CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2CVE-2017-2474 – Apple macOS/iOS Kernel 10.12.3 (16D32) - SIOCGIFORDER Socket ioctl Off-by-One Memory Corruption
https://notcve.org/view.php?id=CVE-2017-2474
27 Mar 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. An off-by-one error allows attackers to execute arbitrary code in a privileged context via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10.12.4 está afectado. tvOS en versiones anteri... • https://packetstorm.news/files/id/141976 •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2397 – Apple Security Advisory 2017-03-27-4
https://notcve.org/view.php?id=CVE-2017-2397
27 Mar 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Accounts" component. It allows physically proximate attackers to discover an Apple ID by reading an iCloud authentication prompt on the lock screen. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. El problema involucra al componente "Accounts". • http://www.securityfocus.com/bid/97138 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-2378 – Apple Security Advisory 2017-03-27-4
https://notcve.org/view.php?id=CVE-2017-2378
27 Mar 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • http://www.securityfocus.com/bid/97129 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-2462 – Apple macOS M4A Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-2462
27 Mar 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10.1... • http://www.securityfocus.com/bid/97137 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2380 – Apple Security Advisory 2017-03-27-4
https://notcve.org/view.php?id=CVE-2017-2380
27 Mar 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the "Profiles" component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support. Se detectó un problema en ciertos productos de Apple. iOS anterior a versión 10.3 está afectado. El problema involucra la implementación de Simple Certificate Enrollment Protocol (SCEP) en el componente "Profiles". • http://www.securityfocus.com/bid/97138 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2450 – Apple Security Advisory 2017-03-27-5
https://notcve.org/view.php?id=CVE-2017-2450
27 Mar 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anterior... • http://www.securityfocus.com/bid/97137 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2423 – Apple Security Advisory 2017-03-27-4
https://notcve.org/view.php?id=CVE-2017-2423
27 Mar 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10.12.4 está afectado. El problema involucra al componen... • http://www.securityfocus.com/bid/97147 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-2435 – Apple Security Advisory 2017-03-27-5
https://notcve.org/view.php?id=CVE-2017-2435
27 Mar 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10... • http://www.securityfocus.com/bid/97137 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 36%CPEs: 3EXPL: 4CVE-2017-2446 – Apple Safari - 'DateTimeFormat.format' Type Confusion
https://notcve.org/view.php?id=CVE-2017-2446
27 Mar 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • https://packetstorm.news/files/id/141988 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2404 – Apple Security Advisory 2017-03-27-4
https://notcve.org/view.php?id=CVE-2017-2404
27 Mar 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. El problema involucra al componente "Quick Look". • http://www.securityfocus.com/bid/97138 •