CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 2CVE-2017-13847 – Apple macOS/iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient
https://notcve.org/view.php?id=CVE-2017-13847
08 Dec 2017 — An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11.2 y las versiones de macOS anteriores a la 10.13.2. • https://packetstorm.news/files/id/145361 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2CVE-2017-13876 – Apple XNU Kernel - Memory Corruption due to Integer Overflow in __offsetof Usage in posix_spawn on 32-bit Platforms
https://notcve.org/view.php?id=CVE-2017-13876
08 Dec 2017 — An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.2, las versiones de macOS anteriores a la 10.13.2, las ve... • https://packetstorm.news/files/id/145362 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2CVE-2017-13867 – Apple macOS/iOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling
https://notcve.org/view.php?id=CVE-2017-13867
08 Dec 2017 — An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.2, las versiones de macOS anteriores a la 10.13.2, las ve... • https://packetstorm.news/files/id/145359 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 3CVE-2017-13861 – Apple macOS/iOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules
https://notcve.org/view.php?id=CVE-2017-13861
08 Dec 2017 — An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.2, las versiones de tvOS anteriores a la 11.2 y las versiones de watchOS anteriores a la... • https://packetstorm.news/files/id/153148 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 2CVE-2017-13855 – Apple macOS - 'necp_get_socket_attributes' so_pcb Type Confusion
https://notcve.org/view.php?id=CVE-2017-13855
08 Dec 2017 — An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app that triggers type confusion. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.2, las versiones de macOS anteriores a la 10.13.2, las versiones de tvOS anteriores... • https://packetstorm.news/files/id/145363 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 3CVE-2017-13868 – Apple macOS High Sierra 10.13 - 'ctl_ctloutput-leak' Information Leak
https://notcve.org/view.php?id=CVE-2017-13868
08 Dec 2017 — An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.2, las versiones de macOS anteriores a la 10.13.2, las versiones de tvOS anteriores a la 11.2 y las versiones de... • https://www.exploit-db.com/exploits/44234 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13874 – Apple Security Advisory 2017-12-6-2
https://notcve.org/view.php?id=CVE-2017-13874
08 Dec 2017 — An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.2 se han visto afectadas. • http://www.securityfocus.com/bid/102097 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13879 – Apple Security Advisory 2017-12-6-2
https://notcve.org/view.php?id=CVE-2017-13879
08 Dec 2017 — An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "IOMobileFrameBuffer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.2 se han visto afectadas. • http://www.securityfocus.com/bid/102097 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 12%CPEs: 5EXPL: 2CVE-2017-13797 – WebKit - 'WebCore::PositionIterator::decrement' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-13797
13 Nov 2017 — An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en algunos productos Apple. • https://packetstorm.news/files/id/145086 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-13852
https://notcve.org/view.php?id=CVE-2017-13852
13 Nov 2017 — An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.1, las versiones de macOS anteriores a la 10.13.1, las versiones de tvOS anterior... • https://support.apple.com/HT208219 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •