The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpectedly disabled.
Max CVSS
6.2
EPSS Score
0.05%
Published
2024-01-23
Updated
2024-01-30
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Max CVSS
6.3
EPSS Score
0.09%
Published
2023-12-08
Updated
2024-01-05
The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-05-08
Updated
2023-07-27
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.
Max CVSS
3.3
EPSS Score
0.04%
Published
2023-02-27
Updated
2023-03-08
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An app may gain unauthorized access to Bluetooth.
Max CVSS
5.5
EPSS Score
0.05%
Published
2022-09-23
Updated
2022-09-29
An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.
Max CVSS
5.5
EPSS Score
0.04%
Published
2022-05-26
Updated
2022-06-03
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.
Max CVSS
3.3
EPSS Score
0.04%
Published
2022-03-18
Updated
2022-11-02
The issue was addressed with improved authentication. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to access photo metadata without needing permission to access photos.
Max CVSS
5.5
EPSS Score
0.06%
Published
2021-08-24
Updated
2023-01-09
A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-09-08
Updated
2021-09-15
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
Max CVSS
5.5
EPSS Score
0.06%
Published
2021-09-08
Updated
2021-09-15
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers.
Max CVSS
5.8
EPSS Score
0.22%
Published
2021-09-08
Updated
2023-01-09
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A person with physical access to a Mac may be able to bypass Login Window.
Max CVSS
4.6
EPSS Score
0.06%
Published
2021-09-08
Updated
2021-09-16
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4. A person with physical access to a Mac may be able to bypass Login Window during a software update.
Max CVSS
4.6
EPSS Score
0.05%
Published
2021-09-08
Updated
2021-09-16
A logic issue was addressed with improved validation. This issue is fixed in iOS 14.6 and iPadOS 14.6. An attacker in WiFi range may be able to force a client to use a less secure authentication mechanism.
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-09-08
Updated
2021-09-16
An issue existed with authenticating the action triggered by an NFC tag. The issue was addressed with improved action authentication. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to place phone calls to any phone number.
Max CVSS
2.4
EPSS Score
0.05%
Published
2021-09-08
Updated
2021-09-16
An inconsistency in Wi-Fi network configuration settings was addressed. This issue is fixed in iOS 13.2 and iPadOS 13.2. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.
Max CVSS
5.7
EPSS Score
0.05%
Published
2019-12-18
Updated
2019-12-26
This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID.
Max CVSS
6.8
EPSS Score
0.07%
Published
2019-12-18
Updated
2020-08-24
An authentication issue was addressed with improved state management. This issue is fixed in tvOS 13. A local user may be able to leak sensitive user information.
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-12-18
Updated
2019-12-20
An authentication issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5. A user may be unexpectedly logged in to another user’s account.
Max CVSS
8.8
EPSS Score
0.14%
Published
2019-12-18
Updated
2022-10-14
A lock handling issue was addressed with improved lock handling. This issue is fixed in macOS Mojave 10.14.4. A Mac may not lock when disconnecting from an external monitor.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-12-18
Updated
2019-12-26
In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a logic error existed in the validation of credentials. This was addressed with improved credential validation.
Max CVSS
9.8
EPSS Score
0.18%
Published
2019-01-11
Updated
2019-10-03

CVE-2017-13872

Public exploit
An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name.
Max CVSS
9.3
EPSS Score
14.89%
Published
2017-11-29
Updated
2017-12-30
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
Max CVSS
9.8
EPSS Score
1.40%
Published
2017-06-20
Updated
2021-06-06
An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall.
Max CVSS
5.3
EPSS Score
0.04%
Published
2017-02-20
Updated
2018-10-30
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.
Max CVSS
6.5
EPSS Score
0.52%
Published
2016-09-25
Updated
2017-07-30
109 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!