CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7580
https://notcve.org/view.php?id=CVE-2016-7580
20 Feb 2017 — An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12 está afectado. El problema involucra al componente "Mail", que permite a servidores web remotos provocar una denegación de servicio a través de una URL manipulada. • http://www.securityfocus.com/bid/94434 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4617
https://notcve.org/view.php?id=CVE-2016-4617
20 Feb 2017 — An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12 está afectado. El problema involucra una fuga de sandbox relacionada con la generación de procesos launchctl en el componente "libxpc". • http://www.securityfocus.com/bid/96329 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4780
https://notcve.org/view.php?id=CVE-2016-4780
20 Feb 2017 — An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Thunderbolt" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra al componente "Thunderbolt". • https://support.apple.com/HT207275 • CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 19%CPEs: 4EXPL: 8CVE-2017-2370 – Apple macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory Corruption
https://notcve.org/view.php?id=CVE-2017-2370
24 Jan 2017 — An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. macOS en versiones anteriores a 10.12.3 e... • https://packetstorm.news/files/id/140743 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 5EXPL: 2CVE-2017-2360 – Apple macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-2360
24 Jan 2017 — An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. macOS en versiones anteriores a 10.12.3 es... • https://packetstorm.news/files/id/140744 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2358 – Apple Security Advisory 2017-01-23-2
https://notcve.org/view.php?id=CVE-2017-2358
24 Jan 2017 — An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.3 está afectado. El problema involucra al componente "Graphics Drivers". • http://www.securityfocus.com/bid/95723 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2357 – Apple Security Advisory 2017-01-23-2
https://notcve.org/view.php?id=CVE-2017-2357
24 Jan 2017 — An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.3 está afectado. El problema involucra al componente "IOAudioFamily". • http://www.securityfocus.com/bid/95723 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2017-2353 – Apple macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-2353
24 Jan 2017 — An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.3 está afectado. El problema involucra al componente "Bluetooth". • https://packetstorm.news/files/id/140742 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 6%CPEs: 1EXPL: 2CVE-2017-2361 – Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution / Arbitrary File Read
https://notcve.org/view.php?id=CVE-2017-2361
24 Jan 2017 — An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.3 está afectado. El problema involucra al componente "Help Viewer" que permite ataques de XSS a través de un sito web manipulado. macOS 10.12.3 is now available and addresses suffers from code execution and various other security vuln... • https://packetstorm.news/files/id/141283 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 46EXPL: 0CVE-2016-9843 – zlib: Big-endian out-of-bounds pointer
https://notcve.org/view.php?id=CVE-2016-9843
23 Jan 2017 — The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. La función crc32_big en crc32.c in zlib 1.2.8 podría permitir que atacantes dependientes del contexto causen impactos no especificados mediante vectores que implican cálculos CRC big-endian. It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html •