Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-2404

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-02 Apr, 2017 | 01:36
Updated At-09 May, 2026 | 03:55
Rejected At-
Credits

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:02 Apr, 2017 | 01:36
Updated At:09 May, 2026 | 03:55
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/
x_refsource_MISC
http://www.securitytracker.com/id/1038139
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/97138
vdb-entry
x_refsource_BID
https://support.apple.com/HT207617
x_refsource_CONFIRM
Hyperlink: https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/
Resource:
x_refsource_MISC
Hyperlink: http://www.securitytracker.com/id/1038139
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/97138
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://support.apple.com/HT207617
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/
x_refsource_MISC
x_transferred
http://www.securitytracker.com/id/1038139
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/97138
vdb-entry
x_refsource_BID
x_transferred
https://support.apple.com/HT207617
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securitytracker.com/id/1038139
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/97138
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://support.apple.com/HT207617
Resource:
x_refsource_CONFIRM
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-601CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Type: CWE
CWE ID: CWE-601
Description: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Metrics
VersionBase scoreBase severityVector
3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:02 Apr, 2017 | 01:59
Updated At:13 May, 2026 | 00:24

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Secondary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches

Apple Inc.
apple
>>iphone_os>>Versions up to 10.2.1(inclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-601Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-601
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.securityfocus.com/bid/97138product-security@apple.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038139product-security@apple.com
N/A
https://support.apple.com/HT207617product-security@apple.com
Vendor Advisory
https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/product-security@apple.com
Press/Media Coverage
Third Party Advisory
http://www.securityfocus.com/bid/97138af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038139af854a3a-2127-422b-91ae-364da2661108
N/A
https://support.apple.com/HT207617af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/97138
Source: product-security@apple.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1038139
Source: product-security@apple.com
Resource: N/A
Hyperlink: https://support.apple.com/HT207617
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/
Source: product-security@apple.com
Resource:
Press/Media Coverage
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/97138
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1038139
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.apple.com/HT207617
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Press/Media Coverage
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

182Records found

CVE-2014-1539
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-2.15% / 79.91%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.

Action-Not Available
Vendor-n/aMozilla CorporationApple Inc.
Product-thunderbirdfirefoxmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1346
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.88% / 76.93%
||
7 Day CHG~0.00%
Published-22 May, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-13887
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.82% / 52.72%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-320
Not Available
CVE-2013-5182
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.41% / 69.45%
||
7 Day CHG~0.00%
Published-24 Oct, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2013-5178
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.04% / 59.85%
||
7 Day CHG~0.00%
Published-24 Oct, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2013-5704
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-60.20% / 99.02%
||
7 Day CHG~0.00%
Published-15 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.Oracle CorporationThe Apache Software FoundationRed Hat, Inc.
Product-enterprise_manager_ops_centerubuntu_linuxenterprise_linux_serverenterprise_linux_workstationmac_os_xenterprise_linux_server_tusenterprise_linux_desktopjboss_enterprise_web_serversolarislinuxenterprise_linux_server_ausenterprise_linux_eusenterprise_linuxmac_os_x_serverhttp_servern/a
CVE-2013-3950
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.86% / 76.73%
||
7 Day CHG~0.00%
Published-05 Jun, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3744
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.91% / 77.34%
||
7 Day CHG~0.00%
Published-20 Sep, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating address.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CVE-2012-3693
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.24% / 65.54%
||
7 Day CHG~0.00%
Published-25 Jul, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CVE-2012-3742
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.92% / 77.37%
||
7 Day CHG~0.00%
Published-20 Sep, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CVE-2012-2898
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-0.69% / 48.27%
||
7 Day CHG~0.00%
Published-05 Jan, 2014 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeipad2n/a
CVE-2012-0676
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-2.08% / 79.27%
||
7 Day CHG~0.00%
Published-11 May, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0680
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-2.03% / 78.67%
||
7 Day CHG~0.00%
Published-25 Jul, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CVE-2012-0585
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-2.50% / 82.75%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CVE-2019-8659
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.47%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in watchOS 5.3. Users removed from an iMessage conversation may still be able to alter state.

Action-Not Available
Vendor-Apple Inc.
Product-watchoswatchOS
CVE-2024-54503
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.43% / 34.51%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:59
Updated-02 Apr, 2026 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOS
CVE-2011-0214
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-0.72% / 49.44%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7cfnetworkwindows_vistawindows_xpsafarin/a
CVE-2021-30874
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.93% / 56.09%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:49
Updated-03 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A VPN configuration may be installed by an app without user permission.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadosiOS and iPadOS
CWE ID-CWE-862
Missing Authorization
CVE-2017-2498
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.75% / 50.43%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 04:54
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-30882
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.98% / 57.82%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:49
Updated-03 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved validation. This issue is fixed in watchOS 8, iOS 15 and iPadOS 15. An application with microphone permission may unexpectedly access microphone input during a FaceTime call.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadoswatchOSiOS and iPadOS
CVE-2019-15165
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.83% / 84.92%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 18:38
Updated-03 Dec, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

Action-Not Available
Vendor-n/aApple Inc.Oracle CorporationFedora Projecttcpdump & libpcapDebian GNU/LinuxCanonical Ltd.openSUSE
Product-watchosubuntu_linuxcommunications_operations_monitorleapfedoraiphone_osmac_os_xlibpcapdebian_linuxtvosipadosn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2005-3704
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.51% / 71.27%
||
7 Day CHG~0.00%
Published-01 Dec, 2005 | 02:02
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL).

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2010-1099
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.25% / 65.69%
||
7 Day CHG+0.01%
Published-24 Mar, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Apple Safari allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CVE-2022-22643
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.20% / 64.47%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 00:00
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadosmacOSiOS and iPadOS
CVE-2009-3095
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-12.56% / 95.75%
||
7 Day CHG~0.00%
Published-08 Sep, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

Action-Not Available
Vendor-n/aApple Inc.openSUSESUSEThe Apache Software FoundationDebian GNU/LinuxFedora Project
Product-debian_linuxlinux_enterprise_desktopmac_os_xopensuselinux_enterprise_serverfedorahttp_servern/a
CVE-2009-2843
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.11% / 79.54%
||
7 Day CHG~0.00%
Published-08 Dec, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2009-0961
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.38% / 92.82%
||
7 Day CHG~0.00%
Published-19 Jun, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.

Action-Not Available
Vendor-n/aApple Inc.
Product-ipod_touchiphone_osn/a
CVE-2008-4232
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.16% / 79.98%
||
7 Day CHG~0.00%
Published-25 Nov, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.

Action-Not Available
Vendor-n/aApple Inc.
Product-ipod_touchiphone_ossafarin/a
CVE-2006-4965
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-12.38% / 95.71%
||
7 Day CHG~0.00%
Published-25 Sep, 2006 | 00:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2004-1121
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.43% / 90.21%
||
7 Day CHG~0.00%
Published-14 Apr, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CVE-2007-6722
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.30% / 66.90%
||
7 Day CHG~0.00%
Published-31 Mar, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration.

Action-Not Available
Vendor-vidalia-projectn/aMicrosoft CorporationApple Inc.
Product-vidalia_bundlewindowsmac_os_xn/a
CVE-2024-27867
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.83% / 53.15%
||
7 Day CHG~0.00%
Published-26 Jun, 2024 | 03:12
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.

Action-Not Available
Vendor-Apple Inc.
Product-airpods_firmwareairpods_maxairpodsairpods_max_firmwareairpods_pro_firmwarepowerbeatsbeats_fit_proairpods_propowerbeats_firmwarebeats_fit_pro_firmwareAirPods
CWE ID-CWE-287
Improper Authentication
CVE-2007-2404
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.40% / 69.13%
||
7 Day CHG~0.00%
Published-03 Aug, 2007 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2018-4436
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.91% / 55.53%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_oswatchostvosiOS, tvOS, watchOS
CWE ID-CWE-295
Improper Certificate Validation
CVE-2004-0924
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.85% / 53.88%
||
7 Day CHG~0.00%
Published-28 Oct, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not.

Action-Not Available
Vendor-easy_software_productsn/aApple Inc.
Product-mac_os_xcupsmac_os_x_servern/a
CVE-2006-4409
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.54% / 71.83%
||
7 Day CHG+0.05%
Published-30 Nov, 2006 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2018-5110
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.47% / 70.61%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationApple Inc.
Product-firefoxmac_os_xFirefox
CWE ID-CWE-20
Improper Input Validation
CVE-2018-5121
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.47% / 70.61%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationApple Inc.
Product-firefoxmac_os_xFirefox
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4398
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.63% / 73.32%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvosmac_os_xwindowsicloudiOS, macOS, tvOS, watchOS, iTunes for Windows, iCloud for Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4274
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.83% / 52.98%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ossafariiOS, Safari
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4184
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.40% / 69.26%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Speech" component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2018-4277
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.87% / 76.76%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_oswatchostvossafarimac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2005-4678
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.03% / 59.68%
||
7 Day CHG~0.00%
Published-01 Feb, 2006 | 02:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CVE-2005-3702
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.06% / 79.03%
||
7 Day CHG~0.00%
Published-01 Dec, 2005 | 02:02
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2015-7045
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.46% / 70.38%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain Agent, which allows attackers to spoof the Keychain Server via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosmac_os_xn/a
CVE-2005-0234
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.65% / 73.66%
||
7 Day CHG~0.00%
Published-07 Feb, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CVE-2015-5912
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.66% / 73.76%
||
7 Day CHG~0.00%
Published-18 Sep, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CVE-2015-5915
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.47% / 70.64%
||
7 Day CHG~0.00%
Published-09 Oct, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2021-44740
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-3.63% / 88.14%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:05
Updated-16 Sep, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Pro DC NULL Pointer Dereference could lead to Application-denial-of-service

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-44741
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-3.63% / 88.14%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:05
Updated-16 Sep, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Pro DC NULL Pointer Dereference could lead to Application-denial-of-service

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found