CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4681
https://notcve.org/view.php?id=CVE-2016-4681
20 Feb 2017 — An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Core Image" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra al componente "Core Image". • http://www.securityfocus.com/bid/94431 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-7667
https://notcve.org/view.php?id=CVE-2016-7667
20 Feb 2017 — An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service via a crafted string. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente "CoreText". • https://support.apple.com/HT207422 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2358 – Apple Security Advisory 2017-01-23-2
https://notcve.org/view.php?id=CVE-2017-2358
24 Jan 2017 — An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.3 está afectado. El problema involucra al componente "Graphics Drivers". • http://www.securityfocus.com/bid/95723 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 19%CPEs: 4EXPL: 8CVE-2017-2370 – Apple macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory Corruption
https://notcve.org/view.php?id=CVE-2017-2370
24 Jan 2017 — An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. macOS en versiones anteriores a 10.12.3 e... • https://packetstorm.news/files/id/140743 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 5EXPL: 2CVE-2017-2360 – Apple macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-2360
24 Jan 2017 — An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. macOS en versiones anteriores a 10.12.3 es... • https://packetstorm.news/files/id/140744 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 6%CPEs: 1EXPL: 2CVE-2017-2361 – Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution / Arbitrary File Read
https://notcve.org/view.php?id=CVE-2017-2361
24 Jan 2017 — An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.3 está afectado. El problema involucra al componente "Help Viewer" que permite ataques de XSS a través de un sito web manipulado. macOS 10.12.3 is now available and addresses suffers from code execution and various other security vuln... • https://packetstorm.news/files/id/141283 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2357 – Apple Security Advisory 2017-01-23-2
https://notcve.org/view.php?id=CVE-2017-2357
24 Jan 2017 — An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.3 está afectado. El problema involucra al componente "IOAudioFamily". • http://www.securityfocus.com/bid/95723 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2017-2353 – Apple macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-2353
24 Jan 2017 — An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.3 está afectado. El problema involucra al componente "Bluetooth". • https://packetstorm.news/files/id/140742 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 46EXPL: 0CVE-2016-9843 – zlib: Big-endian out-of-bounds pointer
https://notcve.org/view.php?id=CVE-2016-9843
23 Jan 2017 — The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. La función crc32_big en crc32.c in zlib 1.2.8 podría permitir que atacantes dependientes del contexto causen impactos no especificados mediante vectores que implican cálculos CRC big-endian. It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html •
CVSS: 8.8EPSS: 1%CPEs: 36EXPL: 0CVE-2016-9840 – zlib: Out-of-bounds pointer arithmetic in inftrees.c
https://notcve.org/view.php?id=CVE-2016-9840
23 Jan 2017 — inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Inftrees.c en zlib 1.2.8 podría permitir que los atacantes dependientes del contexto tener un impacto no especificado al aprovechar la aritmética de puntero incorrecta. It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. It ... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html •