| Max CVSS | 9.3 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-2429 | 5.0 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "FinderKit" component. It allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging unexpect
|
24-08-2020 - 17:37 | 02-04-2017 - 01:59 | |
| CVE-2017-2402 | 7.5 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multiple payloads. It allows remote attackers to bypass
|
03-10-2019 - 00:03 | 02-04-2017 - 01:59 | |
| CVE-2017-2381 | 6.5 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "sudo" component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory s
|
03-10-2019 - 00:03 | 02-04-2017 - 01:59 | |
| CVE-2017-2443 | 9.3 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory
|
16-08-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-6974 | 4.3 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk l
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2436 | 9.3 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corrupti
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2410 | 9.3 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2409 | 5.8 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Menus" component. It allows attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash)
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2438 | 9.3 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "AppleRAID" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2425 | 6.8 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "SecurityFoundation" component. A double free vulnerability allows remote attackers to execute arbitrary code via a crafted certificate.
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2431 | 6.8 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "CoreMedia" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cr
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2427 | 9.3 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption)
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2421 | 9.3 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "AppleGraphicsPowerManagement" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted ap
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2422 | 9.3 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2403 | 6.8 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL.
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2418 | 2.1 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Hypervisor" component. It allows guest OS users to obtain sensitive information from the CR8 control register via unspecified vectors.
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2408 | 9.3 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOATAFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2426 | 4.3 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "iBooks" component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file.
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2413 | 6.8 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "QuickTime" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cr
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2420 | 9.3 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption)
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2388 | 4.3 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2016-7585 | 2.1 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the "EFI" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2449 | 9.3 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2437 | 7.2 |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireAVC" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 | |
| CVE-2017-2392 | 6.8 |
An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.
|
12-07-2017 - 01:29 | 02-04-2017 - 01:59 |