CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6988 – Apple Security Advisory 2017-05-15-1
https://notcve.org/view.php?id=CVE-2017-6988
15 May 2017 — An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes. Se descubrió un problema en ciertos productos de Apple. MacOS anterior a versión 10.12.5 está afectado. • http://www.securitytracker.com/id/1038484 • CWE-295: Improper Certificate Validation •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6985 – Apple Security Advisory 2017-05-15-1
https://notcve.org/view.php?id=CVE-2017-6985
15 May 2017 — An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se descubrió un problema en ciertos productos de Apple. MacOS anterior a versión 10.12.5 está afectado. • http://www.securitytracker.com/id/1038484 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 19%CPEs: 1EXPL: 2CVE-2017-2527 – Apple macOS/iOS - 'CAMediaTimingFunctionBuiltin' NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking
https://notcve.org/view.php?id=CVE-2017-2527
15 May 2017 — An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "CoreAnimation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via crafted data. Se descubrió un problema en ciertos productos de Apple. MacOS anterior a versión 10.12.5 está afectado. • https://packetstorm.news/files/id/142651 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2010-1821
https://notcve.org/view.php?id=CVE-2010-1821
13 Apr 2017 — Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges. Apple Mac OS X 10.6 a 10.6.3 y Mac OS X Server 10.6 a 10.6.3 permite a los usuarios locales obtener privilegios del sistema. • https://support.apple.com/en-us/HT4188 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2010-1816
https://notcve.org/view.php?id=CVE-2010-1816
13 Apr 2017 — Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image. El desbordamiento de búfer en ImageIO en Apple Mac OS X 10.6 a 10.6.3 y Mac OS X Server 10.6 a 10.6.3 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio a través de una imagen manipulada. • https://support.apple.com/en-us/HT4188 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2CVE-2017-2490 – Apple macOS/iOS Kernel 10.12.3 (16D32) - Double-Free Due to Bad Locking in fsevents Device
https://notcve.org/view.php?id=CVE-2017-2490
02 Apr 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10.12.4 está af... • https://packetstorm.news/files/id/141983 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-2489 – Apple macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability
https://notcve.org/view.php?id=CVE-2017-2489
02 Apr 2017 — An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.4 está afectado. El problema involucra al componente "Intel Graphics Driver". • https://packetstorm.news/files/id/141960 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2477
https://notcve.org/view.php?id=CVE-2017-2477
02 Apr 2017 — An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "libxslt" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.4 está afectado. El problema involucra al componente "libxslt". • http://www.securityfocus.com/bid/97303 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2017-6458 – Apple Security Advisory 2017-10-31-8
https://notcve.org/view.php?id=CVE-2017-6458
27 Mar 2017 — Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. Múltiples desbordamientos de búfer en las funciones ctl_put * en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permiten a usuarios remotos autenticados tener un impacto no especificado a través de una variable larga. Yihan Lian discovered that NTP incorrectly handled certain large request data val... • http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2448 – Apple Security Advisory 2017-03-27-4
https://notcve.org/view.php?id=CVE-2017-2448
27 Mar 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10.12.4 está afectado. tvOS en ver... • http://www.securityfocus.com/bid/97134 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •