CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 0CVE-2017-2467
https://notcve.org/view.php?id=CVE-2017-2467
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10.12.4 está afectado. tvOS en versiones anteriores a 10.2 está afectado. watchOS en versiones anteriores a 3.2 está afectado. El problema involucra al componente "ImageIO". • http://www.securityfocus.com/bid/97137 http://www.securitytracker.com/id/1038138 https://support.apple.com/HT207601 https://support.apple.com/HT207602 https://support.apple.com/HT207615 https://support.apple.com/HT207617 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 2CVE-2017-2456 – Apple macOS/IOS 10.12.2 (16C67) - 'mach_msg' Heap Overflow
https://notcve.org/view.php?id=CVE-2017-2456
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10.12.4 está afectado. tvOS en versiones anteriores a 10.2 está afectado. watchOS en versiones anteriores a 3.2 está afectado. El problema involucra al componente "Kernel". • https://www.exploit-db.com/exploits/41778 http://www.securityfocus.com/bid/97137 http://www.securitytracker.com/id/1038138 https://bugs.chromium.org/p/project-zero/issues/detail?id=1083 https://support.apple.com/HT207601 https://support.apple.com/HT207602 https://support.apple.com/HT207615 https://support.apple.com/HT207617 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2439
https://notcve.org/view.php?id=CVE-2017-2439
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10.12.4 está afectado. tvOS en versiones anteriores a 10.2 está afectado. watchOS en versiones anteriores a 3.2 está afectado. El problema involucra al componente "FontParser". • http://www.securityfocus.com/bid/97137 http://www.securitytracker.com/id/1038138 https://support.apple.com/HT207601 https://support.apple.com/HT207602 https://support.apple.com/HT207615 https://support.apple.com/HT207617 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-2415
https://notcve.org/view.php?id=CVE-2017-2415
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code by leveraging an unspecified "type confusion." Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • http://www.securityfocus.com/bid/97143 http://www.securitytracker.com/id/1038137 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207600 https://support.apple.com/HT207601 https://support.apple.com/HT207602 https://support.apple.com/HT207617 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2377
https://notcve.org/view.php?id=CVE-2017-2377
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action during a debugger-pause state. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • http://www.securityfocus.com/bid/97129 http://www.securitytracker.com/id/1038137 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207600 https://support.apple.com/HT207617 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •