-n/aApple Inc.
Product-transportern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7592
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.76% / 75.24%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunesiphone_ossafariicloudn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7599
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.71% / 74.59%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunesiphone_ossafariicloudn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7586
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.71% / 74.59%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunesiphone_ossafariicloudn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-7022
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.32% / 67.35%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4713
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.29% / 66.62%
||
7 Day CHG~0.00%
Published-25 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4665
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.98% / 57.88%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read audio-recording metadata via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_oswatchosn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4742
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.90% / 55.31%
||
7 Day CHG~0.00%
Published-25 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4739
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-3.7||LOW
EPSS-1.50% / 71.06%
||
7 Day CHG~0.00%
Published-25 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4752
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.92% / 55.84%
||
7 Day CHG~0.00%
Published-25 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4613
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.11% / 62.05%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunesapple_tvsafariicloudn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4747
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-3.7||LOW
EPSS-0.65% / 46.68%
||
7 Day CHG~0.00%
Published-18 Sep, 2016 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4758
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.71% / 74.54%
||
7 Day CHG~0.00%
Published-25 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswindowsiphone_ossafarin/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 47
  • 48
  • Next
Details not found