CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2357
https://notcve.org/view.php?id=CVE-2017-2357
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.3 está afectado. El problema involucra al componente "IOAudioFamily". • http://www.securityfocus.com/bid/95723 http://www.securitytracker.com/id/1037671 https://support.apple.com/HT207483 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2358
https://notcve.org/view.php?id=CVE-2017-2358
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.3 está afectado. El problema involucra al componente "Graphics Drivers". • http://www.securityfocus.com/bid/95723 http://www.securitytracker.com/id/1037671 https://support.apple.com/HT207483 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 1CVE-2017-2360 – Apple macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-2360
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. macOS en versiones anteriores a 10.12.3 está afectado. tvOS en versiones anteriores a 10.1.1 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente "Kernel". • https://www.exploit-db.com/exploits/41165 http://www.securityfocus.com/bid/95729 http://www.securityfocus.com/bid/95731 http://www.securitytracker.com/id/1037668 https://support.apple.com/HT207482 https://support.apple.com/HT207483 https://support.apple.com/HT207485 https://support.apple.com/HT207487 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 3CVE-2017-2370 – Apple macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory Corruption
https://notcve.org/view.php?id=CVE-2017-2370
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. macOS en versiones anteriores a 10.12.3 está afectado. tvOS en versiones anteriores a 10.1.1 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente "Kernel". • https://www.exploit-db.com/exploits/41163 https://github.com/Peterpan0927/CVE-2017-2370 http://www.securityfocus.com/bid/95731 http://www.securitytracker.com/id/1037668 https://bugs.chromium.org/p/project-zero/issues/detail?id=1004 https://support.apple.com/HT207482 https://support.apple.com/HT207483 https://support.apple.com/HT207485 https://support.apple.com/HT207487 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 62EXPL: 0CVE-2016-9841 – zlib: Out-of-bounds pointer arithmetic in inffast.c
https://notcve.org/view.php?id=CVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. inffast.c en zlib 1.2.8 puede permitir que atacantes dependientes del contexto causen un impacto no especificado aprovechando una aritmética de puntero incorrecta.. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus •