CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7141
https://notcve.org/view.php?id=CVE-2017-7141
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via an HTML email message. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de macOS anteriores a la 10.13. • http://www.securityfocus.com/bid/100993 http://www.securitytracker.com/id/1039427 https://support.apple.com/HT208144 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7143
https://notcve.org/view.php?id=CVE-2017-7143
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Captive Network Assistant" component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the network during use of the captive portal browser, which has a UI error that can lead to cleartext transmission without the user's awareness. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de macOS anteriores a la 10.13. • http://www.securityfocus.com/bid/100993 http://www.securitytracker.com/id/1039427 https://support.apple.com/HT208144 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2017-7149
https://notcve.org/view.php?id=CVE-2017-7149
An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "StorageKit" component. It allows attackers to discover passwords for APFS encrypted volumes by reading Disk Utility hints, because the stored hint value was accidentally set to the password itself, not the entered hint value. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de macOS anteriores a la 10.13 Supplemental Update. • http://www.securityfocus.com/bid/101178 http://www.securitytracker.com/id/1039513 https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79 https://nakedsecurity.sophos.com/2017/10/05/urgent-update-your-mac-again-right-now https://support.apple.com/HT208165 https://www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7150
https://notcve.org/view.php?id=CVE-2017-7150
An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de macOS anteriores a la 10.13 Supplemental Update. • http://www.securityfocus.com/bid/101177 http://www.securitytracker.com/id/1039430 https://support.apple.com/HT208165 • CWE-521: Weak Password Requirements •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-7129
https://notcve.org/view.php?id=CVE-2017-7129
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11, las versiones de macOS anteriores a la 10.13, las versiones de tvOS anteriores a la 11 y las versiones de watchOS anteriores a la 4. • http://www.securityfocus.com/bid/100987 http://www.securitytracker.com/id/1039427 https://support.apple.com/HT208112 https://support.apple.com/HT208113 https://support.apple.com/HT208115 https://support.apple.com/HT208144 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •