CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0362 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token. | |||
| CVE-2017-0363 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites. | |||
| CVE-2017-0365 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations. | |||
| CVE-2017-0367 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. | |||
| CVE-2017-0370 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter. | |||
| CVE-2017-12176 | high | — | 8.0 | — | xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||
| CVE-2017-3136 | high | — | 8.0 | — | A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-s… | |||
| CVE-2017-17858 | high | — | 8.0 | — | Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because x… | |||
| CVE-2017-18201 | high | — | 8.0 | — | An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c. | |||
| CVE-2017-12177 | high | — | 8.0 | — | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||
| CVE-2017-14461 | high | — | 8.0 | — | A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order… | |||
| CVE-2017-15130 | high | — | 8.0 | — | A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and th… | |||
| CVE-2017-15132 | high | — | 8.0 | — | A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performa… | |||
| CVE-2017-3135 | high | — | 8.0 | — | Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to rea… | |||
| CVE-2017-0364 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link. | |||
| CVE-2017-3142 | high | — | 8.0 | — | An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a… | |||
| CVE-2017-3138 | high | — | 8.0 | — | named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regressi… | |||
| CVE-2017-12178 | high | — | 8.0 | — | xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||
| CVE-2017-12627 | high | — | 8.0 | — | In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. | |||
| CVE-2017-3145 | high | — | 8.0 | — | BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affec… | |||
| CVE-2017-0366 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration. | |||
| CVE-2017-18021 | high | — | 8.0 | — | It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI. | |||
| CVE-2017-3137 | high | — | 8.0 | — | Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion… | |||
| CVE-2017-3143 | high | — | 8.0 | — | An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BI… | |||
| CVE-2017-7526 | high | — | 8.0 | — | libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion… | |||
| CVE-2017-15429 | high | — | 8.0 | — | cross-site scripting in chromium | |||
| CVE-2017-0368 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages. | |||
| CVE-2017-18013 | high | — | 8.0 | — | In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. | |||
| CVE-2017-0369 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it. | |||
| CVE-2017-1000356 | high | — | 8.0 | 4y ago | Cross-Site Request Forgery in Jenkins | |||
| CVE-2017-1000355 | high | — | 8.0 | 4y ago | Deserialization of Untrusted Data in Jenkins | |||
| CVE-2017-1000354 | high | — | 8.0 | 4y ago | Improper Authentication in Jenkins | |||
| CVE-2017-18922 | high | — | 8.0 | 6y ago | It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket fr… | |||
| CVE-2017-18342 | high | — | 8.0 | 8y ago | In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced f… | |||
| CVE-2017-5263 | high | 8.0 | 8.0 | 9y ago | Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session token… | |||
| CVE-2017-1635 | high | 8.0 | 8.0 | 9y ago | IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute… | |||
| CVE-2017-1000405 | high | 7.0 | 8.0 | 9y ago | The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In suc… | |||
| CVE-2017-8193 | high | 8.0 | 8.0 | 9y ago | The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnera… | |||
| CVE-2017-2714 | high | 8.0 | 8.0 | 9y ago | The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitr… | |||
| CVE-2017-16674 | high | 8.0 | 8.0 | 9y ago | Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command … | |||
| CVE-2017-2915 | high | 8.0 | 8.0 | 9y ago | An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell comm… | |||
| CVE-2017-16563 | high | 8.0 | 8.0 | 9y ago | Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. | |||
| CVE-2017-1000139 | high | 8.0 | 8.0 | 9y ago | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked a… | |||
| CVE-2017-15884 | high | 7.0 | 8.0 | 9y ago | In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. | |||
| CVE-2017-5074 | high | 8.0 | 8.0 | 9y ago | multiple issues in chromium | |||
| CVE-2017-10403 | high | 8.0 | 8.0 | 9y ago | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Difficul… | |||
| CVE-2017-10612 | high | 8.0 | 8.0 | 9y ago | A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal informat… | |||
| CVE-2017-1000112 | high | 7.0 | 8.0 | 9y ago | Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two… | |||
| CVE-2017-1000086 | high | 8.0 | 8.0 | 9y ago | Missing permission checks in Jenkins Periodic Backup Plugin allow every user to change settings | |||
| CVE-2017-14925 | high | 8.0 | 8.0 | 9y ago | Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global … | |||
| CVE-2017-14924 | high | 8.0 | 8.0 | 9y ago | Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain adminis… | |||
| CVE-2017-14320 | high | 8.0 | 8.0 | 9y ago | Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files. | |||
| CVE-2017-14530 | high | 8.0 | 8.0 | 9y ago | WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences. | |||
| CVE-2017-9644 | high | 7.0 | 8.0 | 9y ago | An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu … | |||
| CVE-2017-10661 | high | 7.0 | 8.0 | 9y ago | Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descript… | |||
| CVE-2017-7533 | high | 7.0 | 8.0 | 9y ago | Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that … | |||
| CVE-2017-2283 | high | 8.0 | 8.0 | 9y ago | WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | |||
| CVE-2017-7054 | high | 8.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2017-7051 | high | 8.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2017-7050 | high | 8.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2017-2183 | high | 8.0 | 8.0 | 9y ago | HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. | |||
| CVE-2017-6662 | high | 8.0 | 8.0 | 9y ago | A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access … | |||
| CVE-2017-5657 | high | 8.0 | 8.0 | 9y ago | Apache Archiva vulnerable to Cross Site Request Forgery | |||
| CVE-2017-6979 | high | 7.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2533 | high | 7.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in… | |||
| CVE-2017-2501 | high | 7.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-9138 | high | 8.0 | 8.0 | 9y ago | There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass inten… | |||
| CVE-2017-4014 | high | 8.0 | 8.0 | 9y ago | Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP requ… | |||
| CVE-2017-0214 | high | 7.0 | 8.0 | 9y ago | Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 201… | |||
| CVE-2017-0569 | high | 7.0 | 8.0 | 9y ago | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High… | |||
| CVE-2017-2478 | high | 7.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2456 | high | 7.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-5899 | high | 7.0 | 8.0 | 9y ago | Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a … | |||
| CVE-2017-0103 | high | 7.0 | 8.0 | 9y ago | The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privi… | |||
| CVE-2017-3565 | high | 7.9 | 7.9 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privile… | |||
| CVE-2017-3559 | high | 7.9 | 7.9 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" v… | |||
| CVE-2017-3290 | high | 7.9 | 7.9 | 10y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Ea… | |||
| CVE-2017-11698 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted … | |||
| CVE-2017-11697 | high | 7.8 | 7.8 | 9y ago | The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted ce… | |||
| CVE-2017-11696 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted c… | |||
| CVE-2017-11695 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted ce… | |||
| CVE-2017-7163 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi… | |||
| CVE-2017-7162 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the … | |||
| CVE-2017-7159 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows attackers to execute arbitrary code in a privile… | |||
| CVE-2017-7155 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi… | |||
| CVE-2017-17866 | high | 7.8 | 7.8 | 9y ago | pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (b… | |||
| CVE-2017-17863 | high | 7.8 | 7.8 | 9y ago | kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer… | |||
| CVE-2017-17857 | high | 7.8 | 7.8 | 9y ago | The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other im… | |||
| CVE-2017-17856 | high | 7.8 | 7.8 | 9y ago | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-… | |||
| CVE-2017-17855 | high | 7.8 | 7.8 | 9y ago | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of po… | |||
| CVE-2017-17854 | high | 7.8 | 7.8 | 9y ago | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveragi… | |||
| CVE-2017-17853 | high | 7.8 | 7.8 | 9y ago | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH … | |||
| CVE-2017-17852 | high | 7.8 | 7.8 | 9y ago | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-… | |||
| CVE-2017-17840 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to la… | |||
| CVE-2017-17010 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified dire… | |||
| CVE-2017-16996 | high | 7.8 | 7.8 | 9y ago | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncatio… | |||
| CVE-2017-13883 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi… | |||
| CVE-2017-13879 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "IOMobileFrameBuffer" component. It allows attackers to execute arbitrary code in a privileged c… | |||
| CVE-2017-13862 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the … | |||
| CVE-2017-13858 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context vi… |