| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1151 |
CVE-2017-12108 |
190 |
|
Exec Code Overflow Mem. Corr. |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. |
|
1152 |
CVE-2017-12107 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An memory corruption vulnerability exists in the .PCX parsing functionality of Computerinsel Photoline 20.02. A specially crafted .PCX file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .PCX file to trigger this vulnerability. |
|
1153 |
CVE-2017-12105 |
190 |
|
Exec Code Overflow |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. |
|
1154 |
CVE-2017-12104 |
190 |
|
Exec Code Overflow |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. |
|
1155 |
CVE-2017-12103 |
190 |
|
Exec Code Overflow |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. |
|
1156 |
CVE-2017-12102 |
190 |
|
Exec Code Overflow |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. |
|
1157 |
CVE-2017-12101 |
190 |
|
Exec Code Overflow |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. |
|
1158 |
CVE-2017-12100 |
190 |
|
Exec Code Overflow |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. |
|
1159 |
CVE-2017-12099 |
190 |
|
Exec Code Overflow |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. |
|
1160 |
CVE-2017-12095 |
290 |
|
|
2018-04-05 |
2022-04-19 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed "de-auth" packets to trigger this vulnerability. |
|
1161 |
CVE-2017-12093 |
400 |
|
|
2018-04-05 |
2022-04-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability. |
|
1162 |
CVE-2017-12090 |
400 |
|
DoS |
2018-04-05 |
2022-04-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability. |
|
1163 |
CVE-2017-12089 |
|
|
DoS |
2018-04-05 |
2022-04-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a device fault resulting in halted operations. An attacker can send an unauthenticated packet to trigger this vulnerability. |
|
1164 |
CVE-2017-12088 |
20 |
|
DoS |
2018-04-05 |
2022-04-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one unauthenticated packet to trigger this vulnerability |
|
1165 |
CVE-2017-12087 |
119 |
|
Overflow |
2018-04-24 |
2022-04-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability. |
|
1166 |
CVE-2017-12086 |
190 |
|
Exec Code Overflow |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. |
|
1167 |
CVE-2017-12082 |
190 |
|
Exec Code Overflow |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability. |
|
1168 |
CVE-2017-12081 |
190 |
|
Exec Code Overflow |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. |
|
1169 |
CVE-2017-11075 |
416 |
|
|
2018-04-03 |
2018-05-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if cmd_pkt and reg_pkt are called from different userspace threads, a use after free condition can potentially occur in wdsp_glink_write(). |
|
1170 |
CVE-2017-11011 |
416 |
|
|
2018-04-11 |
2018-05-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 835, a Use After Free condition can occur in a communication API. |
|
1171 |
CVE-2017-10140 |
|
|
+Priv |
2018-04-16 |
2020-07-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory. |
|
1172 |
CVE-2017-9839 |
89 |
|
Sql |
2018-04-11 |
2018-05-16 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter). |
|
1173 |
CVE-2017-9838 |
79 |
|
XSS |
2018-04-11 |
2018-05-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters). |
|
1174 |
CVE-2017-9658 |
755 |
|
|
2018-04-30 |
2019-10-09 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
Certain 802.11 network management messages have been determined to invoke wireless access point blacklisting security defenses when not required, which can necessitate intervention by hospital staff to reset the device and reestablish a network connection to the Wi-Fi access point. During this state, the Philips IntelliVue MX40 Version B.06.18 can either connect to an alternative access point within signal range for association to a central monitoring station, or it can remain in local monitoring mode until the device is reset by hospital staff. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point. |
|
1175 |
CVE-2017-9657 |
755 |
|
|
2018-04-30 |
2019-10-09 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. In this state, the central monitoring station can indicate the MX40 is not connected or associated to the central monitor, and thus should be operating in local monitoring mode (local audio-on, screen-on), but the MX40 WLAN itself can instead still be operating in telemetry mode (local audio-off, screen-off). If a patient experiences an alarm event and clinical staff expects the MX40 to provide local alarming when it is not available from the local device, a delay of treatment can occur. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point. |
|
1176 |
CVE-2017-9656 |
798 |
|
+Priv |
2018-04-24 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. |
|
1177 |
CVE-2017-9654 |
522 |
|
|
2018-04-24 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. |
|
1178 |
CVE-2017-9638 |
119 |
|
DoS Exec Code Overflow |
2018-04-17 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. |
|
1179 |
CVE-2017-9636 |
119 |
|
DoS Exec Code Overflow |
2018-04-17 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. |
|
1180 |
CVE-2017-9634 |
787 |
|
DoS Exec Code |
2018-04-17 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. |
|
1181 |
CVE-2017-9284 |
200 |
|
+Info |
2018-04-26 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information. |
|
1182 |
CVE-2017-9275 |
79 |
|
XSS |
2018-04-26 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack. |
|
1183 |
CVE-2017-8315 |
611 |
|
|
2018-04-20 |
2018-05-22 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml. |
|
1184 |
CVE-2017-8275 |
190 |
|
Overflow |
2018-04-11 |
2018-05-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, SD 835, an integer overflow vulnerability exists in a video library. |
|
1185 |
CVE-2017-8274 |
|
|
|
2018-04-11 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, an access control vulnerability exists in Core. |
|
1186 |
CVE-2017-8154 |
319 |
|
|
2018-04-11 |
2019-10-03 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes. |
|
1187 |
CVE-2017-7893 |
|
|
|
2018-04-23 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master. |
|
1188 |
CVE-2017-7652 |
|
|
|
2018-04-25 |
2019-10-09 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail. |
|
1189 |
CVE-2017-7651 |
400 |
|
|
2018-04-24 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol. |
|
1190 |
CVE-2017-7534 |
79 |
|
XSS |
2018-04-11 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod. |
|
1191 |
CVE-2017-7173 |
200 |
|
Bypass +Info |
2018-04-03 |
2018-04-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. |
|
1192 |
CVE-2017-7172 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2018-04-03 |
2019-03-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "CFNetwork Session" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
|
1193 |
CVE-2017-7171 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2018-04-03 |
2019-03-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "CoreAnimation" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
|
1194 |
CVE-2017-7170 |
20 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Security" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
1195 |
CVE-2017-7167 |
119 |
|
Exec Code Overflow |
2018-04-03 |
2018-05-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. Xcode before 9.2 is affected. The issue involves the "ld64" component. A buffer overflow allows remote attackers to execute arbitrary code via crafted source code. |
|
1196 |
CVE-2017-7165 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2018-04-03 |
2019-03-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
|
1197 |
CVE-2017-7164 |
20 |
|
|
2018-04-03 |
2019-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the "App Store" component. It allows man-in-the-middle attackers to spoof password prompts. |
|
1198 |
CVE-2017-7161 |
77 |
|
Exec Code |
2018-04-03 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection. |
|
1199 |
CVE-2017-7153 |
601 |
|
|
2018-04-03 |
2019-03-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect. |
|
1200 |
CVE-2017-7075 |
200 |
|
+Info |
2018-04-03 |
2018-05-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Notes" component. It allows local users to obtain sensitive information by reading search results that contain locked-note content. |
