CVE-2017-2472 – Apple macOS Kernel 10.12.3 (16D32) - Use-After-Free Due to Double-Release in posix_spawn
https://notcve.org/view.php?id=CVE-2017-2472
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10.12.4 está afectado. tvOS en versiones anteriores a 10.2 está afectado. watchOS en versiones anteriores a 3.2 está afectado. El problema involucra al componente "Kernel". • https://www.exploit-db.com/exploits/41791 http://www.securityfocus.com/bid/97137 http://www.securitytracker.com/id/1038138 https://support.apple.com/HT207601 https://support.apple.com/HT207602 https://support.apple.com/HT207615 https://support.apple.com/HT207617 • CWE-416: Use After Free •
CVE-2017-2473 – Apple macOS/iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking
https://notcve.org/view.php?id=CVE-2017-2473
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10.12.4 está afectado. tvOS en versiones anteriores a 10.2 está afectado. watchOS en versiones anteriores a 3.2 está afectado. El problema involucra al componente "Kernel". • https://www.exploit-db.com/exploits/41792 http://www.securityfocus.com/bid/97137 http://www.securitytracker.com/id/1038138 https://support.apple.com/HT207601 https://support.apple.com/HT207602 https://support.apple.com/HT207615 https://support.apple.com/HT207617 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-6458
https://notcve.org/view.php?id=CVE-2017-6458
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. Múltiples desbordamientos de búfer en las funciones ctl_put * en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permiten a usuarios remotos autenticados tener un impacto no especificado a través de una variable larga. • http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html http://seclists.org/fulldisclosure/2017/Nov/7 http://seclists.org/fulldisclosure/2017/Sep/62 http://support.ntp.org/bin/view/Main/NtpBug3379 http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded http://www.securityfocus.com/bid/97051 http://www.securitytracker.com/id/1038123 http://www.u • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-2415
https://notcve.org/view.php?id=CVE-2017-2415
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code by leveraging an unspecified "type confusion." Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • http://www.securityfocus.com/bid/97143 http://www.securitytracker.com/id/1038137 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207600 https://support.apple.com/HT207601 https://support.apple.com/HT207602 https://support.apple.com/HT207617 •
CVE-2016-4681
https://notcve.org/view.php?id=CVE-2016-4681
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Core Image" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra al componente "Core Image". • http://www.securityfocus.com/bid/94431 https://support.apple.com/HT207275 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •