CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 2CVE-2017-2533 – Apple macOS diskarbitrationd Time-Of-Check/Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-2533
15 May 2017 — An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Se descubrió un problema en ciertos productos de Apple. MacOS anterior a versión 10.12.5 está afectado. • https://packetstorm.news/files/id/142898 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6977 – Apple macOS speechsynthesisd Unsigned Dylib Loading Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-6977
15 May 2017 — An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app. Se detectó un problema en ciertos productos de Apple. MacOS versiones anteriores a 10.12.5 está afectado. • http://www.securitytracker.com/id/1038484 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2540 – Apple macOS WindowServer _XGetConnectionPSN Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-2540
15 May 2017 — An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Se descubrió un problema en ciertos productos de Apple. MacOS anterior a versión 10.12.5 está afectado. • http://www.securitytracker.com/id/1038484 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6986 – Apple Security Advisory 2017-05-15-1
https://notcve.org/view.php?id=CVE-2017-6986
15 May 2017 — An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app. Se descubrió un problema en ciertos productos de Apple. MacOS anterior a versión 10.12.5 está afectado. • http://www.securitytracker.com/id/1038484 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2497 – Apple Security Advisory 2017-05-15-2
https://notcve.org/view.php?id=CVE-2017-2497
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book. Se descubrió un problema en ciertos productos de Apple. iOS anterior a versión 10.3.2 está afectado. macOS anterior a versión 10.12.5 está afectado. El problema involucra el componente "iBooks". • http://www.securitytracker.com/id/1038484 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 2CVE-2017-2501 – Apple macOS/iOS Kernel - Use-After-Free Due to Bad Locking in Unix Domain Socket File Descriptor Externalization
https://notcve.org/view.php?id=CVE-2017-2501
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. MacOS versión anterior a 10.12.5 se ve afectado. • https://packetstorm.news/files/id/142646 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2017-2518 – Ubuntu Security Notice USN-4019-2
https://notcve.org/view.php?id=CVE-2017-2518
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. Fue encontrado un problema en algunos productos de Apple. iOS anteriores a la versión 10.3.2 se ven afectados. macOS anterior a la versi... • http://www.securityfocus.com/bid/98468 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2017-2507 – Apple Security Advisory 2017-05-15-3
https://notcve.org/view.php?id=CVE-2017-2507
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Fue encontrado un problema en algunos productos de Apple. iOS anteriores a la versión 10.3.2 se ven afectados. macOS anterior a la versión 10.12.5 se ve afectado. tvOS anterior a la versión la 10.2.1 se v... • https://packetstorm.news/files/id/142647 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2494 – MacOS Insecure Swap File
https://notcve.org/view.php?id=CVE-2017-2494
15 May 2017 — An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se descubrió un problema en ciertos productos de Apple. macOS anterior a versión 10.12.5 está afectado. El problema implica el componente "Kernel". • http://www.securitytracker.com/id/1038484 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6987 – Apple Security Advisory 2017-05-15-3
https://notcve.org/view.php?id=CVE-2017-6987
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Se ha detectado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. MacOS versión anterior a 10.12.5 se ve afectado. • http://www.securityfocus.com/bid/98468 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •