CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2545 – Apple macOS IOGraphic Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-2545
15 May 2017 — An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se descubrió un problema en ciertos productos de Apple. MacOS versiones anteriores a 10.12.5 está afectado. • http://www.securitytracker.com/id/1038484 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6977 – Apple macOS speechsynthesisd Unsigned Dylib Loading Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-6977
15 May 2017 — An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app. Se detectó un problema en ciertos productos de Apple. MacOS versiones anteriores a 10.12.5 está afectado. • http://www.securitytracker.com/id/1038484 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2010-1816
https://notcve.org/view.php?id=CVE-2010-1816
13 Apr 2017 — Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image. El desbordamiento de búfer en ImageIO en Apple Mac OS X 10.6 a 10.6.3 y Mac OS X Server 10.6 a 10.6.3 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio a través de una imagen manipulada. • https://support.apple.com/en-us/HT4188 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2010-1821
https://notcve.org/view.php?id=CVE-2010-1821
13 Apr 2017 — Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges. Apple Mac OS X 10.6 a 10.6.3 y Mac OS X Server 10.6 a 10.6.3 permite a los usuarios locales obtener privilegios del sistema. • https://support.apple.com/en-us/HT4188 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2413
https://notcve.org/view.php?id=CVE-2017-2413
02 Apr 2017 — An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "QuickTime" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted media file. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.4 está afectado. El problema involucra al componente "QuickTime". • http://www.securityfocus.com/bid/97140 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 1CVE-2017-2483 – Apple macOS Kernel 10.12.3 (16D32) - 'audit_pipe_open' Off-by-One Memory Corruption
https://notcve.org/view.php?id=CVE-2017-2483
02 Apr 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10.12.4 está afectado. tvOS en versiones anterior... • https://www.exploit-db.com/exploits/41797 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2485
https://notcve.org/view.php?id=CVE-2017-2485
02 Apr 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted X.509 certificate file. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones an... • http://www.securityfocus.com/bid/97132 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2381
https://notcve.org/view.php?id=CVE-2017-2381
02 Apr 2017 — An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "sudo" component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.4 está afectado. El problema involucra al componente "sudo". • http://www.securityfocus.com/bid/97140 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2410
https://notcve.org/view.php?id=CVE-2017-2410
02 Apr 2017 — An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.4 está afectado. El problema involucra al componente "Kernel". • http://www.securityfocus.com/bid/97140 • CWE-20: Improper Input Validation •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 1CVE-2017-2478 – Apple macOS/iOS Kernel 10.12.3 (16D32) - Bad Locking in necp_open Use-After-Free
https://notcve.org/view.php?id=CVE-2017-2478
02 Apr 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10.12.4 está afectado. tvOS en versiones anteriore... • https://www.exploit-db.com/exploits/41794 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •